[Samba] gpupdate - Failed to find DC1 in keytab

Łukasz Sellmann bravo.galaxy at gmail.com
Fri Feb 3 15:00:45 UTC 2017 

any ideas ? please i got stuck and have no ideas what else i can do


pozdrawiam

Łukasz Sellmann

2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy at gmail.com>:

> Can someone help me with samba4 with internal dns. Something strange
> showing in log.smbd when computers are doing gpupdate (becouse of this
> error computers cant apply gpo)
>
> log.smbd on DC1:
>
> [2017/01/13 13:49:16.075361,  1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
>       GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
>     [2017/01/13 13:49:16.075405,  1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
>       SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>
>
> klist on secrets.keytab:
>
> Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
>    1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc)
>    1 DC1$@EXAMPLE.ORG (des-cbc-crc)
>    1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5)
>    1 DC1$@EXAMPLE.ORG (des-cbc-md5)
>    1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac)
>    1 DC1$@EXAMPLE.ORG (arcfour-hmac)
>    1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
>    1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
>    1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
>    1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
>
>
> Samba version: Version 4.3.11-Ubuntu with Internl_dns
>
> DC1 - has correct DNS configuration
>
> ping dc1 from computers - resolves to dc1 IP
>
> Domain computers can connect to the domain with no problems and has
> correct dns (dc1 ip)
>
> samba-tool ntacl sysvolreset - not resolving problem
>
> Tried to generate secrets.keytab but still no results
>
> (https://wiki.samba.org/index.php/Keytab_Extraction)
>
> Tried to samba-tool user setpassword dc1$ (pasword dumped from tdbdumb
> secrets.tdb ) - not resolving problem.
>
> What should i check to resolve this error ?
>
> Please any suggestions,
>
>
> Regards
> Lukasz
>

More information about the samba mailing list