Saludos / Best Regards
Pedro Dur�n Mu�oz
Hello Henrique
Actually I have the same problem as you. Firts I had tried an ADS w2k3 and Samba
3.0.2a integration without any success ( Only works IP NTML protocol, kerberos does
not works ( hostaname instead IP address)) . After I tried w2k and Samba 3.0.2a
integration and works fine. But I need an ADS w2k3 and Samba integration and for the
moment does not works. We need the Samba team help for solve this issue ASAP, Is it
possible for us Samba Team?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Estevam Henrique
Carvalho
Sent: Monday, April 19, 2004 1:59 PM
To: samba
Subject: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes
Hi people,
I have a Linux box running Samba 3.0.2a in ADS mode MIT Kerberos 1.3.3. My W2K e WXP
users can't access the linux box by netbios name, the only access that works is by IP
address, I know that's caused because access thought IP address don't make use of
Kerberos. The most strange for me it's that the same environment works fine with a W2K
Active Directory, I read in same list the problem was the kerberos 1.2.x, then I
changed to 1.3.3, but the problem remains.
I also have tried the following combinations of parameters in the krb5.conf
Test 1 - No permitted_enctypes
[libdefaults]
default_realm = HOME.EHC
# The following krb5.conf variables are only for MIT Kerberos.
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
#permitted_enctypes = des-cbc-crc des-cbc-md5
Result
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2004/04/18 10:38:34, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check
failed
[2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
[2004/04/18 10:38:34, 10] passdb/secrets.c:secrets_named_mutex_release(710)
secrets_named_mutex: released mutex for replay cache mutex
[2004/04/18 10:38:34, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2004/04/18 10:38:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
Test 2 - all enctypes that I know
[libdefaults]
default_realm = HOME.EHC
# The following krb5.conf variables are only for MIT Kerberos.
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
arcfour-hmac arcfour-hmac-exp arcfour-hmac-md5 des des-cbc-crc des-cbc-md4
des-cbc-md5 des-cbc-raw des-cbc-rawv des-hmac-sha1 des3-cbc-raw
des3-cbc-sha1 des3-cbc-sha1-kd des3-hmac-sha1 rc4-hmac
Result
2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [24] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check
failed
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 3] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check
failed
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [4] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [8] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [6] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] libads/kerberos_verify.c:ads_verify_ticket(323)
ads_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type
[2004/04/18 10:40:10, 10] passdb/secrets.c:secrets_named_mutex_release(710)
secrets_named_mutex: released mutex for replay cache mutex
[2004/04/18 10:40:10, 3] libads/kerberos_verify.c:ads_verify_ticket(330)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2004/04/18 10:40:10, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
Could anybody help me ?
Does anybody have a list of MIT Kerberos 1.3.3 enctypes ?
Does anybody know what are the enctypes for Windows 2003 Active Directory ?
What does mean "...failed to decrypt with error Decrypt integrity check failed" in the
enctype 3 ?
Thanks
Estevam Henrique
=========================================================
Esta mensagem pode conter informacao confidencial e/ou privilegiada. Se voce nao for o
destinatario ou a pessoa autorizada a receber esta mensagem, nao devera utilizar,
copiar, alterar, divulgar a informacao nela contida ou tomar qualquer acao baseada
nessas informacoes. Se voce recebeu esta mensagem por engano, por favor avise
imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua
cooperacao.
This message may contain confidential and/or privileged information. If you are not
the addressee or authorized to receive this for the addressee, you must not use, copy,
disclose, change, take any action based on this message or any information herein. If
you have received this message in error, please advise the sender immediately by reply
e-mail and delete this message. Thank you for your cooperation.
=========================================================
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
