I'm also getting the exact same problem. The samba machine can be added into the w2k-controlled ads fine.
But when my w2k clients connect to it, they prompt for a username and password. If this is entered, things work fine. The w2k clients also cannot browse the sharelist on the samba server until they have connected to a share with a valid UID/password first. I am seeing the same errors in samba's logs. The samba server is a stock Red Hat Enterprise Linux 3 ES machine. ----- Original Message ----- From: "Tim Jordan" <[EMAIL PROTECTED]> To: "Tom Dickson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, December 11, 2003 11:26 PM Subject: Re: [Samba] Windows 2000 and krb5 tickets. > I'm getting same error about encryption ... > > I have taken Tom's lead and have provided the output below. Is there a > certain version of krb5 that we should be running? > > > [EMAIL PROTECTED] tim]# smbd3 --version > Version 3.0.1pre3 > > [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND > KRB5_BRAND: krb5-1-3-final 1.3 20030708 > > I'm running Mandrake 9.2 > > Thank You Samba Team! > Tim > > On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > OK. I've done some more research, and here's what I get. > > > > smbd --version > > Version 3.0.0 > > > > strings libkrb5.so.3.2 | grep BRAND > > KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 > > > > Everything seems to work, but trying to access the Samba server results in: > > > > [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) > > ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt > > integrity check failed > > [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) > > ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > > [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > > ~ Failed to verify incoming ticket! > > [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) > > ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) > > NT_STATUS_LOGON_FAILURE > > > > This is the same error you get if you're running the wrong KRB5 libs, > > but I've the right ones. The windows 2000 machine is 5.00.2195 > > > > Windows 2000 clients connect to the ADS server fine, and will connect to > > the Samba server if you enter Username/Password. The 2000 server cannot > > connect to the Samba machine at all, even with the right username/pass. > > > > Is there a magic registry setting I'm missing? I've changed the > > Administrator password at least once. > > > > - -Tom > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.2-nr2 (Windows 2000) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > > > iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO > > F9F+8BTOPIyoybZBYIlCouU= > > =94FA > > -----END PGP SIGNATURE----- > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
