[Samba] SOLVED(I hope): Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)
rawi
only4com at web.de
Mon Jan 16 17:07:35 UTC 2017
Samba - General mailing list wrote
>> [2017/01/11 16:42:34.522067, 1]
>> ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
>> gss_accept_sec_context failed with [ Miscellaneous failure (see text):
>> Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab
>> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>> [2017/01/11 16:42:34.522095, 1]
>> ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
>> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>
> Looks like: https://bugzilla.samba.org/show_bug.cgi?id=12262
Thank you Mark
but it doesn't feels the same to me...
In subsequent tests I wasn't able any more even to join. The first time was
a lucky one, woodoo.
I discovered, that the generated smb.conf was not enough for an AD-DC.
Despite having:
server role = active directory domain controller
... the default settings for:
domain logons = no (?)
domain master = auto (aka equally NO)
local master = yes
(not specifically mentioned in the generated smb.config)
... where enough for Windows7 and Windows8 (?), but not for Windows XP
After setting
domain master = YES
... I could join the WindowsXP and login.
I also added then (to be sure ;) domain logons = YES.
This seems now to work. I'll test tomorrow joins with another clients.
What remains, is the question, why a "server role = active directory domain
controller" doesn't enable "domain logons" by default?
Regards
rawi
--
View this message in context: http://samba.2283325.n4.nabble.com/Difficulties-with-Windows-XP-failed-to-find-cifs-fileserver-y-z-Y-Z-in-keytab-arcfour-hmac-md5-tp4713385p4713527.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list