Samba3/Win2k3/Kerberos Error

Derek T. Yarnell derek at cs.umd.edu
Mon Feb 23 13:34:30 EST 2004


OS: RHEL v.3 AS (samba 3.0.2, krb5-1.2.7)
ADS: Windows 2k3 in Native Mode

I cannot join the domain with this config (I get error 52, which I
understand is because of the 1.2.x version of kerberos)

I then re-compile kerberos, using krb5-1.3.1 and samba-3.0.2a to link
with the new version of kerberos. I can now join the domain correctly.
Then when starting the smbd server I get this (debug 10),

[2004/02/23 13:28:23, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
[2004/02/23 13:28:23, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2004/02/23 13:28:23, 3] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed
[2004/02/23 13:28:23, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2004/02/23 13:28:23, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
[2004/02/23 13:28:23, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type

So I think I need support for rc4-hmac (as I understand it) as the enc
type is 23. Now why is it having a problem with the Decrypt integrity
check failed?

Anyone have a suggestion? I have posted this to the samba list but they
don't seem to be any help at all with it.

-- 
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
derek at cs.umd.edu


More information about the Kerberos mailing list