samba - Aug 2010 - Samba 3.0.37 with Windows Server 2008

I'm running Windows Server 2008 and trying to connect to Samba 3.0.37 on
Opensolaris.  The Samba system is a member of a Windows Server 2008-based Active
Directory domain - it was able to join the domain just fine - and Windows XP,
Windows 2000, Windows Vista, and Windows 7 can connect, but Windows Server 2008
SP2 cannot connect.  The log file is posted below - I'm guessing the key is
the message about krb5_rd_req with auth failed (Bad encryption type), but none
of the solutions out there that I've looked at seem to apply - it
doesn't seem to be the same bug as was in Windows Server 2003, and I'm
not sure what kerberos keytab has to do with remote connections to the machine. 
Any hints would be greatly appreciate.

Thanks,
Nick

[2010/08/10 20:05:22, 5] smbd/uid.c:(338)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [LANMAN1.0]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [Windows for Workgroups 3.1a]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [LM1.2X002]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [LANMAN2.1]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [NT LM 0.12]
[2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
  Requested protocol [SMB 2.002]
[2010/08/10 20:05:22, 5] smbd/connection.c:(182)
  claiming  0
[2010/08/10 20:05:22, 3] smbd/negprot.c:(364)
  using SPNEGO
[2010/08/10 20:05:22, 3] smbd/negprot.c:(606)
  Selected protocol NT LM 0.12
[2010/08/10 20:05:22, 5] smbd/negprot.c:(612)
  negprot index=5
[2010/08/10 20:05:22, 5] lib/util.c:(484)
[2010/08/10 20:05:22, 5] lib/util.c:(494)
  size=173
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=65535
  smb_pid=65279
  smb_uid=0
  smb_mid=0
  smt_wct=17
  smb_vwv[ 0]=    5 (0x5)
  smb_vwv[ 1]=12807 (0x3207)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=24832 (0x6100)
  smb_vwv[ 8]=   82 (0x52)
  smb_vwv[ 9]=64512 (0xFC00)
  smb_vwv[10]=  243 (0xF3)
  smb_vwv[11]=  128 (0x80)
  smb_vwv[12]=39069 (0x989D)
  smb_vwv[13]=63911 (0xF9A7)
  smb_vwv[14]=52024 (0xCB38)
  smb_vwv[15]=26625 (0x6801)
  smb_vwv[16]=    1 (0x1)
  smb_bcc=104
[2010/08/10 20:05:22, 3] smbd/process.c:(1083)
  Transaction 1 of length 1640
[2010/08/10 20:05:22, 5] lib/util.c:(484)
[2010/08/10 20:05:22, 5] lib/util.c:(494)
  size=1636
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51207
  smb_tid=65535
  smb_pid=65279
  smb_uid=0
  smb_mid=64
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=16644 (0x4104)
  smb_vwv[ 3]=   50 (0x32)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]= 1573 (0x625)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=  212 (0xD4)
  smb_vwv[11]=40960 (0xA000)
  smb_bcc=1577
[2010/08/10 20:05:22, 3] smbd/process.c:(932)
  switch message SMBsesssetupX (pid 21089) conn 0x0
[2010/08/10 20:05:22, 3] smbd/sec_ctx.c:(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/08/10 20:05:22, 5] auth/auth_util.c:(448)
  NT user token: (NULL)
[2010/08/10 20:05:22, 5] auth/auth_util.c:(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2010/08/10 20:05:22, 5] smbd/uid.c:(338)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1258)
  wct=12 flg2=0xc807
[2010/08/10 20:05:22, 2] smbd/sesssetup.c:(1214)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1040)
  Doing spnego session setup
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1071)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
  parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2
[2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
  parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2
[2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
  parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10
[2010/08/10 20:05:22, 3] smbd/sesssetup.c:(699)
  reply_spnego_negotiate: Got secblob of size 1507
[2010/08/10 20:05:22, 3] libads/kerberos_verify.c:(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2010/08/10 20:05:22, 1] smbd/sesssetup.c:(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2010/08/10 20:05:22, 3] smbd/error.c:(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2010/08/10 20:05:22, 5] lib/util.c:(484)


