[Samba] Issue with Keytab memory

L.P.H. van Belle belle at bazuin.nl
Thu Jul 23 10:59:00 UTC 2020 

Try 

net ads keytab add_update_ads cifs/$(hostname -f) -U Administrator 
And i hope this is not your hostname : lpeda1.muc 
Because thats a domainname. 

Also make sure you check the resolving of the A and PTR records

Greetz, 

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Georg.Biberger--- via samba
> Verzonden: donderdag 23 juli 2020 12:29
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Issue with Keytab memory
> 
> Hello,
> 
> I am using Samba as file server as member of a windows domain.
> Kerberos is configured with        kerberos method = secrets 
> and keytab
> 
> Currently some (not all) users get issues when connecting to 
> samba shares from windows.
> In the corresponding samba logs I found entries:
> ....
> [2020/07/23 12:08:06.697678,  1] 
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
>   gss_accept_sec_context failed with [ Miscellaneous failure 
> (see text): Failed to find 
> cifs/lpeda1.muc at EUROPE.BMW.CORP(kvno 26) in keytab 
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> [2020/07/23 12:08:06.698028,  1] 
> ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenI
> nit_step)
>   gensec_spnego_server_negTokenInit_step: gse_krb5: parsing 
> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> ...
> 
> But when I run
> net ads keytab list| fgrep 26 | fgrep 
> cifs/lpeda1.muc at EUROPE.BMW.CORP | fgrep aes256-cts-hmac-sha1-96
> I get the output
> 26  aes256-cts-hmac-sha1-96                     
> cifs/lpeda1.muc at EUROPE.BMW.CORP<mailto:cifs/lpeda1.muc at EUROPE.
> BMW.CORP>
> 
> So the entry is available in Kerberos keytab, but why does 
> samba fail to find this entry? And why does it work for most 
> users and  only some users have this issue?
> 
> I have restarted samba and cleared all caches, but this does not help.
> 
> Kind regards
> 
> Georg
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list