[Samba] Unable to rejoin domain, LDAP error 50
kylo at kimpa.pl
kylo at kimpa.pl
Sun Apr 8 10:31:26 UTC 2018
>>> 2. KVNO mismatch - on the main DC
>>>
>>> [2018/04/03 14:36:46.822531,
>>> 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenInit)
>>> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>> [2018/04/03 14:36:46.968728,
>>> 1]
>>> ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
>>> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
>>> text): Failed to find DC$@DOMAIN.NET.PL(kvno 2) in keytab
>>> FILE:/usr/local/samba/private/secrets.keytab
>>> (aes256-cts-hmac-sha1-96)
>>>
>>> kvno DC
>>> DC at DOMAIN.NET.PL: kvno = 1
>>>
>>> Is there any other way to increase the key version to 2 than demote
>>> dc and rejoin domain? I was trying with the command:
>>> ktutil: add_entry -password -p DC$@DOMAIN.NET.PL -k 2 -e
>>> aes256-cts-hmac-sha1-96 but then I'm asking to enter password (or key
>>> with -key option in add_entry) - can I leave it empty, just hit enter
>>> key?
>>>
>>>
>>
>> You could try running 'samba_upgradeprovision', this will reset the
>> passwords:
>>
>> samba_upgradeprovision --realm=<YOUR REALM> -U Administrator
>>
>> NOTE: I have never had to do this, So I would urge you to backup
>> everything before trying it.
>>
>> However, the errors could be coming from something that is using stale
>> passwords, they may go away if you wait long enough or reboot
>> everything.
>>
>> Rowland
>
> I'll try it this weekend, making before full backup of my DC. I'm
> facing this error about KVNO mismatch at least three weeks (and I'm
> not sure where did it get from).
>
> Thank you for your assistance, I'll give you a feedback about
> samba_upgradeprovision.
>
> Regards,
> Kris
I should try this command sooner. Now I have made full backup and
something is missing:
[root at dc ~]# cd /opt/samba-4.7.6/bin
[root at dc bin]# ./samba_upgradeprovision --realm=DOMAIN.NET.PL -U
Administrator
Traceback (most recent call last):
File "./samba_upgradeprovision", line 36, in <module>
import ldb
I have the same output running the script from
/opt/samba-4.7.6/source4/scripting/bin/ directory.
OS is CentOS 6. Google returns nothing really special about it.
Any hint?
Regards,
Kris
More information about the samba
mailing list