[Samba] Error trying to access samba sharing using netbios name
Garcia JR
garciajr at gmail.com
Tue Jul 14 16:24:36 UTC 2020
am getting this error in smbd.log when user try to open Share from Windows
box:
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/mymember.my.domain.tld at MY.DOMAIN.TLD(kvno 58) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
I have made a research here in google and here in mail list before post
this message. I see some similar issues, where the solution seems adding
‘cifs/mymember.my.domain.tld at MY.DOMAIN.TLD’ to keytab file. In my case, it
was already there, as you can see below.
In error message I see it’s making reference to keno 58, in my keytab it’s
64, not sure if it’s related or not. Is there a way to reset keyfrom
memory? I tried to restart smbd and winbindd, but no luck.
The same shared can be acessed if use ip adress instead
###########################################
smb.conf
###########################################
[global]
netbios name = mymember
server string = File Server in %L
workgroup = accent
security = ADS
realm = MY.DOMAIN.TLD
password server = mad
encrypt passwords = true
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config *:backend = tdb
idmap config *:range = 5000-9999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-99999
max protocol = SMB2
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind cache time = 60
; misc options
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
time server = yes
; do not show files starting with dots
hide dot files = yes
; do not allow guest access, use only local system accounts
guest ok = no
; log (tam max log em kB)
log level = 1
#log level = 3 passdb:5 auth:10 winbind:10
log file = /var/log/samba/log.%L
max log size = 10000
debug timestamp = yes
#syslog = 1
remote announce = 192.168.0.0/24 172.16.170.0/24 192.168.150.0/24
172.17.0.0/24
remote browse sync = 192.168.0.0/24 192.168.150.0/24 172.16.170.0/24
172.17.0.0/24
hosts allow = 127.0.0.1 192.168.0.0/24 192.168.150.0/24 172.16.170.0/24
172.17.0.0/24
obey pam restrictions = no
###########################################
## KEY TAB FILE
$ klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
64 cifs/mymember.my.domain.tld at MY.DOMAIN.TLD (des-cbc-crc)
64 cifs/mymember at MY.DOMAIN.TLD (des-cbc-crc)
64 cifs/mymember.my.domain.tld at MY.DOMAIN.TLD (des-cbc-md5)
64 cifs/mymember at MY.DOMAIN.TLD (des-cbc-md5)
64 cifs/mymember.my.domain.tld at MY.DOMAIN.TLD (aes128-cts-hmac-sha1-96)
64 cifs/mymember at MY.DOMAIN.TLD (aes128-cts-hmac-sha1-96)
64 cifs/mymember.my.domain.tld at MY.DOMAIN.TLD (aes256-cts-hmac-sha1-96)
64 cifs/mymember at MY.DOMAIN.TLD (aes256-cts-hmac-sha1-96)
64 cifs/mymember.my.domain.tld at MY.DOMAIN.TLD (arcfour-hmac)
64 cifs/mymember at MY.DOMAIN.TLD (arcfour-hmac)
64 host/mymember.my.domain.tld at MY.DOMAIN.TLD (des-cbc-crc)
64 host/mymember at MY.DOMAIN.TLD (des-cbc-crc)
64 host/mymember.my.domain.tld at MY.DOMAIN.TLD (des-cbc-md5)
64 host/mymember at MY.DOMAIN.TLD (des-cbc-md5)
64 host/mymember.my.domain.tld at MY.DOMAIN.TLD (aes128-cts-hmac-sha1-96)
64 host/mymember at MY.DOMAIN.TLD (aes128-cts-hmac-sha1-96)
64 host/mymember.my.domain.tld at MY.DOMAIN.TLD (aes256-cts-hmac-sha1-96)
64 host/mymember at MY.DOMAIN.TLD (aes256-cts-hmac-sha1-96)
64 host/mymember.my.domain.tld at MY.DOMAIN.TLD (arcfour-hmac)
64 host/mymember at MY.DOMAIN.TLD (arcfour-hmac)
64 MYMEMBER$@MY.DOMAIN.TLD (des-cbc-crc)
64 MYMEMBER$@MY.DOMAIN.TLD (des-cbc-md5)
64 MYMEMBER$@MY.DOMAIN.TLD (aes128-cts-hmac-sha1-96)
64 MYMEMBER$@MY.DOMAIN.TLD (aes256-cts-hmac-sha1-96)
64 MYMEMBER$@MY.DOMAIN.TLD (arcfour-hmac)
--
Garcia
More information about the samba
mailing list