Toll, Eric
2005-Oct-28 20:00 UTC
[Samba] Message size is incompatible with encryption type
Hello all, I have a nice dual Opteron server with a lot of
disk space I'd like to let Windows ADS groups use. I am
running FreeBSD (AMD64) 5.4-RELEASE-p1 with samba-3.0.20,1
I joined the ADS domain. Smbclient works perfectly.
Server shows up in "My Network Places" When I click on it, I
get a login box and no credentials will authenticate me.
Read some of the samba docs, and found it amusing that many
times the scenario of departments/personnel/politics etc
were explained before a config was given. (See my first
sentence!)
The only other piece to the puzzle is how do I grant rights
to the UNIX/Samba shares?? E.g. Want the ADS group
"Archives" to have read only access to the Archives, but ADS
Domain admins can have read/write to samba share Archives.
I looked around on the net and I'm not sure what is wrong.
Thanks much list!
Eric
Smb.conf:
[global]
workgroup = WORKGROUP
realm = DOMAIN.COM
server string = 64bit FreeBSD Samba Box
security = ADS
auth methods = winbind
password server = 192.168.x.x
passdb backend = tdbsam
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 192.168.X.X
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 20000-30000
winbind use default domain = Yes
winbind trusted domains only = Yes
invalid users = root
acl group control = Yes
inherit permissions = Yes
inherit acls = Yes
hosts allow = 192.168.X., 127.
hosts deny = ALL
[Archives]
comment = Archives
path = /usr/Archives
read only = Yes
guest ok = Yes
/var/log/samba/workstation-Log (all happened in less than a
second)
2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1380)
open_oplock_ipc: opening loopback UDP socket.
[2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1380)
open_oplock_ipc: opening loopback UDP socket.
[2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1411)
open_oplock ipc: pid = 98079, global_oplock_port = 57632
[2005/10/28 15:20:06, 3] smbd/oplock.c:init_oplocks(1411)
open_oplock ipc: pid = 98080, global_oplock_port = 58261
[2005/10/28 15:20:06, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2005/10/28 15:20:06, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.X.X)
[2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114)
Transaction 0 of length 72
[2005/10/28 15:20:06, 3] lib/access.c:check_access(313)
check_access: no hostnames in host allow/deny list.
[2005/10/28 15:20:06, 2] lib/access.c:check_access(324)
Allowed connection from (192.168.X.X)
[2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114)
Transaction 0 of length 137
[2005/10/28 15:20:06, 2] smbd/reply.c:reply_special(448)
netbios connect: name1=RODAN
name2=ERIC-AMD-4200X2
[2005/10/28 15:20:06, 2] smbd/reply.c:reply_special(455)
netbios connect: local=rodan remote=eric-amd-4200x2, name
type = 0
[2005/10/28 15:20:06, 3] smbd/process.c:switch_message(900)
switch message SMBnegprot (pid 98080) conn 0x0
[2005/10/28 15:20:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
Requested protocol [LANMAN1.0]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
Requested protocol [Windows for Workgroups 3.1a]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
Requested protocol [LM1.2X002]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
Requested protocol [LANMAN2.1]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(466)
Requested protocol [NT LM 0.12]
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_nt1(337)
using SPNEGO
[2005/10/28 15:20:06, 3] smbd/negprot.c:reply_negprot(559)
Selected protocol NT LM 0.12
[2005/10/28 15:20:06, 3] smbd/process.c:process_smb(1114)
Transaction 1 of length 1572
[2005/10/28 15:20:06, 3] smbd/process.c:switch_message(900)
switch message SMBsesssetupX (pid 98080) conn 0x0
[2005/10/28 15:20:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_sesssetup_and_X(751)
wct=12 flg2=0xc807
[2005/10/28 15:20:06, 2]
smbd/sesssetup.c:setup_new_vc_session(704)
setup_new_vc_session: New VC == 0, if NT4.x compatible we
would close all old resources.
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(588)
Doing spnego session setup
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619)
NativeOS=[Windows 2002 Service Pack 2 2600]
NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_spnego_negotiate(480)
Got OID 1 2 840 48018 1 2 2
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_spnego_negotiate(480)
Got OID 1 2 840 113554 1 2 2
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_spnego_negotiate(480)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_spnego_negotiate(483)
Got secblob of size 1340
[2005/10/28 15:20:06, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
ads_secrets_verify_ticket: enc type [16] failed to decrypt
with error Message size is incompatible with encryption type
[2005/10/28 15:20:06, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
ads_secrets_verify_ticket: enc type [5] failed to decrypt
with error Message size is incompatible with encryption type
[2005/10/28 15:20:06, 3]
smbd/sesssetup.c:reply_spnego_kerberos(179)
Ticket name is [user@DOMAIN.COM]
[2005/10/28 15:20:06, 1]
smbd/sesssetup.c:reply_spnego_kerberos(263)
Username DOMAIN\user is invalid on this system
Apparently Analagous Threads
Wisdom of the Ancients
