Peter Trifonov
2006-Aug-01 09:34 UTC
[Samba] ADS share browsing error - Decrypt integrity check failed
Hello everyone, There is a FreeBSD box, which is a member of ADS domain. The domain has both W2000 and W2003 domain controllers. After upgrading to samba-3.0.23a I discovered that it is not possible to browse a share on a FreeBSD computer, but pam_winbind seems to work. Connecting from a WindowsXP box to the FreeBSD causes WinXP to ask for a password a number of times, and eventually say "access denied". Smbd log file (log level 3) piece corresponding to this attempt looks like this: Doing spnego session setup [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(687) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 2 840 48018 1 2 2 [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 2 840 113554 1 2 2 [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 3 6 1 4 1 311 2 2 10 [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_negotiate(550) Got secblob of size 1151 [2006/08/01 13:12:38, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Decrypt integrity check failed [2006/08/01 13:12:38, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check failed [2006/08/01 13:12:38, 3] smbd/sesssetup.c:reply_spnego_kerberos(207) Ticket name is [UserName@DOMAIN.REALM] [2006/08/01 13:12:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username DOMAIN/UserName is invalid on this system [2006/08/01 13:12:38, 3] smbd/error.c:error_packet(146) error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Everything worked smoothly with samba 3.0.22 With best regards, P. Trifonov
Apparently Analagous Threads
- s3 connect to s4 ads woes, need guidance..
- Help: Failed to verify incoming ticket! revisited, problems with Samba/2003
- Going insane - ads_secrets_verify_ticket
- Linux NIS/NFS/Samba server bound to Active Directory
- One of our users cannot connect to Samba-shares