Samba error: “Failed to verify incoming ticket!”

Posted by grigsby on March 8, 2009

I started having an issue with one of my samba servers. This particular server uses an AD controller for authentication. Today it stopped authenticating. A brief search found this error in the log.client_name log.

[2009/03/08 18:28:16, 1, pid=6667, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!

After a bit of research and more than a little digging in the source code (FLOSS FTW!!!) I found that this error message is related to a time difference between the client and server. This lead me to the fact that my NTP client was pointing to a server that had been removed from the network some time ago. A change to the NTP client and a forced time change and BAM, Samba is working again.

UPDATE: I forced the time change with the ntpdate command but I’ve just been informed that I could have used the AD controller itself using the following:

net time set -S ad_controller_name_OR_IP