[Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
Rowland penny
rpenny at samba.org
Tue Oct 29 09:48:24 UTC 2019
On 29/10/2019 08:22, banda bassotti wrote:
> Hi Rowland, I'm here again , as you suggested I created a CNAME for
> the old samba by pointing it to the new server but the problem persists:
>
> # host oldsamba
> oldsamba.domain.corp is an alias for newsamba.domain.corp.
> newsamba.domain.corp has address 10.0.0.5
>
> trying to access the share \\oldsamba\sharename
>
> [2019/10/29 09:13:08.710484, 1]
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see
> text): Failed to find cifs/OLDSAMBA at DOMAIN.CORP(kvno 112) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> [2019/10/29 09:13:08.710549, 1]
> ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> [2019/10/29 09:13:08.723547, 1]
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
>
> note the KVNO 112, up until yesterday it was looking for 111
>
OK, try adding the required SPN to 'newsamba':
samba-tool spn add cifs/OLDSAMBA at DOMAIN.CORP newsamba$
Rowland
More information about the samba
mailing list