[Samba] Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)

rawi only4com at web.de
Thu Jan 12 11:53:07 UTC 2017 

Ubuntu 16.04.1 LTS
Samba Version 4.3.11-Ubuntu

Hi

I'm still testing and trying to migrate from a NT4 domain to samba4 AD

With the test configuration: 

AD-DC + domain_member_file_server + Windows_8.1_client

all is working well, inclusive server profiles

But I have to migrate also some old WindowsXP_SP2 and Windows7

I could join the domain with the WindowsXP. I see it's record with
ldbsearch.

Trying to login with the WindowsXP I get an error on the
domain_member_file_server in the file <IP-address-of-client.log> saying:

>>>
[2017/01/11 16:42:34.522067,  1]
../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2017/01/11 16:42:34.522095,  1]
../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
  SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2017/01/11 16:42:34.525704,  1]
../lib/param/loadparm.c:1629(lpcfg_do_global_parameter)
  WARNING: The "syslog only" option is deprecated
[2017/01/11 16:42:34.525743,  1]
../lib/param/loadparm.c:1629(lpcfg_do_global_parameter)
  WARNING: The "syslog" option is deprecated
<<<

hg004.humgen.0zone at HUMGEN.0ZONE is the domain_member_file_server

It comes not that far, that the user name would be logged with an error...

No error on the AD-DC concerning the name of the client machine or test
user.

Supposing some weak encryption of the old WindowsXP I tried on the
domain_member_file_server to put
allow_weak_crypto = true
...in it's krb5.conf, but with no success.

ON THE AD-DC
# net ads enctypes list hg004$
no msDS-SupportedEncryptionTypes attribute found

Did someone got around such a behavior?

Thanks

rawi




--
View this message in context: http://samba.2283325.n4.nabble.com/Difficulties-with-Windows-XP-failed-to-find-cifs-fileserver-y-z-Y-Z-in-keytab-arcfour-hmac-md5-tp4713385.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list