[Samba] migrated from gentoo to debian, DM throws errors ...
Rowland penny
rpenny at samba.org
Thu Sep 5 16:37:36 UTC 2019
On 05/09/2019 16:50, Stefan G. Weichinger via samba wrote:
> Am 05.09.19 um 17:37 schrieb Stefan G. Weichinger via samba:
>> Am 05.09.19 um 17:19 schrieb Stefan G. Weichinger via samba:
>>> what do I miss here:
>> update: maybe the reboot of the clients helped ... looks better now
>>
>>
>>
> Access works, but I still get
>
> [2019/09/05 17:49:41.888422, 1]
> ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> [2019/09/05 17:49:41.888521, 1]
> ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> [2019/09/05 17:49:41.899494, 1]
> ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
>
>
> thanks for any pointers
>
>
----->
<--------
That what you mean ? ;-)
You will probably have a keytab now '/etc/krb.keytab', the join should
have recreated it.
I take it that you are mounting the users homedirs and require the
'cifs' keytab to do this, I also take it that the computers short
hostname is 'samba'. You will need to check that the AD object for
'samba' has the 'cifs/SAMBA.noras.intra' SPN.
I would also find out just how the cifs mount is being done.
A Unix domain member does have a sam.ldb file, just not like the one on
a DC.
Rowland
More information about the samba
mailing list