[Samba] Going insane - ads_secrets_verify_ticket

2005-11-03 Thread Toll, Eric 
I have been fighting with this FreeBSD port for two days
off/on
 
Can anyone please suggest something?  Even if it's paid
support to fix this?
 
Thanks!
Eric
 
 
 
[2005/11/03 17:03:17, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619)
  NativeOS=[Windows 2002 Service Pack 2 2600]
NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2005/11/03 17:03:17, 3]
smbd/sesssetup.c:reply_spnego_negotiate(480)
  Got OID 1 2 840 48018 1 2 2
[2005/11/03 17:03:17, 3]
smbd/sesssetup.c:reply_spnego_negotiate(480)
  Got OID 1 2 840 113554 1 2 2
[2005/11/03 17:03:17, 3]
smbd/sesssetup.c:reply_spnego_negotiate(480)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2005/11/03 17:03:17, 3]
smbd/sesssetup.c:reply_spnego_negotiate(483)
  Got secblob of size 1340
[2005/11/03 17:03:17, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [16] failed to decrypt
with error Message size is incompatible with encryption type
[2005/11/03 17:03:17, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [5] failed to decrypt
with error Message size is incompatible with encryption type
[2005/11/03 17:03:17, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt
with error Decrypt integrity check failed
[2005/11/03 17:03:17, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [3] failed to decrypt
with error Message size is incompatible with encryption type
[2005/11/03 17:03:17, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [2] failed to decrypt
with error Message size is incompatible with encryption type
[2005/11/03 17:03:17, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [1] failed to decrypt
with error Message size is incompatible with encryption type
[2005/11/03 17:03:17, 3]
libads/kerberos_verify.c:ads_verify_ticket(347)
  ads_verify_ticket: krb5_rd_req with auth failed (Unknown
error: 0)
[2005/11/03 17:03:17, 1]
smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/11/03 17:03:17, 3] smbd/error.c:error_packet(147)
  error packet at smbd/sesssetup.c(174) cmd=115
(SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2005/11/03 17:03:17, 3] smbd/process.c:process_smb(1114)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Message size is incompatible with encryption type

2005-10-28 Thread Toll, Eric 
Hello all, I have a nice dual Opteron server with a lot of
disk space I'd like to let Windows ADS groups use. I am
running FreeBSD (AMD64) 5.4-RELEASE-p1 with samba-3.0.20,1 

I joined the ADS domain. Smbclient works perfectly.
Server shows up in My Network Places When I click on it, I
get a login box and no credentials will authenticate me.

Read some of the samba docs, and found it amusing that many
times the scenario of departments/personnel/politics etc
were explained before a config was given. (See my first
sentence!)

The only other piece to the puzzle is how do I grant rights
to the UNIX/Samba shares??  E.g.  Want the ADS group
Archives to have read only access to the Archives, but ADS
Domain admins can have read/write to samba share Archives.


I looked around on the net and I'm not sure what is wrong.
Thanks much list!

Eric



Smb.conf:
[global]
workgroup = WORKGROUP
realm = DOMAIN.COM
server string = 64bit FreeBSD Samba Box
security = ADS
auth methods = winbind
password server = 192.168.x.x
passdb backend = tdbsam
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 192.168.X.X
ldap ssl = no
idmap uid = 1-2
idmap gid = 2-3
winbind use default domain = Yes
winbind trusted domains only = Yes
invalid users = root
acl group control = Yes
inherit permissions = Yes
inherit acls = Yes
hosts allow = 192.168.X., 127.
hosts deny = ALL

[Archives]
comment = Archives
path = /usr/Archives
read only = Yes
guest ok = Yes




/var/log/samba/workstation-Log (all happened in less than a
second)

2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1380)
  open_oplock_ipc: opening loopback UDP socket.
[2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1380)
  open_oplock_ipc: opening loopback UDP socket.
[2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1411)
  open_oplock ipc: pid = 98079, global_oplock_port = 57632
[2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1411)
  open_oplock ipc: pid = 98080, global_oplock_port = 58261
[2005/10/28 15:20:06, 3] lib/access.c:check_access(313)
  check_access: no hostnames in host allow/deny list.
[2005/10/28 15:20:06, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.X.X)
[2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114)
  Transaction 0 of length 72
[2005/10/28 15:20:06, 3] lib/access.c:check_access(313)
  check_access: no hostnames in host allow/deny list.
[2005/10/28 15:20:06, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.X.X)
[2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114)
  Transaction 0 of length 137
[2005/10/28 15:20:06, 2] smbd/reply.c:reply_special(448)
  netbios connect: name1=RODAN
name2=ERIC-AMD-4200X2
[2005/10/28 15:20:06, 2] smbd/reply.c:reply_special(455)
  netbios connect: local=rodan remote=eric-amd-4200x2, name
type = 0
[2005/10/28 15:20:06, 3] smbd/process.c:switch_message(900)
  switch message SMBnegprot (pid 98080) conn 0x0
[2005/10/28 15:20:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
  Requested protocol [LANMAN1.0]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
  Requested protocol [Windows for Workgroups 3.1a]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
  Requested protocol [LM1.2X002]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
  Requested protocol [LANMAN2.1]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
  Requested protocol [NT LM 0.12]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_nt1(337)
  using SPNEGO
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(559)
  Selected protocol NT LM 0.12
[2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114)
  Transaction 1 of length 1572
[2005/10/28 15:20:06, 3] smbd/process.c:switch_message(900)
  switch message SMBsesssetupX (pid 98080) conn 0x0
[2005/10/28 15:20:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_sesssetup_and_X(751)
  wct=12 flg2=0xc807
[2005/10/28 15:20:06, 2]
smbd/sesssetup.c:setup_new_vc_session(704)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we
would close all old resources.
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(588)
  Doing spnego session setup
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619)
  NativeOS=[Windows 2002 Service Pack 2 2600]
NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2005/10/28 15:20:06, 3]