Kerberos error on 3.3.4 with CTDB

Mark Pröhl mark at mproehl.net
Thu Feb 4 09:57:19 MST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

just a guess: does the samba server change its machine password every
thursday?

- - Mark

John H Terpstra wrote:
> Following up on my own message here:
> 
> The application that generates the error below runs 24x7.  The error
> crashes the Windows XP IIS application.  This has apparently been
> happening since 3.3.4 was installed.
> 
> Note: The problem self-resolves after 45 min.  Any connection within the
> 45 minute timeslot fails identically.  After 45 min everything is happy
> for another week.  Alternately, restarting IIS solves the problem also.
>  Wierd!
> 
> Event logging on the Windows XP Pro client shows the following:
> 
> 
>  Client Time:
>  Server Time: 16:7:10.0000 2/4/2010 Z
>  Error Code: 0xd KDC_ERR_BADOPTION
>  Extended Error: 0xc00000bb KLIN(0)
>  Client Realm:
>  Client Name:
>  Server Realm: HOSTREL.LCL
>  Server Name: host/res-iis-02.hostrel.lcl
>  Target Name: host/res-iis-02.hostrel.lcl at HOSTREL.LCL
>  Error Text:
>  File: 9
> 
> 
> Hoping this will help to clarify best steps to resolve this problem.
> Does anyone have a pointer to help identify the cause.  Should we pursue
> updating first?
> 
> I have asked for a Wireshark trace, but that will have to wait until
> next weeks window of misfortune.
> 
> - John T.
> 
> On 02/04/2010 10:19 AM, John H Terpstra wrote:
>> Guys,
>>
>> An IIS server that is accessing Samba CTDB is generating the following
>> error.  It happens at the same time every week (approx 11:08-11:15am
>> every Thursday) it only happens within this specific time window - wierd!
>>
>> Any ideas or suggestions?  Have already recommended updating to the
>> latest 3.3.10.
>>
>> Here is the log snippet.
>>
>> Cheers,
>> John T.
>>
>> [2010/02/04 11:13:55,  3]
>> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1175)
>>   Doing spnego session setup
>> [2010/02/04 11:13:55,  3]
>> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1210)
>>   NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
>> PrimaryDomain=[Windows Server 2003 R2 5.2
>> ]
>> [2010/02/04 11:13:55,  3] smbd/sesssetup.c:reply_spnego_negotiate(802)
>>   reply_spnego_negotiate: Got secblob of size 1204
>> [2010/02/04 11:13:55,  3]
>> libads/kerberos_verify.c:ads_secrets_verify_ticket(296)
>>   ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
>> Decrypt integrity check failed
>> [2010/02/04 11:13:55,  3] libads/kerberos_verify.c:ads_verify_ticket(471)
>>   ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
>> [2010/02/04 11:13:55,  1] smbd/sesssetup.c:reply_spnego_kerberos(350)
>>   Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
>> [2010/02/04 11:13:55,  3] smbd/error.c:error_packet_set(61)
>>   error packet at smbd/sesssetup.c(352) cmd=115 (SMBsesssetupX)
>> NT_STATUS_LOGON_FAILURE
>> [2010/02/04 11:13:55,  3] smbd/process.c:smbd_process(1930)
>>   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
>> [2010/02/04 11:13:55,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2010/02/04 11:13:55,  3] smbd/connection.c:yield_connection(31)
>>   Yielding connection to
>> [2010/02/04 11:13:55,  3] smbd/server.c:exit_server_common(971)
>>   Server exit (normal exit)
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktq/G8ACgkQNP9kGj7lDw7gGQCfY+goVMAosdj4MihjbZq4PA+g
cIgAoKmr4KYsYJFStlqu7J6M/HpG9sCV
=uLxf
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list