--------
This e-mail may contain confidential and privileged material for the sole use of
the intended recipient.  If this email is not intended for you, or you are not
responsible for the delivery of this message to the intended recipient, please
note that this message may contain SEAKR Engineering (SEAKR)
Privileged/Proprietary Information.  In such a case, you are strictly prohibited
from downloading, photocopying, distributing or otherwise using this message,
its contents or attachments in any way.  If you have received this message in
error, please notify us immediately by replying to this e-mail and delete the
message from your mailbox.  Information contained in this message that does not
relate to the business of SEAKR is neither endorsed by nor attributable to
SEAKR.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/11/2010 01:39 AM, Nick Couchman wrote:
> I'm running Windows Server 2008 and trying to connect to Samba 3.0.37
on Opensolaris.  The Samba system is a member of a Windows Server 2008-based
Active Directory domain - it was able to join the domain just fine - and Windows
XP, Windows 2000, Windows Vista, and Windows 7 can connect, but Windows Server
2008 SP2 cannot connect.  The log file is posted below - I'm guessing the
key is the message about krb5_rd_req with auth failed (Bad encryption type), but
none of the solutions out there that I've looked at seem to apply - it
doesn't seem to be the same bug as was in Windows Server 2003, and I'm
not sure what kerberos keytab has to do with remote connections to the machine. 
Any hints would be greatly appreciate.
> 
> Thanks,
> Nick
> 
> [2010/08/10 20:05:22, 5] smbd/uid.c:(338)
>   change_to_root_user: now uid=(0,0) gid=(0,0)
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
>   Requested protocol [PC NETWORK PROGRAM 1.0]
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
>   Requested protocol [LANMAN1.0]
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
>   Requested protocol [Windows for Workgroups 3.1a]
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
>   Requested protocol [LM1.2X002]
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
>   Requested protocol [LANMAN2.1]
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
>   Requested protocol [NT LM 0.12]
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(505)
>   Requested protocol [SMB 2.002]
> [2010/08/10 20:05:22, 5] smbd/connection.c:(182)
>   claiming  0
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(364)
>   using SPNEGO
> [2010/08/10 20:05:22, 3] smbd/negprot.c:(606)
>   Selected protocol NT LM 0.12
> [2010/08/10 20:05:22, 5] smbd/negprot.c:(612)
>   negprot index=5
> [2010/08/10 20:05:22, 5] lib/util.c:(484)
> [2010/08/10 20:05:22, 5] lib/util.c:(494)
>   size=173
>   smb_com=0x72
>   smb_rcls=0
>   smb_reh=0
>   smb_err=0
>   smb_flg=136
>   smb_flg2=51201
>   smb_tid=65535
>   smb_pid=65279
>   smb_uid=0
>   smb_mid=0
>   smt_wct=17
>   smb_vwv[ 0]=    5 (0x5)
>   smb_vwv[ 1]=12807 (0x3207)
>   smb_vwv[ 2]=  256 (0x100)
>   smb_vwv[ 3]= 1024 (0x400)
>   smb_vwv[ 4]=   65 (0x41)
>   smb_vwv[ 5]=    0 (0x0)
>   smb_vwv[ 6]=  256 (0x100)
>   smb_vwv[ 7]=24832 (0x6100)
>   smb_vwv[ 8]=   82 (0x52)
>   smb_vwv[ 9]=64512 (0xFC00)
>   smb_vwv[10]=  243 (0xF3)
>   smb_vwv[11]=  128 (0x80)
>   smb_vwv[12]=39069 (0x989D)
>   smb_vwv[13]=63911 (0xF9A7)
>   smb_vwv[14]=52024 (0xCB38)
>   smb_vwv[15]=26625 (0x6801)
>   smb_vwv[16]=    1 (0x1)
>   smb_bcc=104
> [2010/08/10 20:05:22, 3] smbd/process.c:(1083)
>   Transaction 1 of length 1640
> [2010/08/10 20:05:22, 5] lib/util.c:(484)
