[Samba] Samba 4.10 member: SMB login no longer working
L.P.H. van Belle
belle at bazuin.nl
Wed Aug 21 06:43:59 UTC 2019
Hai,
If did run : net ads changetrustpw
Then you did reset the "computer" password.
Can you post your smb.conf? ( of the problem member )
I suspect you mising parts like this.
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
# renew the kerberos ticket
winbind refresh tickets = yes
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Andrey Repin via samba
> Verzonden: dinsdag 20 augustus 2019 23:50
> Aan: Sven Schwedas; samba at lists.samba.org
> CC: Andrey Repin
> Onderwerp: Re: [Samba] Samba 4.10 member: SMB login no longer working
>
> Greetings, Sven Schwedas!
>
> > Overall domain architecture hasn't changed since my spring
> cleanup post
> > earlier (I did sort out the krb5 packages and logging
> settings, though).
>
> > To start the migration, I figured I'd first update the file servers,
> > since they're the least critical component. Upgrade 4.5 ???
> 4.8, 4.8 ???
> > 4.9, 4.9 ??? 4.10 seemed to work fine each step.
>
> > However, SMB logins either with smbclient or with Windows,
> Mac clients
> > no longer work, generating the following error message:
>
> >> [2019/06/26 11:24:13.015993, 3]
> ../../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_proces
> s_negprot)
> >> Selected protocol SMB2_10
> >> [2019/06/26 11:24:13.021148, 1]
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> >> gss_accept_sec_context failed with [ Miscellaneous
> failure (see text): Failed to find
> cifs/graz-file.ad.tao.at at AD.TAO.AT(kvno 100) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>
> I've stumbled upon similar error on my mail server.
>
> > gss_accept_sec_context failed with [ Miscellaneous failure
> (see text): Failed to find MXS$@ADS.CCENTER.LAN(kvno 44) in
> keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>
> Out of the blue the Dovecot stopped authorizing users. No
> system settings were
> changed, so I was sure it's some timed issue.
>
> `net ads testjoin` and `wbinfo -t` both check ok'.
>
> Googling the network, I've stumbled upon suggestion of
> https://bugzilla.samba.org/show_bug.cgi?id=12262 and attempted
> `net ads changetrustpw` on the domain member out of pure desperation.
> Strangely enough, it solved the issue.
>
>
> --
> With best regards,
> Andrey Repin
> Wednesday, August 21, 2019 0:40:41
>
> Sorry for my terrible english...
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list