what's in your krb.conf?
AFAIR it should be realy minimalistic. (in fact mine doesn't even exist,
but i'm using a win2k server, not win2k3)
espacialy there shouldn't be settings for default encryption types.
Some persons reported these to produce problems.
And you definitly need a kerberos-version >=1.3.3 if you use MIT-kerberos to get it working.
Hope it helps.
Christoph
Raphael RIGNIER schrieb:
Hello list.
I've got a problem using samba-3.0.4 (RedHat AS 3.0) the server is member of a Win2003 Active directory domain All stuff about krb5 seems to work correctly
kinit [EMAIL PROTECTED] klist etc...
net ads join -U administrator has worked well too
But when any Windows client member of the domain try to connect to the server it asks me for a user/pass.
here is the log.
[2004/08/10 18:56:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc807
[2004/08/10 18:56:42, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/08/10 18:56:42, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2004/08/10 18:56:42, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 2 840 48018 1 2 2
[2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 2 840 113554 1 2 2
[2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 1191
[2004/08/10 18:56:42, 3] libads/kerberos_verify.c:ads_verify_ticket(185)
ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt
integrity check failed
[2004/08/10 18:56:43, 3] libads/kerberos_verify.c:ads_verify_ticket(193)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2004/08/10 18:56:43, 1] smbd/sesssetup.c:reply_spnego_kerberos(174)
Failed to verify incoming ticket!
[2004/08/10 18:56:43, 3] smbd/error.c:error_packet(94)
error string = Aucun fichier ou répertoire de ce type
[2004/08/10 18:56:43, 3] smbd/error.c:error_packet(118)
error packet at smbd/sesssetup.c(175) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2004/08/10 18:56:43, 3] smbd/process.c:timeout_processing(1131)
timeout_processing: End of file from client (client has disconnected).
[2004/08/10 18:56:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/08/10 18:56:43, 2] smbd/server.c:exit_server(572)
Closing connections
[2004/08/10 18:56:43, 3] smbd/connection.c:yield_connection(69)
Yielding connection to [2004/08/10 18:56:44, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does
not exist.
[2004/08/10 18:56:44, 3] smbd/server.c:exit_server(615)
Server exit (normal exit)
I'm not sure it's due to Win2k3 server because enc type [3] is des-cbc-md5.
I definitiveley Don't know what's wrong!
I have even tried to compile samba-3.0.5 and link with kerberos-1.3.4 without success.
Any help would be appretciated.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
