[Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
Rowland penny
rpenny at samba.org
Tue Oct 8 19:58:09 UTC 2019
On 08/10/2019 20:35, banda bassotti via samba wrote:
> hello, today the following problem occurred:
>
> [2019/10/08 09: 57: 23.568282, 1]
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> gss_accept_sec_context failed with [Miscellaneous failure (see text):
> Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
> MEMORY: cifs_srv_keytab (arcfour-hmac-md5)]
>
> in my smb.conf I have the lines:
>
> kerberos method = dedicated keytab
> dedicated keytab file = /etc/samba/fs.keytab
>
> # net ads keytab list
> Vno Type Principal
> 108 arcfour-hmac-md5 cifs/fs-sahre at dom.corp
> 108 des-cbc-md5 cifs/fs-sahre at dom.corp
> 108 des-cbc-crc cifs/fs-sahre at dom.corp
>
> it worked for several days, to make it work I used ktutils and adding the
> spn again to have 109.
>
> my /etc/krb5.conf:
>
> [Libdefaults]
> default_realm = DOM.CORP
> default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
> arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1
> des3-cbc-sha1
> allow_weak_crypto = true
> dns_lookup_kdc = true
> dns_lookup_realm = false
> forwardable = true
> proxiable = true
> kdc_timesync = 1
> debug = false
>
> any help ? :)
Did you know that there is a keytab in memory ?
This should have given you a hint:
Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab MEMORY:
cifs_srv_keytab
What are you trying to do ?
Presumably mount something using kerberos.
Rowland
More information about the samba
mailing list