SOLVED:
Error was on updateing an empty keytab file so:
1. delete keytab file
2. rejoin ads domain
I lost 3 days for 2 operations... silly me
sysadm writes:
I have a server with ubuntu 6.06 LTS with samba 3.0.23d (compiled against
heimdal krb5) and heimdal-clients0.7.1-1ubuntu3.
I have configured samba as a ADS domain member.
Problem is that when I want to access a samba share from a windows xp
domain member I am keep asked for user and password and
debug level 3 shows this on log.<workstation_name> :
...
[2006/11/30 12:42:15, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error
Decrypt integrity check failed
[2006/11/30 12:42:15, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [3] failed to decrypt with error
Decrypt integrity check failed
[2006/11/30 12:42:15, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
Ticket name is [EMAIL PROTECTED]
...
my smb.conf:
[global]
workgroup = APMC
realm = APMC.LOCAL
server string = %h server (Samba, Ubuntu)
dns proxy = no
interfaces = 127.0.0.1/255.0.0.0 192.168.0.0/255.255.255.0
10.1.0.0/255.255.0.0 10.101.0.0/255.255.0.0
hosts allow = 10.1. 127. 192.168.0. 192.168.1. 10.101.
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
use kerberos keytab = no
security = ADS
encrypt passwords = true
password server = pdc.apmc.local
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
load printers = no
socket options = TCP_NODELAY
idmap uid = 10000-20000
idmap gid = 10000-20000
[bks$]
browseable = yes
path = /bks
public = yes
writable = yes
write list = root, @'APMC\domain users'
<<<<
My krb5.conf
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
default_realm = APMC.LOCAL
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[domain_realms]
.apmc.local = APMC.LOCAL
apmc.local = APMC.LOCAL
[realms]
APMC.LOCAL = {
kdc = pdc.apmc.local
admin_server = pdc.apmc.local
default_domain = apmc.local
}
<<<<<
I have also tried samba package from ubuntu dapper distri and MIT krb5 but
with the same rezult.
Thank you.
-------------------------------------------------------------
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
-------------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-------------------------------------------------------------
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
-------------------------------------------------------------
-------------------------------------------------------------
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
-------------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
