Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Samba problems (again)

Alex Lavrov.
Honored Contributor

Samba problems (again)

Hello,

After I reinstalled a server with RedHat ES3, I ran into a strange problem.

Samba is configured to work with a domain, binding went ok, but when I try \\server\public, a get this message in the log files:
[2007/07/05 20:09:22, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!

If I do \\\public, everything wirks fine.

Any ideas what can be done?

Thanx.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
6 REPLIES
Rob Leadbeater
Honored Contributor

Re: Samba problems (again)

Hi Alex,

Is the time synchronised properly between all the relevant servers...? I seem to recall the ticketing mechanism in Kerberos being picky about that...

Cheers,

Rob
Alex Lavrov.
Honored Contributor

Re: Samba problems (again)

Yep, I already cheked it. The difference is couple of seconds.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
Ivan Krastev
Honored Contributor

Re: Samba problems (again)

Try to add rc4-hmac algorithm in your KERB5.conf file.


regards,
ivan
Court Campbell
Honored Contributor

Re: Samba problems (again)

from:

http://www.wlug.org.nz/ActiveDirectoryKerberos

The solution was to remove (comment out just in case!) the following 3 lines from krb5.conf:

[libdefaults]
#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Steven E. Protter
Exalted Contributor

Re: Samba problems (again)

Shalom,

up2date the system to current.

Seems like a DNS inconsistency if what the system thinks it is versus what the domain says it is.

Shabbat Shalom Alex.

I'll check this Motzei Shabbat.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Alex Lavrov.
Honored Contributor

Re: Samba problems (again)

Hello,

Thanx for the replies. I will try them on Sunday and update this thread.


Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)