[Samba] migrated from gentoo to debian, DM throws errors ...
Stefan G. Weichinger
lists at xunil.at
Thu Sep 5 15:19:13 UTC 2019
what do I miss here:
wbinfo -u / -g -/ -pPt works
[2019/09/05 17:15:25.963590, 1]
../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
[2019/09/05 17:15:25.963681, 1]
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
[2019/09/05 17:15:25.973563, 1]
../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
We left and rejoined ...
FOund the hint to create keytab ?
https://wiki.samba.org/index.php/Generating_Keytabs
but the DM doesn't have a sam.ldb (seems to be correct ?)
-
smb.conf
:
[global]
unix charset = iso8859-15
security = ads
realm = NORAS.INTRA
workgroup = NORAS
netbios aliases = u1noras
server string = U1NORAS
winbind cache time = 10
winbind use default domain = yes
winbind refresh tickets = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
invalid users = root bin daemon adm sync shutdown halt mail news \
uucp
obey pam restrictions = yes
interfaces = 192.168.100.4/24 127.0.0.1
bind interfaces only = Yes
idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config NORAS : range = 10000-20000
idmap config NORAS : backend = rid
# For ACL support on domain member
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
inherit acls = yes
unix extensions = no
follow symlinks= yes
wide links= yes
load printers = no
printcap name = /dev/null
acl allow execute always = True
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir write pwrite rename unlink \
chmod fchmod chown fchown ftruncate
full_audit:facility = local5
full_audit:priority = notice
thanks for any help, I am 5hrs away from home and a bit struggling ;-)
More information about the samba
mailing list