[Samba] Samba 4.10 member: SMB login no longer working
Andrey Repin
anrdaemon at yandex.ru
Tue Aug 20 21:50:20 UTC 2019
Greetings, Sven Schwedas!
> Overall domain architecture hasn't changed since my spring cleanup post
> earlier (I did sort out the krb5 packages and logging settings, though).
> To start the migration, I figured I'd first update the file servers,
> since they're the least critical component. Upgrade 4.5 → 4.8, 4.8 →
> 4.9, 4.9 → 4.10 seemed to work fine each step.
> However, SMB logins either with smbclient or with Windows, Mac clients
> no longer work, generating the following error message:
>> [2019/06/26 11:24:13.015993, 3] ../../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
>> Selected protocol SMB2_10
>> [2019/06/26 11:24:13.021148, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
>> gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/graz-file.ad.tao.at at AD.TAO.AT(kvno 100) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
I've stumbled upon similar error on my mail server.
> gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find MXS$@ADS.CCENTER.LAN(kvno 44) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Out of the blue the Dovecot stopped authorizing users. No system settings were
changed, so I was sure it's some timed issue.
`net ads testjoin` and `wbinfo -t` both check ok'.
Googling the network, I've stumbled upon suggestion of
https://bugzilla.samba.org/show_bug.cgi?id=12262 and attempted
`net ads changetrustpw` on the domain member out of pure desperation.
Strangely enough, it solved the issue.
--
With best regards,
Andrey Repin
Wednesday, August 21, 2019 0:40:41
Sorry for my terrible english...
More information about the samba
mailing list