[Samba] DM 3.6.25 -> 4.x
Stefan G. Weichinger
lists at xunil.at
Sat Jun 30 18:55:35 UTC 2018
That domain member server worked fine for about 2 weeks until today.
Somehow the DNS-record didn't work anymore, I did a rejoin and added
some kerberos-related lines to smb.conf
# 2 lines old
winbind cache time = 10
winbind use default domain = yes
# new lines
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
created keytab, restarted etc
-
smbclient worked, right now I get:
# smbclient \\\\u1mycustomer\\IT -U sgw
Enter mycustomer\sgw's password:
gse_get_client_auth_token: gss_init_sec_context failed with [Unspecified
GSS failure. Minor code may provide more information: The ticket isn't
for us](2529638947)
SPNEGO(gse_krb5) login failed: NT_STATUS_LOGON_FAILURE
session setup failed: NT_STATUS_LOGON_FAILURE
-
[2018/06/30 20:53:32.297500, 1]
../source3/librpc/crypto/gse.c:649(gse_get_server_auth_token)
gss_accept_sec_context failed with [Unspecified GSS failure. Minor
code may provide more information: Request ticket server
cifs/U1mycustomer.mycustomer.intra at mycustomer.INTRA kvno 277 not found
in keytab; keytab is likely out of date]
[2018/06/30 20:53:32.372971, 1]
../source3/librpc/crypto/gse.c:649(gse_get_server_auth_token)
gss_accept_sec_context failed with [Unspecified GSS failure. Minor
code may provide more information: Request ticket server
cifs/U1mycustomer.mycustomer.intra at mycustomer.INTRA kvno 277 not found
in keytab; keytab is likely out of date]
-
# net ads keytab list
Vno Type Principal
8 DES cbc mode with CRC-32
cifs/U1mycustomer.mycustomer.intra at mycustomer.INTRA
8 DES cbc mode with RSA-MD5
cifs/U1mycustomer.mycustomer.intra at mycustomer.INTRA
8 AES-128 CTS mode with 96-bit SHA-1 HMAC
cifs/U1mycustomer.mycustomer.intra at mycustomer.INTRA
8 AES-256 CTS mode with 96-bit SHA-1 HMAC
cifs/U1mycustomer.mycustomer.intra at mycustomer.INTRA
8 ArcFour with HMAC/md5
cifs/U1mycustomer.mycustomer.intra at mycustomer.INTRA
-
I did some recreate of that keytab already (flush, create, restart samba
... in several combos)
hm
any advice?
More information about the samba
mailing list