[Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
banda bassotti
bandabasotti at gmail.com
Tue Oct 8 19:35:19 UTC 2019
hello, today the following problem occurred:
[2019/10/08 09: 57: 23.568282, 1]
../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
gss_accept_sec_context failed with [Miscellaneous failure (see text):
Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
MEMORY: cifs_srv_keytab (arcfour-hmac-md5)]
in my smb.conf I have the lines:
kerberos method = dedicated keytab
dedicated keytab file = /etc/samba/fs.keytab
# net ads keytab list
Vno Type Principal
108 arcfour-hmac-md5 cifs/fs-sahre at dom.corp
108 des-cbc-md5 cifs/fs-sahre at dom.corp
108 des-cbc-crc cifs/fs-sahre at dom.corp
it worked for several days, to make it work I used ktutils and adding the
spn again to have 109.
my /etc/krb5.conf:
[Libdefaults]
default_realm = DOM.CORP
default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1
des3-cbc-sha1
allow_weak_crypto = true
dns_lookup_kdc = true
dns_lookup_realm = false
forwardable = true
proxiable = true
kdc_timesync = 1
debug = false
any help ? :)
More information about the samba
mailing list