ADS - CIFS Server Single Sign On stopped working after upgrade from 3.2.4 to 4.5.11
Madhappan, Silambarasan
silambarasan.madhappan at hpe.com
Wed Dec 12 10:40:36 UTC 2018
Hi Team,
When upgrading CIFS Server from 3.2.4 to 4.5(it will be upgraded to 4.9 soon) in one setup, we are encountering below error while accessing the share from win10 client .
[2018/11/29 15:39:43.489092, 1] ../source3/librpc/crypto/gse.c:498(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Checksum type hmac-sha1-96-aes256 is keyed, but the key type arcfour-hmac-md5 passed didn't have that checksum type as the keyed type]
Please find the set up information.
Samba/CIFS server : 4.5
KDC server: RHEL 5 with MIT Kerberos 1.6.1
AD : Windows 10
That error is not seen when KDC server is based on MIT Kerberos 1.10 on Redhat
Please clarify below
1. Is there any dependency on version of MIT Kerberos to be used as KDC. We are aware that there is a dependency on version of MIT to enable it during build (1.9 without ADDC, 1.15 for ADDC)
2. Error is due to mismatch of checksum type and Key type. Can you please let me about what they correspond to (server or client or KDC) and in which scenarios that mismatch can occur
Thanks ,
Silambarasan M
More information about the samba-technical
mailing list