[Top] [All Lists]

[Samba] Kerberos pre-authentication failure with samba 3.0.22

Subject: [Samba] Kerberos pre-authentication failure with samba 3.0.22
From: "Holger Richter"
Date: Wed, 3 May 2006 16:21:34 +0200 CEST

I have a problem with the kerberos pre-authentication of samba against
a W2k Active Directory. It seems to work, but in the Windows event log
I can see many pre-authentication errors (error 0x19) of the samba
server. The server itself is a member of the Windows domain.

This is a part of smb.conf

        unix charset = ISO-8859-1
        display charset = ISO-8859-1
        workgroup = WKG
        realm = WKG.COM
        server string = SRV8XXX
        security = ADS
        auth methods = winbind
        client schannel = Yes
        server schannel = Yes
        password server = *

and krb5.conf:

        renew_lifetime = 1w
        ticket_lifetime = 1560
        default_tgs_enctypes = arcfour-hmac-md5
        default_tkt_enctypes = arcfour-hmac-md5
        permitted_enctypes = arcfour-hmac-md5
        kdc_req_checksum_type = -138
        ap_req_checksum_type = -138
        safe_checksum_type = -138
        dns_lookup_kdc = true
        dns_lookup_realm = true
        kdc_timesync = true
        proxiable = false
        forwardable = true

        default = FILE:/var/log/kdc.log

        krb4_get_tickets = false
        krb4_convert = false

Kerberos gets the information about realm and kdc server from DNS. If
I define realm and kdc server directly in krb5.conf I get the same
error. How can I tell MIT Kerberos to send the correct


To unsubscribe from this list go to the following URL and read the

<Prev in Thread] Current Thread [Next in Thread>
  • [Samba] Kerberos pre-authentication failure with samba 3.0.22, Holger Richter <=