RE: [Samba] member server and kerberos

Wed, 20 Oct 2004 02:56:01 -0700 

hello

i have finally set up the following configuration:
debian testing / samba-3.07 member of a w2k Active Directory, security
=ads

now i am able to:
- list users and group with wbinfo -u | -g

- authenticate domain users via pam_winbind

- list and connect to share on AD server with kerberos ( smbclient -k )

- list and connect to share on SAMBA server _from_samba_server_  (
smbclient -k //SAMBA_SERVER/

_BUT_  trying to connect to samba share from AD server (net use *
\\SAMBA_SERVER\share ) prompt me for a password and log gives me the
famous "failed to verify incoming ticket" : 

[2004/10/20 09:24:42, 3] smbd/server.c:exit_server(614)
  Server exit (process_smb: send_smb failed.)
[2004/10/20 09:24:42, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_verify_ticket(307)
  ads_verify_ticket: krb5_rd_req with auth failed (Success)
[2004/10/20 09:24:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/10/20 09:24:42, 3] smbd/error.c:error_packet(129)
  error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

i have try to play with enc-type in krb5.conf to no avail.

here is my krb5.conf:
[libdefaults]
   default_realm = OPENDOOR.NET
[realms]
OPENDOOR.NET = {
   kdc = nicotine.opendoor.net:88
}

output of klist -5e :

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal
10/20/04 11:40:14  10/20/04 21:40:14  krbtgt/[EMAIL PROTECTED]
        Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:33  10/20/04 21:40:14  [EMAIL PROTECTED]         (
samba server )
        Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:49  10/20/04 21:40:14  [EMAIL PROTECTED]
        ( AD server )
        Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5

installed package:
debian testing
samba           3.0.7-1
samba-common    3.0.7-1
libkrb53        1.3.4-4
krb5-user       1.3.4-4

any idea ?


-- 
-- Thomas Constans --

http://www.opendoor.fr
[EMAIL PROTECTED]
04 78 68 17 34

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to