[Samba] gpupdate - Failed to find DC1 in keytab
Łukasz Sellmann
bravo.galaxy at gmail.com
Fri Feb 3 15:00:45 UTC 2017
any ideas ? please i got stuck and have no ideas what else i can do
pozdrawiam
Łukasz Sellmann
2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy at gmail.com>:
> Can someone help me with samba4 with internal dns. Something strange
> showing in log.smbd when computers are doing gpupdate (becouse of this
> error computers cant apply gpo)
>
> log.smbd on DC1:
>
> [2017/01/13 13:49:16.075361, 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> [2017/01/13 13:49:16.075405, 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>
>
> klist on secrets.keytab:
>
> Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
> 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc)
> 1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc)
> 1 DC1$@EXAMPLE.ORG (des-cbc-crc)
> 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5)
> 1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5)
> 1 DC1$@EXAMPLE.ORG (des-cbc-md5)
> 1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac)
> 1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac)
> 1 DC1$@EXAMPLE.ORG (arcfour-hmac)
> 1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> 1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> 1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> 1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> 1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> 1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
>
>
> Samba version: Version 4.3.11-Ubuntu with Internl_dns
>
> DC1 - has correct DNS configuration
>
> ping dc1 from computers - resolves to dc1 IP
>
> Domain computers can connect to the domain with no problems and has
> correct dns (dc1 ip)
>
> samba-tool ntacl sysvolreset - not resolving problem
>
> Tried to generate secrets.keytab but still no results
>
> (https://wiki.samba.org/index.php/Keytab_Extraction)
>
> Tried to samba-tool user setpassword dc1$ (pasword dumped from tdbdumb
> secrets.tdb ) - not resolving problem.
>
> What should i check to resolve this error ?
>
> Please any suggestions,
>
>
> Regards
> Lukasz
>
More information about the samba
mailing list