> [2010/08/10 20:05:22, 5] lib/util.c:(494)
>   size=1636
>   smb_com=0x73
>   smb_rcls=0
>   smb_reh=0
>   smb_err=0
>   smb_flg=24
>   smb_flg2=51207
>   smb_tid=65535
>   smb_pid=65279
>   smb_uid=0
>   smb_mid=64
>   smt_wct=12
>   smb_vwv[ 0]=  255 (0xFF)
>   smb_vwv[ 1]=    0 (0x0)
>   smb_vwv[ 2]=16644 (0x4104)
>   smb_vwv[ 3]=   50 (0x32)
>   smb_vwv[ 4]=    0 (0x0)
>   smb_vwv[ 5]=    0 (0x0)
>   smb_vwv[ 6]=    0 (0x0)
>   smb_vwv[ 7]= 1573 (0x625)
>   smb_vwv[ 8]=    0 (0x0)
>   smb_vwv[ 9]=    0 (0x0)
>   smb_vwv[10]=  212 (0xD4)
>   smb_vwv[11]=40960 (0xA000)
>   smb_bcc=1577
> [2010/08/10 20:05:22, 3] smbd/process.c:(932)
>   switch message SMBsesssetupX (pid 21089) conn 0x0
> [2010/08/10 20:05:22, 3] smbd/sec_ctx.c:(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/08/10 20:05:22, 5] auth/auth_util.c:(448)
>   NT user token: (NULL)
> [2010/08/10 20:05:22, 5] auth/auth_util.c:(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2010/08/10 20:05:22, 5] smbd/uid.c:(338)
>   change_to_root_user: now uid=(0,0) gid=(0,0)
> [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1258)
>   wct=12 flg2=0xc807
> [2010/08/10 20:05:22, 2] smbd/sesssetup.c:(1214)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
> [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1040)
>   Doing spnego session setup
> [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1071)
>   NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
> [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
>   parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2
> [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
>   parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2
> [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669)
>   parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10
> [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(699)
>   reply_spnego_negotiate: Got secblob of size 1507
> [2010/08/10 20:05:22, 3] libads/kerberos_verify.c:(427)
>   ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2010/08/10 20:05:22, 1] smbd/sesssetup.c:(316)
>   Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
> [2010/08/10 20:05:22, 3] smbd/error.c:(106)
>   error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
> [2010/08/10 20:05:22, 5] lib/util.c:(484)
> 
> 
> --------
> This e-mail may contain confidential and privileged material for the sole
use of the intended recipient.  If this email is not intended for you, or you
are not responsible for the delivery of this message to the intended recipient,
please note that this message may contain SEAKR Engineering (SEAKR)
Privileged/Proprietary Information.  In such a case, you are strictly prohibited
from downloading, photocopying, distributing or otherwise using this message,
its contents or attachments in any way.  If you have received this message in
error, please notify us immediately by replying to this e-mail and delete the
message from your mailbox.  Information contained in this message that does not
relate to the business of SEAKR is neither endorsed by nor attributable to
SEAKR.
Nick,

I would suggest looking at your available encryption types available to
Solaris.  We ran into this before and this bug supplied a work around
that fixed us.

http://bugs.opensolaris.org/bugdatabase/printableBug.do?bug_id=6534506

If you want to find out the encryption levels available to your system,
you can issue:

# cryptoadm list

Good luck!
- -- 
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxinlYACgkQup357T5MfTatFACgpRPbZ4GB+UBMO2wULb7JIpHz
3E8An3PM6bdxwMHKOOW7KsYoKnd3kpuh
=heGn
-----END PGP SIGNATURE-----