Hello Andrew,
Thanks for your reply. We did try with following settings: smb.conf null passwords = Yes minimum password lenght set to 0 We set the password over a Windows 7 client. Thanks a lot Oliver >> Kerberos: Looking for ENC-TS pa-data -- media1@BC >> [2013/08/07 13:31:46, 3] >> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) >> Kerberos: Failed to decrypt PA-DATA -- media1@BC (enctype >> aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum >> type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 >> [2013/08/07 13:31:46, 3] >> ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) >> Kerberos: Failed to decrypt PA-DATA -- media1@BC >This means the KDC had a different hash to the one the user encrypted the time >with. >Aside from the flag 'ACB_NOPWREQ' (which does *not* mean no password >required, it actually means no password requirements, ie no minimum >length), the KDC doesn't know the length (even zero length) of the >password, it just performs calculations based on the stored hash. >How did you set the 'empty' password in Samba? >Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/<http://samba.org/%7Eabartlet/> Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba