ADS - CIFS Server Single Sign On stopped working after upgrade from 3.2.4 to 4.5.11

Silambarasan Madhappan silambarasan0109 at
Tue Jan 1 15:05:24 UTC 2019

Hi Team,

When upgrading CIFS Server from 3.2.4 to 4.5(it will be upgraded to 4.9
soon) in one setup, we are encountering below error while  accessing the
share from win10 client .

[2018/11/29 15:39:43.489092,  1]
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Checksum type hmac-sha1-96-aes256 is keyed, but the key type
arcfour-hmac-md5 passed didn't have that checksum type as the keyed type]

Please find the set up information.

Samba/CIFS server : 4.5

KDC server:  RHEL 5 with MIT Kerberos 1.6.1 AD : Windows 10

That error is not seen when KDC server is based on MIT Kerberos 1.10 on

Please clarify below

1.       Is there any dependency on version of MIT Kerberos to be used as
KDC. We are aware that there is a dependency on version of MIT to enable it
during build (1.9 without ADDC, 1.15 for ADDC)

2.       Error is due to mismatch of checksum type and Key type. Can you
please let me about what they correspond to (server or client or KDC) and
in which scenarios that mismatch can occur

Thanks ,

Silambarasan M

More information about the samba-technical mailing list