[Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab

banda bassotti bandabasotti at gmail.com
Tue Nov 5 13:58:37 UTC 2019


Rowland,obviously I didn't read your question otherwise I would have
answered you. sorry.


Il giorno mar 5 nov 2019 alle ore 13:55 Rowland penny via samba <
samba at lists.samba.org> ha scritto:

> On 05/11/2019 12:17, banda bassotti via samba wrote:
> > Luis,  ok I'v removed everything, step 1:
> >
> > KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P
>
> I have said this once already, but, I will try again ;-)
>
> You are creating a keytab, which may or may not be called /etc/krb5.keytab2
>
> > step2:
> > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
> > cifs/oldsamba.dom.corp at DOM.CORP
> > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
> > cifs/oldsamba at DOM.CORP
> > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
> > cifs/oldsamba$@DOM.CORP
> You then add to the keytab
> > test from windows machine:
> >
> > [2019/11/05 13:14:49.108879,  1]
> > ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> >    gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> > Failed to find cifs/oldsamba at DOM.CORP(kvno 113) in keytab
> > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>
> Then something reads the keytab in memory and cannot find the required
> SPN, or to put it another way, whatever is trying to find the SPN isn't
> reading the keytab you created above, it is reading the one in memory.
>
> I did ask just what you are doing, but never got an answer.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list