-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OK. I've done some more research, and here's what I get. smbd --version Version 3.0.0 strings libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 Everything seems to work, but trying to access the Samba server results in: [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) ~ Failed to verify incoming ticket! [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE This is the same error you get if you're running the wrong KRB5 libs, but I've the right ones. The windows 2000 machine is 5.00.2195 Windows 2000 clients connect to the ADS server fine, and will connect to the Samba server if you enter Username/Password. The 2000 server cannot connect to the Samba machine at all, even with the right username/pass. Is there a magic registry setting I'm missing? I've changed the Administrator password at least once. - -Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO F9F+8BTOPIyoybZBYIlCouU=94FA -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Dickson wrote: | OK. I've done some more research, and here's what I get. | | smbd --version | Version 3.0.0 | | strings libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 | | Everything seems to work, but trying to access the Samba server results in: | | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) | ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt | integrity check failed | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) | ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) | [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | ~ Failed to verify incoming ticket! | [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) | ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) | NT_STATUS_LOGON_FAILURE | | This is the same error you get if you're running the wrong KRB5 libs, | but I've the right ones. The windows 2000 machine is 5.00.2195 | | Windows 2000 clients connect to the ADS server fine, and will connect to | the Samba server if you enter Username/Password. The 2000 server cannot | connect to the Samba machine at all, even with the right username/pass. | | Is there a magic registry setting I'm missing? I've changed the | Administrator password at least once. do you have the right enc types enabled in krb5.conf ? See the Samba-HOWTO-COllection for details if you have already. jerry-who-is-answering-mail-while-waiting-on-a-compile-to-finish-..... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2PxdIR7qMdg1EfYRAqclAKDkrqVlGmkAujPbwNaHogTjwKMZ4ACeInA4 +rG/2Xyy22AiRP/x3KF83Qg=HdPk -----END PGP SIGNATURE-----
I'm getting same error about encryption ... I have taken Tom's lead and have provided the output below. Is there a certain version of krb5 that we should be running? root@ANC-MDK-SMB3 tim]# smbd3 --version Version 3.0.1pre3 [root@ANC-MDK-SMB3 tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-final 1.3 20030708 I'm running Mandrake 9.2 Thank You Samba Team! Tim On Thu, 2003-12-11 at 13:59, Tom Dickson wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OK. I've done some more research, and here's what I get. > > smbd --version > Version 3.0.0 > > strings libkrb5.so.3.2 | grep BRAND > KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 > > Everything seems to work, but trying to access the Samba server results in: > > [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) > ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt > integrity check failed > [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) > ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > ~ Failed to verify incoming ticket! > [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) > ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > > This is the same error you get if you're running the wrong KRB5 libs, > but I've the right ones. The windows 2000 machine is 5.00.2195 > > Windows 2000 clients connect to the ADS server fine, and will connect to > the Samba server if you enter Username/Password. The 2000 server cannot > connect to the Samba machine at all, even with the right username/pass. > > Is there a magic registry setting I'm missing? I've changed the > Administrator password at least once. > > - -Tom > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2-nr2 (Windows 2000) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO > F9F+8BTOPIyoybZBYIlCouU> =94FA > -----END PGP SIGNATURE-----
> From: Mark Hudson [mailto:m.c.hudson@open.ac.uk] > > I'm also getting the exact same problem. > > The samba machine can be added into the w2k-controlled ads fine. > > But when my w2k clients connect to it, they prompt for a username and > password. If this is entered, things work fine. The w2k clients also > cannot browse the sharelist on the samba server until they have > connected to a share with a valid UID/password first. > > I am seeing the same errors in samba's logs. > > The samba server is a stock Red Hat Enterprise Linux 3 ES machine.Hello, did you connect to the samba server via Netbios-Name or via IP-Address? Here I can connect to the samba-machine via IP fine, but a connect via Netbios-name asks for username and password. I have no solution up to now for this problem, but I remember, this topic was discussed earlier on this list (maybe 6 weeks ago). I did not find the mails in an archive, because I cannot remember the keywords. Mit freundlichen Gr??en Wolfgang Wagner -- Systemadministration Riwa GmbH, Zwingerstra?e 1, 87435 Kempten, +49-831-52 29 63-537 eMail: wolfgang.wagner@riwa-gis.de
Greetings ...> > >2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) > > > ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt > > > integrity check failed > > > [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) > > > ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > > > [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > > > ~ Failed to verify incoming ticket!I got a similar errors when I first started up my test system ... now I don't know if they are related, but I set client schannel = no server schannel = no in my smb.conf and the errors when away ... Maybe try that and see if you problem goes away ... just an idea. Mailed Lee