I'm beating my head up against the wall here.. Need some extra eyes!!!
Setup -- Samba4 Domain Controller and samba3 print server.. DNS
FlatFile,, All dns works..
Issue, When I browse to the print Server vi \\IP-Address I am able to
connect just fine.. When I browse using \\netbios-name I connect to the
server but it opens up a username/pass dialog box and no name or
passwords will work..
wbinfo -g / -u work fine.. getent passwd/group works perfectly..
I get the following snippet in the log file.. With smb.conf and
krb5.conf following that..
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2012/05/04 11:45:29, 3]
smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/05/04 11:45:29, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1619
[2012/05/04 11:45:29, 3]
libads/kerberos_verify.c:378(ads_secrets_verify_ticket)
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb)
Transaction 2 of length 1764 (0 toread)
[2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 14493) conn 0x0
[2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2012/05/04 11:45:29, 3]
smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/05/04 11:45:29, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1619
[2012/05/04 11:45:29, 3]
libads/kerberos_verify.c:378(ads_secrets_verify_ticket)
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb)
Transaction 3 of length 1764 (0 toread)
[2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 14493) conn 0x0
[2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2012/05/04 11:45:29, 3]
smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/05/04 11:45:29, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1619
[2012/05/04 11:45:29, 3]
libads/kerberos_verify.c:378(ads_secrets_verify_ticket)
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
SMB.CONF
[global]
workgroup = ASTROINTERNAL
realm = ASTROINTERNAL.COM
preferred master = no
server string = Linux Test Machine
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
printcap name = cups
printing = cups
allow trusted domains = yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
#idmap backend = "ASTROINTERNAL=10000-19999"
idmap uid = 1000-20000
idmap gid = 1000-20000
;template primary group = "Domain Users"
template shell = /bin/bash
KRB5.CONF
[libdefaults]
default_realm = ASTROINTERNAL.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[realms]
ASTROINTERNAL.COM = {
kdc = astrodc1.astrointernal.com
admin_server = astrodc1.astrointernal.com
default_domain = astroshapes.com
}
[domain_realm]
.astrointernal.com = ASTROINTERNAL.COM
astrointernal.com = ASTROINTERNAL.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
I would like to add that kinit works just fine also.. On 05/04/2012 11:51 AM, Aaron E. wrote:> I'm beating my head up against the wall here.. Need some extra eyes!!! > > Setup -- Samba4 Domain Controller and samba3 print server.. DNS > FlatFile,, All dns works.. > > Issue, When I browse to the print Server vi \\IP-Address I am able to > connect just fine.. When I browse using \\netbios-name I connect to the > server but it opens up a username/pass dialog box and no name or > passwords will work.. > > wbinfo -g / -u work fine.. getent passwd/group works perfectly.. > I get the following snippet in the log file.. With smb.conf and > krb5.conf following that.. > > > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2012/05/04 11:45:29, 3] > smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) > Doing spnego session setup > [2012/05/04 11:45:29, 3] > smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) > NativeOS=[] NativeLanMan=[] PrimaryDomain=[] > [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) > reply_spnego_negotiate: Got secblob of size 1619 > [2012/05/04 11:45:29, 3] > libads/kerberos_verify.c:378(ads_secrets_verify_ticket) > ads_secrets_verify_ticket: enc type [23] failed to decrypt with error > Decrypt integrity check failed > [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) > Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! > [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) > error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) > Transaction 2 of length 1764 (0 toread) > [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) > switch message SMBsesssetupX (pid 14493) conn 0x0 > [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) > wct=12 flg2=0xc807 > [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2012/05/04 11:45:29, 3] > smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) > Doing spnego session setup > [2012/05/04 11:45:29, 3] > smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) > NativeOS=[] NativeLanMan=[] PrimaryDomain=[] > [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) > reply_spnego_negotiate: Got secblob of size 1619 > [2012/05/04 11:45:29, 3] > libads/kerberos_verify.c:378(ads_secrets_verify_ticket) > ads_secrets_verify_ticket: enc type [23] failed to decrypt with error > Decrypt integrity check failed > [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) > Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! > [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) > error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > [2012/05/04 11:45:29, 3] smbd/process.c:1459(process_smb) > Transaction 3 of length 1764 (0 toread) > [2012/05/04 11:45:29, 3] smbd/process.c:1273(switch_message) > switch message SMBsesssetupX (pid 14493) conn 0x0 > [2012/05/04 11:45:29, 3] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2012/05/04 11:45:29, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) > wct=12 flg2=0xc807 > [2012/05/04 11:45:29, 2] smbd/sesssetup.c:1360(setup_new_vc_session) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2012/05/04 11:45:29, 3] > smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) > Doing spnego session setup > [2012/05/04 11:45:29, 3] > smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) > NativeOS=[] NativeLanMan=[] PrimaryDomain=[] > [2012/05/04 11:45:29, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) > reply_spnego_negotiate: Got secblob of size 1619 > [2012/05/04 11:45:29, 3] > libads/kerberos_verify.c:378(ads_secrets_verify_ticket) > ads_secrets_verify_ticket: enc type [23] failed to decrypt with error > Decrypt integrity check failed > [2012/05/04 11:45:29, 3] libads/kerberos_verify.c:568(ads_verify_ticket) > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > [2012/05/04 11:45:29, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) > Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! > [2012/05/04 11:45:29, 3] smbd/error.c:60(error_packet_set) > error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > > > SMB.CONF > [global] > workgroup = ASTROINTERNAL > realm = ASTROINTERNAL.COM > preferred master = no > server string = Linux Test Machine > security = ADS > encrypt passwords = yes > log level = 3 > log file = /var/log/samba/%m.log > max log size = 50 > printcap name = cups > printing = cups > allow trusted domains = yes > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind nested groups = Yes > winbind separator = + > #idmap backend = "ASTROINTERNAL=10000-19999" > idmap uid = 1000-20000 > idmap gid = 1000-20000 > ;template primary group = "Domain Users" > template shell = /bin/bash > > KRB5.CONF > [libdefaults] > default_realm = ASTROINTERNAL.COM > dns_lookup_realm = false > dns_lookup_kdc = false > ticket_lifetime = 24h > forwardable = yes > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [realms] > ASTROINTERNAL.COM = { > kdc = astrodc1.astrointernal.com > admin_server = astrodc1.astrointernal.com > default_domain = astroshapes.com > } > > [domain_realm] > .astrointernal.com = ASTROINTERNAL.COM > astrointernal.com = ASTROINTERNAL.COM > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } >