Hello, I have been working diligently since my last post to solve the error I've been receiving. I did manage to fix the credentials problem, but now I am at the same point where many others are, mainly, when doing hostname mapping (net use X: \\foo\bar), Samba prompts for a username and password and does not use Kerberos. In my error logs: [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(56) creating keytab: MEMORY: [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(59) going to krb5_kt_resolveunable to create MEMORY: keytab (Unknown Key table type) [2004/01/05 15:51:59, 3] libads/kerberos_verify.c:ads_verify_ticket(283) ads_verify_ticket: unable to setup keytab [2004/01/05 15:51:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! [2004/01/05 15:51:59, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE After looking at kerberos_verify.c and doing some debugging, I found exactly where the problem is occuring (I think). The krb5_kt_resolve immediately before is returning KRB5_KT_UNKNOWN_TYPE. Doing some looking at the source for MIT krb5, and a bit of reading, it looks like there are two key table types defined: FILE and WRFILE. Specifically, in lib/krb5/keytab/ktbase.c:krb5_kt_resolve(112), it cycles through a list of registered key table types, and MEMORY is definitely not one of them. It has no associated krb5_kt_ops struct, at least not one that I can locate. However, this definition _does_ exist in Heimdal Kerberos 0.6 (keytab_memory.c), along with a corresponding krb5_kt_ops struct. What gives? Am I just making this up, or does this seem slightly reasonable? I'm using FreeBSD 5.1; when I compiled Samba 3.0 with Heimdal (the system krb5 libs) I couldn't even get Samba to join a Windows 2003 domain, no matter what the krb5.conf said. Only after I went to MIT and recompiled was I able to join and do queries on the domain. Does anyone have Samba 3.0 + FreeBSD 5 + Heimdal working? If so, please let me know? :) Thoughts, questions, flames? Any errors are a result of my ignorance. -Justin
Gerald (Jerry) Carter
2004-Jan-06 15:16 UTC
[Samba] Samba requesting nonexistent keytab type?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 5 Jan 2004, Justin Baugh wrote:> Hello, > > I have been working diligently since my last post to solve the error > I've been receiving. I did manage to fix the credentials problem, but > now I am at the same point where many others are, mainly, when doing > hostname mapping (net use X: \\foo\bar), Samba prompts for a username > and password and does not use Kerberos. > > In my error logs: > > [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(56) > creating keytab: MEMORY: > [2004/01/05 15:51:59, 10] libads/kerberos_verify.c:create_keytab(59) > going to krb5_kt_resolveunable to create MEMORY: keytab (Unknown Key > table type)This should be fixed in the latest Samba 3.0 cvs tree. Please test the 3.0.2pre1 release which is due out tomorrow. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song" --Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/+jzUIR7qMdg1EfYRAqP/AJ9vkLNFzSL121mLUS3s+NxUY3aWHACfT+/B 12DpLfvaE3Kgq/BCfFdU9oc=7odd -----END PGP SIGNATURE-----
Possibly Parallel Threads
- v3.0.X kerberos_verify sol8 compile problem
- Unable to create keytab in samba 3.0.1
- Samba 3.0.0 CVS 3.0.1pre2: "libads/kerberos_verify.c", line 77: improper member use: keyblock
- [PATCH: server 0/3] Add host-register.rb (replaces host-browser.rb in part)
- Compilation error when linking libsmbclient.so :-(