GSS Update(krb5)(1) Update failed
Andrew Bartlett
abartlet at samba.org
Tue May 4 04:23:51 MDT 2010
On Tue, 2010-05-04 at 11:16 +0200, Marcel Ritter wrote:
> On 05/04/2010 06:58 AM, Rohit Rajan wrote:
> > Dear all,
> Hi,
>
> I'm seeing the same problems here:
>
> GSS Update(krb5)(1) Update failed: Miscellaneous failure (see text):
> Failed to find S4-DC1$@LINEX.ORG(kvno 17) in keytab
> FILE:/var/lib/samba4/private/secrets.keytab (arcfour-hmac-md5)
> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
> SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>
> I guess the problem is not the missing entry, but the wrong
> KVNO (key version number):
>
> s4-dc1 # klist -ke FILE:/var/lib/samba4/private/secrets.keytab
> Keytab name: FILE:/var/lib/samba4/private/secrets.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 18 S4-DC1$@LINEX.ORG (DES cbc mode with RSA-MD5)
> 18 S4-DC1$@LINEX.ORG (AES-256 CTS mode with 96-bit SHA-1 HMAC)
> 18 S4-DC1$@LINEX.ORG (Triple DES cbc mode with HMAC/sha1)
> 18 S4-DC1$@LINEX.ORG (ArcFour with HMAC/md5)
>
> However I have no idea where the request with a lower KVNO comes from :-(
Can you both describe your setups a bit more?
Also, check in particular the kvno in ms-ds-KeyVersionNumber of the
server object in the directory.
I'll do my best to get to the bottom of this for you.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100504/3324c860/attachment.pgp>
More information about the samba-technical
mailing list