[Samba] Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)

rawi only4com at web.de
Thu Jan 12 11:53:07 UTC 2017

Ubuntu 16.04.1 LTS
Samba Version 4.3.11-Ubuntu


I'm still testing and trying to migrate from a NT4 domain to samba4 AD

With the test configuration: 

AD-DC + domain_member_file_server + Windows_8.1_client

all is working well, inclusive server profiles

But I have to migrate also some old WindowsXP_SP2 and Windows7

I could join the domain with the WindowsXP. I see it's record with

Trying to login with the WindowsXP I get an error on the
domain_member_file_server in the file <IP-address-of-client.log> saying:

[2017/01/11 16:42:34.522067,  1]
  gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2017/01/11 16:42:34.522095,  1]
[2017/01/11 16:42:34.525704,  1]
  WARNING: The "syslog only" option is deprecated
[2017/01/11 16:42:34.525743,  1]
  WARNING: The "syslog" option is deprecated

hg004.humgen.0zone at HUMGEN.0ZONE is the domain_member_file_server

It comes not that far, that the user name would be logged with an error...

No error on the AD-DC concerning the name of the client machine or test

Supposing some weak encryption of the old WindowsXP I tried on the
domain_member_file_server to put
allow_weak_crypto = true
...in it's krb5.conf, but with no success.

# net ads enctypes list hg004$
no msDS-SupportedEncryptionTypes attribute found

Did someone got around such a behavior?



View this message in context: http://samba.2283325.n4.nabble.com/Difficulties-with-Windows-XP-failed-to-find-cifs-fileserver-y-z-Y-Z-in-keytab-arcfour-hmac-md5-tp4713385.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list