[Samba] Issue with Keytab memory
Georg.Biberger at partner.bmw.de
Georg.Biberger at partner.bmw.de
Thu Jul 23 10:28:36 UTC 2020
Hello,
I am using Samba as file server as member of a windows domain.
Kerberos is configured with kerberos method = secrets and keytab
Currently some (not all) users get issues when connecting to samba shares from windows.
In the corresponding samba logs I found entries:
....
[2020/07/23 12:08:06.697678, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/lpeda1.muc at EUROPE.BMW.CORP(kvno 26) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
[2020/07/23 12:08:06.698028, 1] ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
...
But when I run
net ads keytab list| fgrep 26 | fgrep cifs/lpeda1.muc at EUROPE.BMW.CORP | fgrep aes256-cts-hmac-sha1-96
I get the output
26 aes256-cts-hmac-sha1-96 cifs/lpeda1.muc at EUROPE.BMW.CORP<mailto:cifs/lpeda1.muc at EUROPE.BMW.CORP>
So the entry is available in Kerberos keytab, but why does samba fail to find this entry? And why does it work for most users and only some users have this issue?
I have restarted samba and cleared all caches, but this does not help.
Kind regards
Georg
More information about the samba
mailing list