I have found that putting the port numbers after the server names seems to make
things work better.
Example:
[realms]
TESTLAB.LOCAL = {
kdc = ADS.TESTLAB.LOCAL:88
admin_server = ADS.TESTLAB.LOCAL:749
default_domain = TESTLAB.LOCAL
}
[domain_realms]
.testlab.local = TESTLAB.LOCAL
testlab.local = TESTLAB.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Good Luck,
Steve Aden
Privileged/Confidential Information may be contained in this message. If you are
not the addressee indicated in this message (or responsible for delivery of the
message to such person), you may not copy or deliver this message to anyone. In
such case, you should destroy this message and kindly notify the sender by reply
email. Opinions, conclusions and other information contained in this message
that do not relate to official business shall be understood as neither given nor
endorsed by ITS
-----Original Message-----
From: Yohann Ferreira [mailto:bertram25@hotmail.com]
Sent: Wednesday, May 12, 2004 10:17 AM
To: samba@lists.samba.org
Subject: [Samba] Failed to verify ticket ?
Hi !
My problem is that :
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:59, 0] lib/util_sock.c:read_socket_data(342)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/05/12 16:07:59, 1] smbd/service.c:close_cnum(887)
saisie-srag (10.143.31.100) closed connection to service tmp
A w2k client can't log on my samba server.
Here's my krb5.conf :
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DRAF.FC
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = des-cbc-crc des-cbc-md5
#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
DRAF.FC = {
kdc = draffc3.draf.fc
default_domain = DRAFFCOMTE
}
[domain_realm]
.draf.fc = DRAF.FC
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
afs_cells = draffc3.draf.fc
hosts = draffc3.draf.fc
max_timeout = 30
timeout_shift = 2
initial_timeout = 1
}
[login]
krb4_convert = false
krb4_get_tickets = false
Any idea about my misconfiguration in Kerberos, everyone ?
Please, just answer me for that and I'll let you breath !
Thanks for reading
Bertram
_________________________________________________________________
Trouvez l'?me soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
_____________________________________________________
This message was content-scanned by IXC Shield
Powered by GatewayDefender - BG0a047a5d.00000001.mml