[Samba] Kerberos: Failed to decrypt PA-DATA
Adriana Moga
adriana.gologaneanu at gmail.com
Thu Mar 19 02:27:07 MDT 2015
Hi,
Some users can't logon to their workstation if the session is negotiating
with samba domain controller, the password is requested again and again.
Samba is joined as a Domain Controller in a windows domain controllers. The
users' s computers are joined also to the domain. But for some users the
kerberos ticket is failing.
Samba version 4.1.15 - Debian 7.8
Samba debug logs, level 3:
Kerberos: Failed to decrypt PA-DATA -- com130100003$@MYDOMAIN (enctype
aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum
type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
Kerberos: AS-REQ com130100003$@MYDOMAIN from ipv4:X.X..2.12:61019 for
krbtgt/MYDOMAIN at MYDOMAIN
[2015/03/19 09:53:29.357160, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2015/03/19 09:53:29.357211, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- com130100003$@MYDOMAIN
[2015/03/19 09:53:29.357232, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- com130100003$@MYDOMAIN
[2015/03/19 09:53:29.357301, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed to decrypt PA-DATA -- com130100003$@MYDOMAIN (enctype
aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum
type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
................
Kerberos: Client sent patypes: encrypted-timestamp, 128
................
Kerberos: No preauth found, returning PREAUTH-REQUIRED --
com130100003$@MYDOMAIN
Thanks,
More information about the samba
mailing list