Jeremy Allison wrote:
On Mon, Sep 18, 2006 at 03:59:28PM -0500, Dale Schroeder wrote:
Since I haven't gotten any responses from the segfault log I posted
earlier, I will try another approach. Below is what happens when a
client tries to connect. Again, this all started after I changed a
username mapping entry from root = DOMAIN\Administrator to root =
@"DOMAIN\Domain Admins". This is in a security = ADS setup. wbinfo -u
and -g return the correct information.
Dale
[2006/09/18 15:42:38, 10] passdb/secrets.c:secrets_named_mutex(778)
secrets_named_mutex: got mutex for replay cache mutex
[2006/09/18 15:42:38, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad
encryption type
[2006/09/18 15:42:38, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad
encryption type
Did you restrict any enc types in your krb5.conf ?
Jeremy.
I knew that I did not make any restrictions, so I checked the conf file
and all references to enctype are commented out and left as default.
I must point out that I made the same mapping change on a test machine,
and all went well. Unfortunately, this is the real thing, and users are
clamoring for files and printers.
From the client's perspective, sometimes a login box appears, other
times it says the network no longer exists. Also rejoining the domain
with "net ads join" acts as if the system is totally new to the domain.
I no longer get wording that indicates the system was already a domain
member. Perhaps this is an intentional change?
Thanks for replying.
Dale
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
