Patrik Gustavsson PS Sweden Senior Technical Consultant
2003-Jun-18 06:44 UTC
[Samba] My Samba 3.0beta1 stopped working as ADS member
I had a working Samba 3.0beta1 as ADS member of a W2003 server. My w2000 client could log in to the W2003 server and use services on Samba (home directory). Winbind is working. So I tried to re-do all my work again. And suddenly the w2k can use any services on Samba anymore. The output from the logfile tells me it's kerberos problem: [2003/06/18 08:35:03, 3] libads/kerberos_verify.c:(126) krb5_rd_req with auth failed (Bad encryption type) [2003/06/18 08:35:03, 1] smbd/sesssetup.c:(175) Failed to verify incoming ticket! [2003/06/18 08:35:03, 3] smbd/error.c:(94) error string = No such file or directory Winbind/wbinfo works as it should. I know what problem it is, but not WHY and not HOW to fix it ? /Patrik -- "In a world without fences who needs Gates" Patrik Gustavsson, Senior Technical Consultant patrik.gustavsson@sun.com Telephone: +46 60 671540 http://glen.sweden Mobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 --------------------------------------------------------------
Andrew Bartlett
2003-Jun-18 10:07 UTC
[Samba] My Samba 3.0beta1 stopped working as ADS member
On Wed, 2003-06-18 at 16:44, Patrik Gustavsson PS Sweden Senior Technical Consultant wrote:> > I had a working Samba 3.0beta1 as ADS member of a W2003 server. > My w2000 client could log in to the W2003 server and use services on > Samba (home directory). > > Winbind is working. > > So I tried to re-do all my work again. > > And suddenly the w2k can use any services on Samba anymore. > > The output from the logfile tells me it's kerberos problem: > [2003/06/18 08:35:03, 3] libads/kerberos_verify.c:(126) > krb5_rd_req with auth failed (Bad encryption type) > [2003/06/18 08:35:03, 1] smbd/sesssetup.c:(175) > Failed to verify incoming ticket! > [2003/06/18 08:35:03, 3] smbd/error.c:(94) > error string = No such file or directory > > Winbind/wbinfo works as it should. > > I know what problem it is, but not WHY and not HOW to fix it ?The user you are using has not had their password changed since Win2k installation/AD upgrade. This means that they only have their 'type 23' encryption type - the type that is based on the NT4 password. If you change the password, it should work. The proper solution is to compile with MIT Krb5 1.3, or a recent Heimdal kerberos. These versions support the new encryption type, and should allow it to work out of the box. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030618/9c84e1f5/attachment.bin
Apparently Analagous Threads
- Got strange message when using wbinfo/winbind on Samba-3 beta3
- Strange UID/GID mapping in Samba-3beta1 and Win2003 server
- Problem to get winbind working for Samba3-beta1 on Solaris 9 against W2003 PDC
- smbclient is broken and W2k can't connect to Samba3.0-rc2
- Problems joining W2003 PDC with Samba 3.0 alpha 24