Operating System - Linux
1748180 Members
3888 Online
108759 Solutions
New Discussion юеВ

Re: Samba problems (again)

 
Alex Lavrov.
Honored Contributor

Samba problems (again)

Hello,

After I reinstalled a server with RedHat ES3, I ran into a strange problem.

Samba is configured to work with a domain, binding went ok, but when I try \\server\public, a get this message in the log files:
[2007/07/05 20:09:22, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!

If I do \\\public, everything wirks fine.

Any ideas what can be done?

Thanx.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
6 REPLIES 6
Rob Leadbeater
Honored Contributor

Re: Samba problems (again)

Hi Alex,

Is the time synchronised properly between all the relevant servers...? I seem to recall the ticketing mechanism in Kerberos being picky about that...

Cheers,

Rob
Alex Lavrov.
Honored Contributor

Re: Samba problems (again)

Yep, I already cheked it. The difference is couple of seconds.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
Ivan Krastev
Honored Contributor

Re: Samba problems (again)

Try to add rc4-hmac algorithm in your KERB5.conf file.


regards,
ivan
Court Campbell
Honored Contributor

Re: Samba problems (again)

from:

http://www.wlug.org.nz/ActiveDirectoryKerberos

The solution was to remove (comment out just in case!) the following 3 lines from krb5.conf:

[libdefaults]
#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Steven E. Protter
Exalted Contributor

Re: Samba problems (again)

Shalom,

up2date the system to current.

Seems like a DNS inconsistency if what the system thinks it is versus what the domain says it is.

Shabbat Shalom Alex.

I'll check this Motzei Shabbat.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Alex Lavrov.
Honored Contributor

Re: Samba problems (again)

Hello,

Thanx for the replies. I will try them on Sunday and update this thread.


Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)