[Samba] gpupdate - Failed to find DC1 in keytab
Ćukasz Sellmann
bravo.galaxy at gmail.com
Wed Feb 1 16:50:20 UTC 2017
Can someone help me with samba4 with internal dns. Something strange
showing in log.smbd when computers are doing gpupdate (becouse of this
error computers cant apply gpo)
log.smbd on DC1:
[2017/01/13 13:49:16.075361, 1]
../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure
(see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab
FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
[2017/01/13 13:49:16.075405, 1]
../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
klist on secrets.keytab:
Keytab name: FILE:/var/lib/samba/private/secrets.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc)
1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc)
1 DC1$@EXAMPLE.ORG (des-cbc-crc)
1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5)
1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5)
1 DC1$@EXAMPLE.ORG (des-cbc-md5)
1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac)
1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac)
1 DC1$@EXAMPLE.ORG (arcfour-hmac)
1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
Samba version: Version 4.3.11-Ubuntu with Internl_dns
DC1 - has correct DNS configuration
ping dc1 from computers - resolves to dc1 IP
Domain computers can connect to the domain with no problems and has correct
dns (dc1 ip)
samba-tool ntacl sysvolreset - not resolving problem
Tried to generate secrets.keytab but still no results
(https://wiki.samba.org/index.php/Keytab_Extraction)
Tried to samba-tool user setpassword dc1$ (pasword dumped from tdbdumb
secrets.tdb ) - not resolving problem.
What should i check to resolve this error ?
Please any suggestions,
Regards
Lukasz
More information about the samba
mailing list