Shares broken / utilities broken -- GSS server Update(krb5)(1) Update failed:

Joe Comeaux joe.comeaux at
Thu Jun 28 10:40:31 MDT 2012

Hello list, 
what started out as an attempt to set up a secondary server to replicate the domain has crippled my original domain functionality. 
Authentication works correctly for the time being, but that's about it. Attempts to use windows AD utilities are met with windows Active Directory error dialox box 
"Naming information cannot be located because: 
Logon failure: unknown user name or bad password. 
Contact your system administrator to verify that your domain is properly configured and is currenlty online." 

Samba log on server prior to update was full of messages like this : 

[2012/06/26 15:21:40, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) 
/usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for ATLAS$@HOST.DOMAIN.SMB failed (Clients credentials have been revoked) 

An attempt to update the password for ATLAS was made using samba-tool command. ( this is what broke functionality I believe ) 
Last night upgrade from samba alpha 17 to samba beta 2 was done. ( configure.developer -> make -> make install ) 
readme recommended samba-tool dbcheck, many errors we found, re-ran samba-tool dbcheck --fix to fix all reported errors ( mostly missing GID's or something along those lines ) 

Unfortunately, since I joined the test samba server to the domain, attempts to upgradeprovision are met with errors due to multiple DC's. I can't access windows utilities to remove secondary server from domain. I copied files to another server to attempt to figure out how to remove server from directory manually, but those attempts to use ldbedit were met with errors about trying to remove linked attributes. 

Currently, my samba-4beta2 error log is getting spammed with this : 

GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find ATLAS$@HOST.DOMAIN.SMB(kvno 2) in keytab FILE:/usr/local/samba/private/secrets.keytab (arcfour-hmac-md5) 
[2012/06/28 11:10:11, 1] ../auth/gensec/spnego.c:574(gensec_spnego_parse_negTokenInit) 

I believe I need to recreate the host server entry in my kerberos keytab, and then resync that with what exists in the active directory, but I dont even know where to begin with fixing a problem like this. 
Any help / direction is appreciated. 

More information about the samba-technical mailing list