[Samba] DM 3.6.25 -> 4.x
Stefan G. Weichinger
lists at xunil.at
Sat Jun 30 21:19:29 UTC 2018
Am 30.06.2018 um 21:37 schrieb Rowland Penny via samba:
> On Sat, 30 Jun 2018 21:02:57 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
>>
>> additional:
>>
>> the krb5.conf from the former admin, I assume it could or should be
>> boiled down:
>> # cat /etc/krb5.conf
>
> The standard one for Samba is just this:
>
> [libdefaults]
> default_realm = CUSTOMER.INTRA
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> There doesn't seem to be anything wrong with your smb.conf.
>
> Not sure if this is the 3.6.x machine or the 4.x.x,
It's a 4.7.7
> but which ever, I
> would leave the domain, stop Samba, remove all the .ldb & .tdb (they
> are probably in /var/lib/samba), delete /etc/krb5.keytab and then
> rejoin the domain and restart Samba. This should create a
> new /etc/krb5.keytab, check this contains the 'cifs' principals.
Did so until here.
> If
> it does, okay, if it doesn't, export a keytab on the DC with
> samba-tool with cifs/U1mycustomer.mycustomer.intra as the principal
> and copy this to the Unix domain member. Then use 'ktutil' to
> join /etc/krb5.keytab to the new keytab.
The DC is a windows machine, so no samba-tool there ...
Can I "pull" these infos somehow?
btw after above changes:
[2018/06/30 23:17:31.605837, 1]
../source3/librpc/crypto/gse.c:649(gse_get_server_auth_token)
gss_accept_sec_context failed with [Unspecified GSS failure. Minor
code may provide more information: Request ticket server
cifs/U1customer.customer.intra at customer.INTRA not found in keytab
(ticket kvno 277)]
(same as before)
# net ads keytab list
Vno Type Principal
2 DES cbc mode with CRC-32
host/u1customer.customer.intra at customer.INTRA
2 DES cbc mode with CRC-32 host/SAMBA at customer.INTRA
2 DES cbc mode with RSA-MD5
host/u1customer.customer.intra at customer.INTRA
2 DES cbc mode with RSA-MD5 host/SAMBA at customer.INTRA
2 AES-128 CTS mode with 96-bit SHA-1 HMAC
host/u1customer.customer.intra at customer.INTRA
2 AES-128 CTS mode with 96-bit SHA-1 HMAC host/SAMBA at customer.INTRA
2 AES-256 CTS mode with 96-bit SHA-1 HMAC
host/u1customer.customer.intra at customer.INTRA
2 AES-256 CTS mode with 96-bit SHA-1 HMAC host/SAMBA at customer.INTRA
2 ArcFour with HMAC/md5
host/u1customer.customer.intra at customer.INTRA
2 ArcFour with HMAC/md5 host/SAMBA at customer.INTRA
2 DES cbc mode with CRC-32 SAMBA$@customer.INTRA
2 DES cbc mode with RSA-MD5 SAMBA$@customer.INTRA
2 AES-128 CTS mode with 96-bit SHA-1 HMAC SAMBA$@customer.INTRA
2 AES-256 CTS mode with 96-bit SHA-1 HMAC SAMBA$@customer.INTRA
2 ArcFour with HMAC/md5 SAMBA$@customer.INTRA
hmm. no "cifs"
wouldn't "net ads keymap add" help as well?
> If needed, I can talk you through this ;-)
thank you ;-)
More information about the samba
mailing list