Use case of samba-3.3.4 with CTDB support on RHEL5.3. Windows XP Pro users can map drives and use them without problem. smbclient can connect using kerberos tickets without problems. A business application that uses a UNC name and/or an already mapped drive connection fails attempting to do a connection setup. Attached are: smb.conf wireshark capture loglevel 10 log file Any pointers to help resolve this?
Created attachment 4230 [details] Network capture in PCAP format
Created attachment 4231 [details] Loglevel 10 log file.
Created attachment 4232 [details] smb.conf file (from one cluster node) - all nodes are identically configured.
Elevating priority because this problem is breaking application use. Feel free to reset the priority level.
The relevent part of the log is here: [2009/06/01 16:54:50, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(296) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed See this page: http://www.faqs.org/faqs/kerberos-faq/general/section-73.html "In general, this means that the encryption key stored in a keytab doesn't match the key stored in the KDC for a particular principal. As mentioned above, generating a new key will fix this problem. Note that you'll need to get rid of any old cached tickets by using kdestroy, otherwise the various Kerberos programs will continue to use an old ticket encrypted with the wrong encryption key." Jeremy.
Thanks. The problem was due to errant application behavior as a result of incorrect configuration. The matter has been fully resolved. Jeremy's feedback helped to locate the cause. - John T.