bug? kerberos tickets with rc4-hmac: enc type [3] failed to decrypt
with error Bad encryption type
Stefan Beck
becks at itereu.de
Fri Feb 20 11:29:47 GMT 2004
Hello,
I'm trying to use samba 3.0.2 on debian sid as win2k ads member.
Using kerberos from linux works perfectly, but accessing the samba server from a
win2k domain member fails.
e.g. net view \\zzzgfs
system error 5 occured
Access denied
The samba log shows:
2004/02/20 12:18:26, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
[2004/02/20 12:18:26, 10] passdb/secrets.c:secrets_named_mutex_release(709)
secrets_named_mutex: released mutex for replay cache mutex
[2004/02/20 12:18:26, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2004/02/20 12:18:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/02/20 12:18:26, 3] smbd/error.c:error_packet(94)
error string = No such file or directory
[2004/02/20 12:18:26, 3] smbd/error.c:error_packet(118)
error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
ethereal shows that the ticket uses rc4-hmac encryption:
Security Blob: 6082049D06062B0601050502A0820491...
GSS-API
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
SPNEGO
negTokenInit
mechType
OID: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft
Kerberos 5)
OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
OID: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft
NTLM Security Support Provider)
mechToken
krb5_blob: 6082045B06092A864886F71201020201...
OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
krb5_tok_id: KRB5_AP_REQ (0x0001)
Kerberos
Version: 5
MSG Type: AP-REQ
APOptions: 0020000000
Ticket
Version: 5
Realm: ITEREU.DE
Service Name: ZZZGFS$
Type: Principal
Name: ZZZGFS$
Encrypted Data: Ticket data
Type: rc4-hmac
CipherText:
6A3DF49E4BE43634F3410F5D180092D9...
Encrypted Data: Authenticator
Type: rc4-hmac
CipherText:
71766B81B2BEF3681D19749C747AFFAD...
Native OS: Windows 2000 2195
Native LAN Manager: Windows 2000 5.0
any hints from anybody
More information about the samba-technical
mailing list