Hi! I have samba4 domain controller + samba 3.4 member server. On XP login to domain and connection to member server works ok. Vista can login to domain but can't get connected to member server. Member servers log.smbd is following error with Vista client: ------------------- [2009/09/02 14:12:02, 3] smbd/process.c:1259(switch_message) switch message SMBsesssetupX (pid 30541) conn 0x0 [2009/09/02 14:12:02, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1406(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/09/02 14:12:02, 2] smbd/sesssetup.c:1361(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/09/02 14:12:02, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/09/02 14:12:02, 3] smbd/sesssetup.c:776(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1301 [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Message size is incompatible with encryption type [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:377(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Message size is incompatible with encryption type [2009/09/02 14:12:02, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Message size is incompatible with encryption type) [2009/09/02 14:12:02, 1] smbd/sesssetup.c:333(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/09/02 14:12:02, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(335) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE ------------------------ Any clues are very welcome regards Hannu
Hannu Tikka
2009-Sep-03 07:49 UTC
[Samba] Vista + samba 3.4 member server problem (solved)
I noticed that vista uses AES encryption by default(which XP don't use). Found an article: http://pronichkin.com/blog/Lists/Posts/Post.aspx?ID=15 and changed the Vista encrytpion method. Vista can now connect to the member server. I tried both mit (1.41) and heimdal (1.21) kerberos and I tought they can do AES but somehow it didn't work. Operating system is 64 bit opensuse 10.1> Hi! > > I have samba4 domain controller + samba 3.4 member server. > On XP login to domain and connection to member server works ok. > Vista can login to domain but can't get connected to member server. >regards Hannu
Possibly Parallel Threads
- Going insane - ads_secrets_verify_ticket
- s3 connect to s4 ads woes, need guidance..
- Performance Problem / failed to verify PAC server signature
- One of our users cannot connect to Samba-shares
- Help: Failed to verify incoming ticket! revisited, problems with Samba/2003