ADS - CIFS Server Single Sign On stopped working after upgrade from 3.2.4 to 4.5.11

Madhappan, Silambarasan silambarasan.madhappan at
Wed Dec 12 10:40:36 UTC 2018

Hi Team,

When upgrading CIFS Server from 3.2.4 to 4.5(it will be upgraded to 4.9 soon) in one setup, we are encountering below error while  accessing the share from win10 client .

[2018/11/29 15:39:43.489092,  1] ../source3/librpc/crypto/gse.c:498(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Checksum type hmac-sha1-96-aes256 is keyed, but the key type arcfour-hmac-md5 passed didn't have that checksum type as the keyed type]

Please find the set up information.

Samba/CIFS server : 4.5
KDC server:  RHEL 5 with MIT Kerberos 1.6.1
AD : Windows 10

That error is not seen when KDC server is based on MIT Kerberos 1.10 on Redhat

Please clarify below

1.       Is there any dependency on version of MIT Kerberos to be used as KDC. We are aware that there is a dependency on version of MIT to enable it during build (1.9 without ADDC, 1.15 for ADDC)

2.       Error is due to mismatch of checksum type and Key type. Can you please let me about what they correspond to (server or client or KDC) and in which scenarios that mismatch can occur

Thanks ,
Silambarasan M

More information about the samba-technical mailing list