Hi all, we here have a user that got a new Windows 7 client (before he had Windows XP) and now is no longer able to connect to our Samba shares. Testing his client with another account has proven that the client is not the problem, other user can connect. Also testing the user on another (Windows 7) client gave the result that the user is not allowed to access.
Running Samba with different log levels (up to 99 :)) first show only a simple "[2013/04/22 13:10:18.503496, 1, pid=13437, effective(0, 0), real(0, 0)] smbd/sesssetup.c:332(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!" Increasing the debug level then gave: .... [2013/04/22 14:18:28.769410, 10, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1150(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 21149, pblob->length = 16460 [2013/04/22 14:18:28.769454, 3, pid=23552, effective(0, 0), real(0, 0)] smbd/error.c:80(error_packet_set) error packet at smbd/sesssetup.c(1317) cmd=115 (SMBsesssetupX) NT_STATUS_MORE_PROCESSING_REQUIRED ..... [2013/04/22 14:18:28.800264, 10, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1053(check_spnego_blob_complete) check_spnego_blob_complete: pad->partial_data.length = 16460, pad->needed_len = 4689, copy_len = 16460, pblob->length = 16460, ..... [2013/04/22 14:18:28.800603, 3, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:806(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 21071 [2013/04/22 14:18:28.801778, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.801969, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.802129, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.802179, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:589(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (ASN.1 structure is missing a required field) [2013/04/22 14:18:28.802221, 10, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:598(ads_verify_ticket) ads_verify_ticket: returning error NT_STATUS_LOGON_FAILURE [2013/04/22 14:18:28.802284, 1, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:332(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! So.... where is the problem with this special user? Why is it's "spnego-information" that large (21149 bytes!!) ? Any idea what we can do further? (our problem is that we have very restricted access to the active directory...) Thanks a lot, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
