Holger Richter
2006-May-03 14:51 UTC
[Samba] Kerberos pre-authentication failure with samba 3.0.22
Hello, I have a problem with the kerberos pre-authentication of samba against a W2k Active Directory. It seems to work, but in the Windows event log I can see many pre-authentication errors (error 0x19) of the samba server. The server itself is a member of the Windows domain. This is a part of smb.conf [global] unix charset = ISO-8859-1 display charset = ISO-8859-1 workgroup = WKG realm = WKG.COM server string = SRV8XXX security = ADS auth methods = winbind client schannel = Yes server schannel = Yes password server = * ... and krb5.conf: [libdefaults] renew_lifetime = 1w ticket_lifetime = 1560 default_tgs_enctypes = arcfour-hmac-md5 default_tkt_enctypes = arcfour-hmac-md5 permitted_enctypes = arcfour-hmac-md5 kdc_req_checksum_type = -138 ap_req_checksum_type = -138 safe_checksum_type = -138 dns_lookup_kdc = true dns_lookup_realm = true kdc_timesync = true proxiable = false forwardable = true [logging] default = FILE:/var/log/kdc.log [login] krb4_get_tickets = false krb4_convert = false Kerberos gets the information about realm and kdc server from DNS. If I define realm and kdc server directly in krb5.conf I get the same error. How can I tell MIT Kerberos to send the correct pre-authentication? Holger