[Samba] Kerberos Error

Norman Zhang Mon, 06 Dec 2004 18:53:11 -0800

Hi,

I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here.

http://lists.samba.org/archive/samba/2004-July/090210.html

My relevant config info could be found below. May I ask how could I solve this in LM10.0? What packages do I need to update? The problem does not arise with NT. It happens to only W2K, XP, 2003.

Regards,
Norman Zhang

/var/log/samba/log.2d-052

[2004/12/06 15:19:50, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!

# rpm -qa 'samba*'
samba-common-3.0.6-4.3.100mdk
samba-client-3.0.6-4.3.100mdk
samba-doc-3.0.6-4.3.100mdk
samba-winbind-3.0.6-4.3.100mdk
samba-swat-3.0.6-4.3.100mdk
samba-server-3.0.6-4.3.100mdk

# rpm -qa '*krb5*'
libkrb51-1.3-6.3.100mdk
ftp-client-krb5-1.3-6.3.100mdk

/etc/samba/smb.conf
[global]
        workgroup = ARKONDOMAIN
        realm = HQ.ARKONNETWORKS.COM
        server string = Samba Server %v
        security = ADS
        obey pam restrictions = Yes
        password server = 192.168.22.22
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 18
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        ldap ssl = no
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        template homedir = /hsd1/transfer/%u
        template shell = /bin/bash
        winbind separator = /
        winbind use default domain = Yes

[transfer]
        comment = Temporary Storage
        path = /hsd1/transfer
        read only = No
        create mask = 0777
        directory mask = 0777

/etc/krb5.conf
[logging]
 default = FILE:/var/log/kerberos/krb5libs.log
 kdc = FILE:/var/log/kerberos/krb5kdc.log
 admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = HQ.ARKONNETWORKS.COM
 default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
 permitted_enctypes = des3-hmac-sha1 des-cbc-crc
 dns_lookup_realm = false
 dns_lookup_kdc = false
 kdc_req_checksum_type = 2
 checksum_type = 2
 ccache_type = 1
 forwardable = true
 proxiable = true

[realms]
  HQ.ARKONNETWORKS.COM = {
  kdc = dc2.hq.arkonnetworks.com:88
  admin_server = dc2.hq.arkonnetworks.com:749
  default_domain = hq.arkonnetworks.com
 }

[domain_realm]
 .hq.arkonnetworks.com = HQ.ARKONNETWORKS.COM

[kdc]
 profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false

[login]
 krb4_convert = false
 krb4_get_tickets = false

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Kerberos Error

Reply via email to