samba - Jan 2004 - Samba requesting nonexistent keytab type?

Hello,

I have been working diligently since my last post to solve the error 
I've been receiving. I did manage to fix the credentials problem, but 
now I am at the same point where many others are, mainly, when doing 
hostname mapping (net use X: \\foo\bar), Samba prompts for a username 
and password and does not use Kerberos.

In my error logs:

[2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(56)
   creating keytab: MEMORY:
[2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(59)
   going to krb5_kt_resolveunable to create MEMORY: keytab (Unknown Key 
table type)
[2004/01/05 15:51:59, 3] libads/kerberos_verify.c:ads_verify_ticket(283)
   ads_verify_ticket: unable to setup keytab
[2004/01/05 15:51:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
   Failed to verify incoming ticket!
[2004/01/05 15:51:59, 3] smbd/error.c:error_packet(118)
   error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE

After looking at kerberos_verify.c and doing some debugging, I found 
exactly where the problem is occuring (I think).  The krb5_kt_resolve 
immediately before is returning KRB5_KT_UNKNOWN_TYPE. Doing some looking 
at the source for MIT krb5, and a bit of reading, it looks like there 
are two key table types defined: FILE and WRFILE. Specifically, in 
lib/krb5/keytab/ktbase.c:krb5_kt_resolve(112), it cycles through a list 
of registered key table types, and MEMORY is definitely not one of them. 
It has no associated krb5_kt_ops struct, at least not one that I can 
locate.

However, this definition _does_ exist in Heimdal Kerberos 0.6 
(keytab_memory.c), along with a corresponding krb5_kt_ops struct.

What gives? Am I just making this up, or does this seem slightly 
reasonable?

I'm using FreeBSD 5.1; when I compiled Samba 3.0 with Heimdal (the 
system krb5 libs) I couldn't even get Samba to join a Windows 2003 
domain, no matter what the krb5.conf said. Only after I went to MIT and 
recompiled was I able to join and do queries on the domain.

Does anyone have Samba 3.0 + FreeBSD 5 + Heimdal working? If so, please 
let me know? :)

Thoughts, questions, flames? Any errors are a result of my ignorance.

-Justin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 5 Jan 2004, Justin Baugh wrote:
> Hello,
> 
> I have been working diligently since my last post to solve the error 
> I've been receiving. I did manage to fix the credentials problem, but 
> now I am at the same point where many others are, mainly, when doing 
> hostname mapping (net use X: \\foo\bar), Samba prompts for a username 
> and password and does not use Kerberos.
> 
> In my error logs:
> 
> [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(56)
>    creating keytab: MEMORY:
> [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(59)
>    going to krb5_kt_resolveunable to create MEMORY: keytab (Unknown Key 
> table type)
This should be fixed in the latest Samba 3.0 cvs tree.  Please test
the 3.0.2pre1 release which is due out tomorrow.



cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "If we're adding to the noise, turn off this song" --Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/+jzUIR7qMdg1EfYRAqP/AJ9vkLNFzSL121mLUS3s+NxUY3aWHACfT+/B
12DpLfvaE3Kgq/BCfFdU9oc=7odd
-----END PGP SIGNATURE-----