[Samba] Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom at DOM) unknown

L.P.H. van Belle belle at bazuin.nl
Tue Sep 5 12:40:30 UTC 2017 

Ah.. I had a "member break down" ..  

Out of the blue,.. Kerberos problem, but pretty simple to fix. 

kinit Administrator 
Check your spn of the ad server with :  
samba-tool spn list DC_HOSTNAME$

Check keytab 
klist -ke /var/lib/samba/private/secrets.keytab

Can you check this. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven 
> Schwedas via samba
> Verzonden: dinsdag 5 september 2017 14:28
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Server GC/name.dom/dom is not registered 
> with our KDC: Miscellaneous failure (see text): Server 
> (GC/name/dom at DOM) unknown
> 
> Today's episode of "why is AD break", brought to you by:
> 
> > [2017/09/05 10:17:06.015617,  3] 
> ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update)
> >   Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not 
> registered with our 
> > KDC:  Miscellaneous failure (see text): Server 
> > (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown
> > [2017/09/05 10:17:06.015717,  0] 
> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
> >   Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for 
> > 
> ncacn_ip_tcp:192.168.17.66[1024,seal,krb5,target_hostname=bcffbad8-1ad
> > 
> d-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at,target_principal=GC/graz-dc-
> > 
> 1b.ad.tao.at/ad.tao.at,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc
> > 2dcd2/0x00000004,localaddress=192.168.16.213] 
> > NT_STATUS_INVALID_PARAMETER
> > [2017/09/05 10:17:06.015869,  4] 
> ../source4/dsdb/repl/drepl_notify.c:196(dreplsrv_notify_op_callback)
> >   dreplsrv_notify: Failed to send DsReplicaSync to 
> > bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at for 
> > DC=ad,DC=tao,DC=at - NT_STATUS_INVALID_PARAMETER : 
> WERR_INVALID_PARAM
> 
> The few google results for this seem to indicate DNS issues, 
> but I'm not sure where those should come from. The servers in 
> question resolve graz-dc-1b.ad.tao.at as well as 
> bcffbad8-1add-46b9-bf69-90e52c0f09ea._msdcs.ad.tao.at to the 
> correct IP.
> Same goes for _kerberos.* and the other SRV records in 
> _msdcs. and the AD domain itself.
> 
> Any ideas where else to look?
> 
> --
> Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, 
> Systemadministrator Mail/XMPP sven.schwedas at tao.at | Skype 
> sven.schwedas TAO Digital | Lendplatz 45 | A8020 Graz 
> https://www.tao-digital.at | Tel +43 680 301 7167
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list