-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/11/2010 01:39 AM, Nick Couchman wrote: > I'm running Windows Server 2008 and trying to connect to Samba 3.0.37 on > Opensolaris. The Samba system is a member of a Windows Server 2008-based > Active Directory domain - it was able to join the domain just fine - and > Windows XP, Windows 2000, Windows Vista, and Windows 7 can connect, but > Windows Server 2008 SP2 cannot connect. The log file is posted below - I'm > guessing the key is the message about krb5_rd_req with auth failed (Bad > encryption type), but none of the solutions out there that I've looked at > seem to apply - it doesn't seem to be the same bug as was in Windows Server > 2003, and I'm not sure what kerberos keytab has to do with remote connections > to the machine. Any hints would be greatly appreciate. > > Thanks, > Nick > > [2010/08/10 20:05:22, 5] smbd/uid.c:(338) > change_to_root_user: now uid=(0,0) gid=(0,0) > [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) > Requested protocol [PC NETWORK PROGRAM 1.0] > [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) > Requested protocol [LANMAN1.0] > [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) > Requested protocol [Windows for Workgroups 3.1a] > [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) > Requested protocol [LM1.2X002] > [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) > Requested protocol [LANMAN2.1] > [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) > Requested protocol [NT LM 0.12] > [2010/08/10 20:05:22, 3] smbd/negprot.c:(505) > Requested protocol [SMB 2.002] > [2010/08/10 20:05:22, 5] smbd/connection.c:(182) > claiming 0 > [2010/08/10 20:05:22, 3] smbd/negprot.c:(364) > using SPNEGO > [2010/08/10 20:05:22, 3] smbd/negprot.c:(606) > Selected protocol NT LM 0.12 > [2010/08/10 20:05:22, 5] smbd/negprot.c:(612) > negprot index=5 > [2010/08/10 20:05:22, 5] lib/util.c:(484) > [2010/08/10 20:05:22, 5] lib/util.c:(494) > size=173 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=65535 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12807 (0x3207) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=24832 (0x6100) > smb_vwv[ 8]= 82 (0x52) > smb_vwv[ 9]=64512 (0xFC00) > smb_vwv[10]= 243 (0xF3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=39069 (0x989D) > smb_vwv[13]=63911 (0xF9A7) > smb_vwv[14]=52024 (0xCB38) > smb_vwv[15]=26625 (0x6801) > smb_vwv[16]= 1 (0x1) > smb_bcc=104 > [2010/08/10 20:05:22, 3] smbd/process.c:(1083) > Transaction 1 of length 1640 > [2010/08/10 20:05:22, 5] lib/util.c:(484) > [2010/08/10 20:05:22, 5] lib/util.c:(494) > size=1636 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=65535 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1573 (0x625) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=1577 > [2010/08/10 20:05:22, 3] smbd/process.c:(932) > switch message SMBsesssetupX (pid 21089) conn 0x0 > [2010/08/10 20:05:22, 3] smbd/sec_ctx.c:(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2010/08/10 20:05:22, 5] auth/auth_util.c:(448) > NT user token: (NULL) > [2010/08/10 20:05:22, 5] auth/auth_util.c:(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2010/08/10 20:05:22, 5] smbd/uid.c:(338) > change_to_root_user: now uid=(0,0) gid=(0,0) > [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1258) > wct=12 flg2=0xc807 > [2010/08/10 20:05:22, 2] smbd/sesssetup.c:(1214) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old resources. > [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1040) > Doing spnego session setup > [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(1071) > NativeOS=[] NativeLanMan=[] PrimaryDomain=[] > [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669) > parse_spnego_mechanisms: Got OID 1 2 840 48018 1 2 2 > [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669) > parse_spnego_mechanisms: Got OID 1 2 840 113554 1 2 2 > [2010/08/10 20:05:22, 5] smbd/sesssetup.c:(669) > parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 > [2010/08/10 20:05:22, 3] smbd/sesssetup.c:(699) > reply_spnego_negotiate: Got secblob of size 1507 > [2010/08/10 20:05:22, 3] libads/kerberos_verify.c:(427) > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > [2010/08/10 20:05:22, 1] smbd/sesssetup.c:(316) > Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! > [2010/08/10 20:05:22, 3] smbd/error.c:(106) > error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > [2010/08/10 20:05:22, 5] lib/util.c:(484) > > > -------- > This e-mail may contain confidential and privileged material for the sole use > of the intended recipient. If this email is not intended for you, or you are > not responsible for the delivery of this message to the intended recipient, > please note that this message may contain SEAKR Engineering (SEAKR) > Privileged/Proprietary Information. In such a case, you are strictly > prohibited from downloading, photocopying, distributing or otherwise using > this message, its contents or attachments in any way. If you have received > this message in error, please notify us immediately by replying to this > e-mail and delete the message from your mailbox. Information contained in > this message that does not relate to the business of SEAKR is neither > endorsed by nor attributable to SEAKR.
Nick, I would suggest looking at your available encryption types available to Solaris. We ran into this before and this bug supplied a work around that fixed us. http://bugs.opensolaris.org/bugdatabase/printableBug.do?bug_id=6534506 If you want to find out the encryption levels available to your system, you can issue: # cryptoadm list Good luck! - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxinlYACgkQup357T5MfTatFACgpRPbZ4GB+UBMO2wULb7JIpHz 3E8An3PM6bdxwMHKOOW7KsYoKnd3kpuh =heGn -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
