[Samba] AD member server, some users suddenly can only connect to shares via ip address
nprice at gibb.co.za
Thu Apr 25 11:00:37 UTC 2019
I've got some 4.6.5 member servers (debian stretch) that have been
running flawlessly for many months. Suddenly a few users get a password
prompt when connecting to shares. But they can connect with the ip
address. (windows 7 and 10 clients). This happened on all of the member
servers at the same time.
The chances of getting the password prompt seem to increase if you are
on a different subnet, especially a remote one (WAN connection). There
are no firewalls between the subnets.
The key error seems to be this
gss_accept_sec_context failed with [ Miscellaneous failure (see
text): Failed to find cifs/pta-cluster.ad.gibb.co.za at AD.GIBB.CO.ZA(kvno
81) in keytab MEMORY:cifs_srv__keytab (aes256-cts-hmac-sha1-96)]
(pta-cluster.ad.gibb.co.za is the member server)
I'm guessing this is a kerberos keytab error. I am using the default
kerberos method in smb.conf.
dig and dig -x show the expected results, as do nslookup on the windows
My DC's are real Windows 2008 and 2012 servers.
More information about the samba