GSS Update(krb5)(1) Update failed

Andrew Bartlett abartlet at
Tue May 4 04:23:51 MDT 2010

On Tue, 2010-05-04 at 11:16 +0200, Marcel Ritter wrote:
> On 05/04/2010 06:58 AM, Rohit Rajan wrote:
> > Dear all,
> Hi,
> I'm seeing the same problems here:
> GSS Update(krb5)(1) Update failed:  Miscellaneous failure (see text):
> Failed to find S4-DC1$@LINEX.ORG(kvno 17) in keytab
> FILE:/var/lib/samba4/private/secrets.keytab (arcfour-hmac-md5)
> I guess the problem is not the missing entry, but the wrong
> KVNO (key version number):
> s4-dc1 # klist -ke FILE:/var/lib/samba4/private/secrets.keytab
> Keytab name: FILE:/var/lib/samba4/private/secrets.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>   18 S4-DC1$@LINEX.ORG (DES cbc mode with RSA-MD5)
>   18 S4-DC1$@LINEX.ORG (AES-256 CTS mode with 96-bit SHA-1 HMAC)
>   18 S4-DC1$@LINEX.ORG (Triple DES cbc mode with HMAC/sha1)
>   18 S4-DC1$@LINEX.ORG (ArcFour with HMAC/md5)
> However I have no idea where the request with a lower KVNO comes from :-(

Can you both describe your setups a bit more?

Also, check in particular the kvno in ms-ds-KeyVersionNumber of the
server object in the directory.  

I'll do my best to get to the bottom of this for you.


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list