[Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
banda bassotti
bandabasotti at gmail.com
Wed Oct 16 09:06:21 UTC 2019
Hi Rowland, I refer again after a week, perhaps missing an important piece
to the big picture: the error message appears ONLY when you access the
share using the netbios alias:
[Global]
workgroup = WG1
realm = DOM.CORP
netbios name = fs-a
netbios aliases = oldsamba
security = ADS
if you access the \\fs-a\sharename is ok if you access
\\oldsamba\sharename the logs report the absence of the kerberos ticket,
to overcome this I have to re-import the oldsamba keytab with ktutil.
ciao.
Il giorno mer 9 ott 2019 alle ore 09:16 Rowland penny via samba <
samba at lists.samba.org> ha scritto:
> On 09/10/2019 04:34, banda bassotti via samba wrote:
> > Rowland, it is not a problem of mount but of kerberso ticket:
> >
> > [2019/10/08 10:58:09.626059, 1]
> > ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> > gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
> NEG_TOKEN_INIT
> > content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> > [2019/10/08 10:58:09.634532, 1]
> > ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> > gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> > Failed to find cifs/dom.corp at DOM.CORP(kvno 109) in keytab
> > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> >
> > before 10:00 it used kvno (kerberos version number) 108 after 10:00 kvno
> > 109.
> >
> It looks like your kerberos ticket has expired and not been renewed, a
> new one has been created instead.
>
> However, the ticket is for 'cifs/dom.corp at DOM.CORP'
>
> You would normally only use such a ticket to mount something.
>
> I think you need to post your smb.conf
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list