On 19/01/12 19:11, steve wrote:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
I'm working as client and host on the same box here. Could this be the
cause of the
Decrypt integrity check failed
??
Cheers
Steve
Just to confirm:
samba-tool spn delete host
samba-tool spn add ldap/hh3.site host-account
samba-tool domain exportkeytab /etc/ldap.keytab --principal=ldap/hh3.site
kinit host-account
chmod 0644 /tmp/krb500_0
rcnslcd restart
samba gives:
ldb_wrap open of secrets.ldb
Kerberos: TGS-REQ host-acco...@hh3.site from ipv4:192.168.1.3:37883 for
ldap/hh3.s...@hh3.site [canonicalize, renewable]
Kerberos: TGS-REQ authtime: 2012-01-19T19:49:59 starttime:
2012-01-19T19:51:33 endtime: 2012-01-20T05:49:59 renew till:
2012-01-20T19:49:55
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed
Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
The key in the keytab is not the same as the key in the KDC
Why???
If we can answer that, we're there.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba