[Samba] Samba 4.6.2 member server errors

me at tdiehl.org me at tdiehl.org
Thu Oct 26 05:09:00 UTC 2017


On Mon, 23 Oct 2017, Rowland Penny via samba wrote:

> Unless I missed it, you have never said what OS this is.

Centos 7.4

> You said this is the only Unix domain member exhibiting this problem,
> so you could try the windows fix, wipe the OS and start again ;-)
> Provided you use the same smb.conf as on the other Unix domain members,
> you should have no problems.
> Just back everything up and leave the domain:
> net ads leave -U Administrator

OK, so I removed the machine from the domain, uninstalled all of the
samba packages, cleaned up all of the tdb and ldb, etc. re-installed
the samba packages and joined the domain.

I am using the smb.conf I posted previously in this thread.

That seems to have gotten rid of the original error and winbind now goes to sleep.
However I now have a new error:

==> samba/ <==
[2017/10/26 00:24:12.116588,  1] ../source3/librpc/crypto/gse.c:646(gse_get_server_auth_token)
   gss_accept_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: Request ticket server cifs/vfs1.kmg.mydomain.com at KMG.MYDOMAIN.COM not found in keytab (ticket kvno 2)]

The above is showing up in the various samba logs for the machines that connect
to the server.

Given that there is no keytab on the machine, this error does not make any
sense to me. Is there supposed to be a keytab? I do not see anything about a
keytab in https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
that talks about a keytab.

Does anyone know how to fix this? I am still looking but so far Google has not
been helpful.


Tom			me at tdiehl.org

More information about the samba mailing list