[Samba] Samba 4.10 member: SMB login no longer working

L.P.H. van Belle belle at bazuin.nl
Wed Aug 21 06:43:59 UTC 2019


Hai, 

If did run : net ads changetrustpw 
Then you did reset the "computer" password. 

Can you post your smb.conf? ( of the problem member ) 
I suspect you mising parts like this. 

    kerberos method = secrets and keytab
    dedicated keytab file = /etc/krb5.keytab

    # renew the kerberos ticket
    winbind refresh tickets = yes


Greetz, 

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Andrey Repin via samba
> Verzonden: dinsdag 20 augustus 2019 23:50
> Aan: Sven Schwedas; samba at lists.samba.org
> CC: Andrey Repin
> Onderwerp: Re: [Samba] Samba 4.10 member: SMB login no longer working
> 
> Greetings, Sven Schwedas!
> 
> > Overall domain architecture hasn't changed since my spring 
> cleanup post
> > earlier (I did sort out the krb5 packages and logging 
> settings, though).
> 
> > To start the migration, I figured I'd first update the file servers,
> > since they're the least critical component. Upgrade 4.5 ??? 
> 4.8, 4.8 ???
> > 4.9, 4.9 ??? 4.10 seemed to work fine each step.
> 
> > However, SMB logins either with smbclient or with Windows, 
> Mac clients
> > no longer work, generating the following error message:
> 
> >> [2019/06/26 11:24:13.015993,  3] 
> ../../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_proces
> s_negprot)
> >>   Selected protocol SMB2_10
> >> [2019/06/26 11:24:13.021148,  1] 
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> >>   gss_accept_sec_context failed with [ Miscellaneous 
> failure (see text): Failed to find 
> cifs/graz-file.ad.tao.at at AD.TAO.AT(kvno 100) in keytab 
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> 
> I've stumbled upon similar error on my mail server.
> 
> > gss_accept_sec_context failed with [ Miscellaneous failure 
> (see text): Failed to find MXS$@ADS.CCENTER.LAN(kvno 44) in 
> keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> 
> Out of the blue the Dovecot stopped authorizing users. No 
> system settings were
> changed, so I was sure it's some timed issue.
> 
> `net ads testjoin` and `wbinfo -t` both check ok'.
> 
> Googling the network, I've stumbled upon suggestion of
> https://bugzilla.samba.org/show_bug.cgi?id=12262 and attempted
> `net ads changetrustpw` on the domain member out of pure desperation.
> Strangely enough, it solved the issue.
> 
> 
> -- 
> With best regards,
> Andrey Repin
> Wednesday, August 21, 2019 0:40:41
> 
> Sorry for my terrible english...
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list