Hi again! After many many many tries I decided to restart with a frech AD Installation.
And now it works well! I think this was due to a corrupted KDC database. I think because of multiple bad uses of ktpass.exe (I needed this with nis_ldap). If you now some other solution to correct win2003 AD KDC without reinstalling AD, please, let me know! Le mer 11/08/2004 à 09:36, Christoph [EMAIL PROTECTED]@lists.samba.org a écrit : > Hi, > what's in your krb.conf? > AFAIR it should be realy minimalistic. (in fact mine doesn't even exist, > but i'm using a win2k server, not win2k3) > espacialy there shouldn't be settings for default encryption types. > Some persons reported these to produce problems. > And you definitly need a kerberos-version >=1.3.3 if you use > MIT-kerberos to get it working. > Hope it helps. > Christoph > > Raphael RIGNIER schrieb: > > > Hello list. > > > > I've got a problem using samba-3.0.4 (RedHat AS 3.0) > > the server is member of a Win2003 Active directory domain > > All stuff about krb5 seems to work correctly > > > > kinit [EMAIL PROTECTED] > > klist > > etc... > > > > net ads join -U administrator has worked well too > > > > But when any Windows client member of the domain try to connect to the > > server it asks me for a user/pass. > > > > here is the log. > > > > [2004/08/10 18:56:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) > > wct=12 flg2=0xc807 > > [2004/08/10 18:56:42, 2] smbd/sesssetup.c:setup_new_vc_session(608) > > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > > all old resources. > > [2004/08/10 18:56:42, 3] > > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) > > Doing spnego session setup > > [2004/08/10 18:56:42, 3] > > smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) > > NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] > > PrimaryDomain=[] > > [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) > > Got OID 1 2 840 48018 1 2 2 > > [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) > > Got OID 1 2 840 113554 1 2 2 > > [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(444) > > Got OID 1 3 6 1 4 1 311 2 2 10 > > [2004/08/10 18:56:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(447) > > Got secblob of size 1191 > > [2004/08/10 18:56:42, 3] libads/kerberos_verify.c:ads_verify_ticket(185) > > ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt > > integrity check failed > > [2004/08/10 18:56:43, 3] libads/kerberos_verify.c:ads_verify_ticket(193) > > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > > [2004/08/10 18:56:43, 1] smbd/sesssetup.c:reply_spnego_kerberos(174) > > Failed to verify incoming ticket! > > [2004/08/10 18:56:43, 3] smbd/error.c:error_packet(94) > > error string = Aucun fichier ou répertoire de ce type > > [2004/08/10 18:56:43, 3] smbd/error.c:error_packet(118) > > error packet at smbd/sesssetup.c(175) cmd=115 (SMBsesssetupX) > > NT_STATUS_LOGON_FAILURE > > [2004/08/10 18:56:43, 3] smbd/process.c:timeout_processing(1131) > > timeout_processing: End of file from client (client has disconnected). > > [2004/08/10 18:56:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > > [2004/08/10 18:56:43, 2] smbd/server.c:exit_server(572) > > Closing connections > > [2004/08/10 18:56:43, 3] smbd/connection.c:yield_connection(69) > > Yielding connection to > > [2004/08/10 18:56:44, 3] smbd/connection.c:yield_connection(76) > > yield_connection: tdb_delete for name failed with error Record does > > not exist. > > [2004/08/10 18:56:44, 3] smbd/server.c:exit_server(615) > > Server exit (normal exit) > > > > I'm not sure it's due to Win2k3 server because enc type [3] is > > des-cbc-md5. > > > > I definitiveley Don't know what's wrong! > > > > I have even tried to compile samba-3.0.5 and link with kerberos-1.3.4 > > without success. > > > > Any help would be appretciated. > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
