[Samba] Issue with Keytab memory

Georg.Biberger at partner.bmw.de Georg.Biberger at partner.bmw.de
Thu Jul 23 10:28:36 UTC 2020


I am using Samba as file server as member of a windows domain.
Kerberos is configured with        kerberos method = secrets and keytab

Currently some (not all) users get issues when connecting to samba shares from windows.
In the corresponding samba logs I found entries:
[2020/07/23 12:08:06.697678,  1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/lpeda1.muc at EUROPE.BMW.CORP(kvno 26) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
[2020/07/23 12:08:06.698028,  1] ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
  gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE

But when I run
net ads keytab list| fgrep 26 | fgrep cifs/lpeda1.muc at EUROPE.BMW.CORP | fgrep aes256-cts-hmac-sha1-96
I get the output
26  aes256-cts-hmac-sha1-96                     cifs/lpeda1.muc at EUROPE.BMW.CORP<mailto:cifs/lpeda1.muc at EUROPE.BMW.CORP>

So the entry is available in Kerberos keytab, but why does samba fail to find this entry? And why does it work for most users and  only some users have this issue?

I have restarted samba and cleared all caches, but this does not help.

Kind regards


More information about the samba mailing list