Disregard, that, sorry. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Salib, Mr Sent: January-28-13 9:38 AM To: Andrew Bartlett; Fabian von Romberg Cc: [email protected] Subject: Re: [Samba] Samba Authentication With Kerberos
Thank you, this is a Samba4 host as an AD DC. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Bartlett Sent: January-28-13 9:32 AM To: Fabian von Romberg Cc: [email protected] Subject: Re: [Samba] Samba Authentication With Kerberos On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote: > Hi All, > > Im thrying to setup a server with Samba4 with Kerberos. When I want to see > list all shares with smbclient with samba authentication, everything works > fine. But when I try to authenticate using Kerberos, I get and error. To be clear, is this Samba 4.0 as an AD DC, or as a member server in another AD domain? > The command I execute is: > > smbclient -L localhost -k > > The error message from Samba is: > > using SPNEGO > Selected protocol [8][NT LANMAN 1.0] > GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see > text): Decrypt integrity check failed for checksum type > hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE > SPNEGO login failed: NT_STATUS_LOGON_FAILURE smbclient should never do kerberos to "localhost" because we can never know which "localhost" that is. If you have somehow registered a 'localhost' as a servicePrincipalName, then this is likely the cause of the issue. (This error indicates that the key you got from the KDC is not the key that the server has in it's secrets database/keytab.) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
