[Samba] Failed to find [principal](kvno 4) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]

Rowland penny rpenny at samba.org
Fri Dec 27 18:11:12 UTC 2019 

On 27/12/2019 17:06, Jonathon Reinhart wrote:
> On Wed, Dec 18, 2019 at 9:52 AM Rowland penny via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
>     On 18/12/2019 14:34, Jonathon Reinhart wrote:
>     > On Wed, Dec 18, 2019 at 9:13 AM Rowland penny via samba
>     > <samba at lists.samba.org <mailto:samba at lists.samba.org>
>     <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>> wrote:
>     >
>     >     Problem is, and as I said, Samba  4.3.x is EOL as far as
>     Samba is
>     >     concerned and if you have found a bug in it, it is very, very
>     >     unlikely
>     >     to get fixed, unless it is still in a later, supported, Samba
>     >     version.
>     >
>     >
>     > Of course; I wouldn't expect any more patches for 4.3.x. I've dug
>     > through a lot of the code and most of it is identical to latest
>     > master. So to word it another way: I'm trying to see if this is a
>     > known bug that has been fixed since 4.3.x, or if this instance is
>     > highlighting a new unknown bug that could still exist in master.
>     >
>     > I understand your role on the list is a first line of response;
>     keeper
>     > of the gates sort of thing. Is there a more appropriate channel
>     where
>     > I can get some input from developers familiar with this part of
>     the code?
>
>     Yes and I am try to point you in the same direction that the other
>     Samba
>     team members will, upgrade and see if the 'bug' is still there. If it
>     is, then we will need log level 10 output etc and a bug report. Your
>     'bug' may have been fixed since 4.3.x and if it has been then your
>     problem will be gone, if it hasn't, then it will never get fixed in
>     4.3.x, but it should be in supported versions.
>
>     Rowland
>
>
> I updated to FreeNAS 11.1u7 which shows samba at "Version 
> 4.7.0-GIT-ea139bffada-FreeNAS".
>
> The issue persists just as it did on the old version.
>
> Can anyone answer my questions about the in-memory keytab? How can two 
> clients both use the same service principal name (and kvno) but one 
> can't be found in the keytab?
>
> Thanks,
> Jonathon

Not sure what is going on here, that Samba version appears to be a 
Freenas version (and is still EOL), but the release notes here: 
https://www.ixsystems.com/blog/library/freenas-11-2-u7/ clearly states 
that the Samba version is now 4.9.15 (which is still supported by Samba)

There are a few ways to mount a share with kerberos, how are you doing it ?

Whichever way, it usually relies on the server having an SPN in the 
format cifs/fqdn at REALM

If one client works and another doesn't, I would be checking to see if 
there are any differences between the clients.

If after all this, it still doesn't work and you are using a supported 
Samba version, then I would open a bug report, giving as much data as 
possible (log level 10 output, network traces etc)

Rowland

More information about the samba mailing list