[Samba] gpo not applied a boot computer

David Jehin bedou210977 at gmail.com
Tue Feb 26 16:42:23 UTC 2019 

compiled samba version : 4.8.5  and my distribution is: debian stretch 9.6
I said that when I join the domain, restarting the machine takes the GPO,
the other restart does not take the gpo computer.
Thanks for your help

Le mar. 26 févr. 2019 à 17:11, Rowland Penny via samba <
samba at lists.samba.org> a écrit :

> On Tue, 26 Feb 2019 16:37:39 +0100
> David Jehin <bedou210977 at gmail.com> wrote:
>
> > THANK YOU FOR YOUR REPLY
> >
> > THE RESULT :
> > KVNO Principal
> > ----
> >
> --------------------------------------------------------------------------
> >    1 HOST/samba4 at FSS.LAN (des-cbc-crc)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
> >    1 SAMBA4$@FSS.LAN (des-cbc-crc)
> >    1 HOST/samba4 at FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
> >    1 SAMBA4$@FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4 at FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
> >    1 SAMBA4$@FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
> >    2 HOST/samba4 at FSS.LAN (des-cbc-crc)
> >    2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
> >    2 SAMBA4$@FSS.LAN (des-cbc-crc)
> >    2 HOST/samba4 at FSS.LAN (des-cbc-md5)
> >    2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
> >    2 SAMBA4$@FSS.LAN (des-cbc-md5)
> >    2 HOST/samba4 at FSS.LAN (arcfour-hmac)
> >    2 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
> >    2 SAMBA4$@FSS.LAN (arcfour-hmac)
> >    2 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    2 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    2 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
> >    2 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    2 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    2 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
> >    1 SAMBA4$@FSS.LAN (des-cbc-crc)
> >    1 HOST/samba4 at FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
> >    1 SAMBA4$@FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4 at FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
> >    1 SAMBA4$@FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
> >
> >
> > Le mar. 26 févr. 2019 à 16:22, Rowland Penny via samba <
> > samba at lists.samba.org> a écrit :
> >
> > > On Tue, 26 Feb 2019 15:57:03 +0100
> > > David Jehin via samba <samba at lists.samba.org> wrote:
> > >
> > > > Hello everyone
> > > > since now a certain time I pull my hair and do not understand the
> > > > source of my problem.
> > > > after a samba 3 pdc migration to samba 4.8.5 AD, when a windows
> > > > client starts the gpo computer is not applied to the boot.
> > > > in the windows logs there are 1058 GPO errors and server side
> > > > samba here are the logs:
> > > >
> > > >   GSS server Update (krb5) (1) Update failed: Miscellaneous
> > > > failure (see text): Failed to find SAMBA4$@FSS.LAN (kvno 2) in
> > > > keytab FILE: /var/lib/samba/private/secrets.keytab (arcfour
> > > > -hmac-md5) [2019/02/20 11: 20: 33.013351, 1]
> > > > ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> > > >    gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
> > > > NEG_TOKEN_INIT content failed (next [(null)]):
> > > > NT_STATUS_LOGON_FAILURE [2019/02/20 11: 20: 33.041913, 1]
> > > >
> ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> > > >
> > > > thank you again for your participation.
> > >
> > > What does this show:
> > >
> > > klist -e -k /var/lib/samba/private/secrets.keytab
> > >
> > > Rowland
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
>
> Well that shows that the keytab exists and contains the required
> enctypes for SAMBA4$@FSS.LAN at KVNO 2, what it doesn't have is
> '(arcfour -hmac-md5)' which, to be honest, I don't recognise.
>
> What distro is this running on ?
> Self compiled Samba or distro packages ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list