[Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab

Rowland penny rpenny at samba.org
Tue Nov 5 12:55:19 UTC 2019


On 05/11/2019 12:17, banda bassotti via samba wrote:
> Luis,  ok I'v removed everything, step 1:
>
> KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P

I have said this once already, but, I will try again ;-)

You are creating a keytab, which may or may not be called /etc/krb5.keytab2

> step2:
> # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
> cifs/oldsamba.dom.corp at DOM.CORP
> # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
> cifs/oldsamba at DOM.CORP
> # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
> cifs/oldsamba$@DOM.CORP
You then add to the keytab
> test from windows machine:
>
> [2019/11/05 13:14:49.108879,  1]
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
>    gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/oldsamba at DOM.CORP(kvno 113) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]

Then something reads the keytab in memory and cannot find the required 
SPN, or to put it another way, whatever is trying to find the SPN isn't 
reading the keytab you created above, it is reading the one in memory.

I did ask just what you are doing, but never got an answer.

Rowland






More information about the samba mailing list