Ok I spoke too soon, I am also having this problem, [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 3] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] passdb/secrets.c:secrets_named_mutex_release(709) secrets_named_mutex: released mutex for replay cache mutex [2003/09/29 11:43:28, 3] libads/kerberos_verify.c:ads_verify_ticket(317) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2003/09/29 11:43:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket!
Argh, ads is not working correctly with windows 2k3. Anyone get this working with a 2k3 domain? What is your krb5.conf file look like? Are you in native server 2k3 mode for the domain? On Mon, Sep 29, 2003 at 09:48:46AM -0400, Derek T. Yarnell wrote: > Can you kinit correctly? > > kinit [EMAIL PROTECTED] > > If that gives you an error 52 then what I have found that if you are in > Native W2k3 mode for the domain then you will have to upgrade kerberos > to version 1.3.x to get it to work correctly (and link with the 1.3.x > libs) > > Just something to try. > > On Sat, Sep 27, 2003 at 04:29:41PM -0500, [EMAIL PROTECTED] wrote: > > My samba server is a member of my w2k3 mixed mode domain via 'net ads join' > > > > all users and groups can be seen with wbinfo + getent > > > > net ads commands show proper information > > > > I can connect to my local machine using winbind via /etc/pam.d/login > > > > but when my windows clients try to connect to any share, I receive: > > > > ads_verify_ticket: krb5_rd_req with auth failed (bad encryption) > > > > The machine account looks fine from both sides. > > > > I have signing turned off on the w2k3 server, and I have allowed anonymous > > queries. > > > > I've run out of clues on this one. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > --- > Derek T. Yarnell > University of Maryland > Computer Science Department Unix Staff > [EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba