[Samba] Issue with Keytab memory
L.P.H. van Belle
belle at bazuin.nl
Thu Jul 23 10:59:00 UTC 2020
net ads keytab add_update_ads cifs/$(hostname -f) -U Administrator
And i hope this is not your hostname : lpeda1.muc
Because thats a domainname.
Also make sure you check the resolving of the A and PTR records
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Georg.Biberger--- via samba
> Verzonden: donderdag 23 juli 2020 12:29
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Issue with Keytab memory
> I am using Samba as file server as member of a windows domain.
> Kerberos is configured with kerberos method = secrets
> and keytab
> Currently some (not all) users get issues when connecting to
> samba shares from windows.
> In the corresponding samba logs I found entries:
> [2020/07/23 12:08:06.697678, 1]
> gss_accept_sec_context failed with [ Miscellaneous failure
> (see text): Failed to find
> cifs/lpeda1.muc at EUROPE.BMW.CORP(kvno 26) in keytab
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> [2020/07/23 12:08:06.698028, 1]
> gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> But when I run
> net ads keytab list| fgrep 26 | fgrep
> cifs/lpeda1.muc at EUROPE.BMW.CORP | fgrep aes256-cts-hmac-sha1-96
> I get the output
> 26 aes256-cts-hmac-sha1-96
> cifs/lpeda1.muc at EUROPE.BMW.CORP<mailto:cifs/lpeda1.muc at EUROPE.
> So the entry is available in Kerberos keytab, but why does
> samba fail to find this entry? And why does it work for most
> users and only some users have this issue?
> I have restarted samba and cleared all caches, but this does not help.
> Kind regards
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba