On Wed, 2003-06-18 at 16:44, Patrik Gustavsson PS Sweden Senior Technical Consultant wrote: > > I had a working Samba 3.0beta1 as ADS member of a W2003 server. > My w2000 client could log in to the W2003 server and use services on > Samba (home directory). > > Winbind is working. > > So I tried to re-do all my work again. > > And suddenly the w2k can use any services on Samba anymore. > > The output from the logfile tells me it's kerberos problem: > [2003/06/18 08:35:03, 3] libads/kerberos_verify.c:(126) > krb5_rd_req with auth failed (Bad encryption type) > [2003/06/18 08:35:03, 1] smbd/sesssetup.c:(175) > Failed to verify incoming ticket! > [2003/06/18 08:35:03, 3] smbd/error.c:(94) > error string = No such file or directory > > Winbind/wbinfo works as it should. > > I know what problem it is, but not WHY and not HOW to fix it ?
The user you are using has not had their password changed since Win2k installation/AD upgrade. This means that they only have their 'type 23' encryption type - the type that is based on the NT4 password. If you change the password, it should work. The proper solution is to compile with MIT Krb5 1.3, or a recent Heimdal kerberos. These versions support the new encryption type, and should allow it to work out of the box. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba