RE: [Samba] Failed to verify ticket ?

I have found that putting the port numbers after the server names seems =
to make things work better.

Example:

[realms]
TESTLAB.LOCAL =3D {
kdc =3D ADS.TESTLAB.LOCAL:88
admin_server =3D ADS.TESTLAB.LOCAL:749
default_domain =3D TESTLAB.LOCAL
}

[domain_realms]
.testlab.local =3D TESTLAB.LOCAL
testlab.local =3D TESTLAB.LOCAL

[appdefaults]
pam =3D {
debug =3D false
ticket_lifetime =3D 36000
renew_lifetime =3D 36000
forwardable =3D true
krb4_convert =3D false
}

Good Luck,
Steve Aden


Privileged/Confidential Information may be contained in this message. If =
you are not the addressee indicated in this message (or responsible for =
delivery of the message to such person), you may not copy or deliver =
this message to anyone. In such case, you should destroy this message =
and kindly notify the sender by reply email. Opinions, conclusions and =
other information contained in this message that do not relate to =
official business shall be understood as neither given nor endorsed by =
ITS

-----Original Message-----
From: Yohann Ferreira [mailto:bertram25@hotmail.com]=20
Sent: Wednesday, May 12, 2004 10:17 AM
To: samba@lists.samba.org
Subject: [Samba] Failed to verify ticket ?


Hi !

My problem is that :
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/05/12 16:07:59, 0] lib/util_sock.c:read_socket_data(342)
read_socket_data: recv failure for 4. Error =3D Connection reset by =
peer
[2004/05/12 16:07:59, 1] smbd/service.c:close_cnum(887)
saisie-srag (10.143.31.100) closed connection to service tmp

A w2k client can't log on my samba server.

Here's my krb5.conf :

[logging]
default =3D FILE:/var/log/kerberos/krb5libs.log
kdc =3D FILE:/var/log/kerberos/krb5kdc.log
admin_server =3D FILE:/var/log/kerberos/kadmind.log

[libdefaults]
ticket_lifetime =3D 24000
default_realm =3D DRAF.FC
default_tgs_enctypes =3D des-cbc-crc des-cbc-md5
default_tkt_enctypes =3D des-cbc-crc des-cbc-md5
permitted_enctypes =3D des-cbc-crc des-cbc-md5

#default_tgs_enctypes =3D des3-hmac-sha1 des-cbc-crc
#default_tkt_enctypes =3D des3-hmac-sha1 des-cbc-crc
#permitted_enctypes =3D des3-hmac-sha1 des-cbc-crc

dns_lookup_realm =3D false
dns_lookup_kdc =3D false
kdc_req_checksum_type =3D 2
checksum_type =3D 2
ccache_type =3D 1
forwardable =3D true
proxiable =3D true

[realms]
DRAF.FC =3D {
kdc =3D draffc3.draf.fc
default_domain =3D DRAFFCOMTE
}

[domain_realm]
.draf.fc =3D DRAF.FC

[kdc]
profile =3D /etc/kerberos/krb5kdc/kdc.conf

[pam]
debug =3D false
ticket_lifetime =3D 36000
renew_lifetime =3D 36000
forwardable =3D true
krb4_convert =3D false

[appdefaults]
pam =3D {
debug =3D true
ticket_lifetime =3D 36000
renew_lifetime =3D 36000
forwardable =3D true
krb4_convert =3D true
afs_cells =3D draffc3.draf.fc
hosts =3D draffc3.draf.fc
max_timeout =3D 30
timeout_shift =3D 2
initial_timeout =3D 1
}

[login]
krb4_convert =3D false
krb4_get_tickets =3D false

Any idea about my misconfiguration in Kerberos, everyone ?

Please, just answer me for that and I'll let you breath !

Thanks for reading

Bertram

__________________________________________________ _______________
Trouvez l'=E2me soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551

--=20
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba


__________________________________________________ ___
This message was content-scanned by IXC Shield=20
Powered by GatewayDefender - BG0a047a5d.00000001.mml
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba