I have found that putting the port numbers after the server names seems to make things
work better.
Example:
[realms]
TESTLAB.LOCAL = {
kdc = ADS.TESTLAB.LOCAL:88
admin_server = ADS.TESTLAB.LOCAL:749
default_domain = TESTLAB.LOCAL
}
[domain_realms]
.testlab.local = TESTLAB.LOCAL
testlab.local = TESTLAB.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Good Luck,
Steve Aden
Privileged/Confidential Information may be contained in this message. If you are not
the addressee indicated in this message (or responsible for delivery of the message to
such person), you may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply email. Opinions,
conclusions and other information contained in this message that do not relate to
official business shall be understood as neither given nor endorsed by ITS
-----Original Message-----
From: Yohann Ferreira [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 12, 2004 10:17 AM
To: [EMAIL PROTECTED]
Subject: [Samba] Failed to verify ticket ?
Hi !
My problem is that :
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:59, 0] lib/util_sock.c:read_socket_data(342)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/05/12 16:07:59, 1] smbd/service.c:close_cnum(887)
saisie-srag (10.143.31.100) closed connection to service tmp
A w2k client can't log on my samba server.
Here's my krb5.conf :
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DRAF.FC
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = des-cbc-crc des-cbc-md5
#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
DRAF.FC = {
kdc = draffc3.draf.fc
default_domain = DRAFFCOMTE
}
[domain_realm]
.draf.fc = DRAF.FC
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
afs_cells = draffc3.draf.fc
hosts = draffc3.draf.fc
max_timeout = 30
timeout_shift = 2
initial_timeout = 1
}
[login]
krb4_convert = false
krb4_get_tickets = false
Any idea about my misconfiguration in Kerberos, everyone ?
Please, just answer me for that and I'll let you breath !
Thanks for reading
Bertram
_________________________________________________________________
Trouvez l'�me soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
_____________________________________________________
This message was content-scanned by IXC Shield
Powered by GatewayDefender - BG0a047a5d.00000001.mml
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
