regenerating secrets.keytab
Andrew Bartlett
abartlet at samba.org
Fri Sep 3 14:42:26 MDT 2010
On Fri, 2010-09-03 at 10:51 -0400, Aaron Solochek wrote:
> Perhaps I spoke too soon. The upgradeprovision did solve the problem of
> me being unable to join a computer to the domain, and things are no
> longer _completely_ broken, but when I run samba in debug mode I am
> still seeing lots of these:
>
> GSS Update(krb5)(1) Update failed: Miscellaneous failure (see text):
> Failed to find FOO$@BAR.COM(kvno 6) in keytab
> FILE:/usr/local/samba/private/secrets.keytab (arcfour-hmac-md5)
>
> or
>
> GSS Update(krb5)(1) Update failed: Miscellaneous failure (see text):
> Failed to find FOO$@BAR.COM(kvno 1) in keytab
> FILE:/usr/local/samba/private/secrets.keytab (arcfour-hmac-md5)
>
> So it seems that somewhere something is still trying to authenticate
> with old versions of those keys. Would this be client machines with
> stale tickets or something?
Yeah, that's what it is. Reboot those clients or wait 12 hours and it
should go away.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100904/ff7edb04/attachment.pgp>
More information about the samba-technical
mailing list