[Samba] gpupdate - Failed to find DC1 in keytab

Ɓukasz Sellmann bravo.galaxy at gmail.com
Fri Feb 3 15:55:20 UTC 2017 

yes, permissions are set as default by apt package instalator

> ls -al
> -rw------- 1 root root    1082 sty 13 23:25 secrets.keytab

samba,smbd deamons have run as root user

> > log.smbd on DC1:
> >
> > [2017/01/13 13:49:16.075361,
> > 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
> > GSS server Update(krb5)(1) Update failed:  Miscellaneous failure
> > (see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab
> > FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> > [2017/01/13 13:49:16.075405,
> > 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
> > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
> >
> >
> > klist on secrets.keytab:
> >
> > Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> > KVNO Principal
> > ----
> > ------------------------------------------------------------
--------------
> > 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc) 1
> > HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc) 1 DC1$@EXAMPLE.ORG
> > (des-cbc-crc) 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5)
> >    1 DC1$@EXAMPLE.ORG (des-cbc-md5)
> >    1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac)
> >    1 DC1$@EXAMPLE.ORG (arcfour-hmac)
> >    1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> >    1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> >    1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> >    1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> >
> >
> > Samba version: Version 4.3.11-Ubuntu with Internl_dns
> >
> > DC1 - has correct DNS configuration
> >
> > ping dc1 from computers - resolves to dc1 IP
> >
> > Domain computers can connect to the domain with no problems and has
> > correct dns (dc1 ip)
> >
> > samba-tool ntacl sysvolreset - not resolving problem
> >
> > Tried to generate secrets.keytab but still no results
> >
> > (https://wiki.samba.org/index.php/Keytab_Extraction)
> >
> > Tried to samba-tool user setpassword dc1$ (pasword dumped from
> > tdbdumb secrets.tdb ) - not resolving problem.


Have checked permissions on the keytab ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list