[Samba] Issue with Keytab memory
Rowland penny
rpenny at samba.org
Thu Jul 23 11:05:24 UTC 2020
On 23/07/2020 11:28, Georg.Biberger--- via samba wrote:
> Hello,
>
> I am using Samba as file server as member of a windows domain.
> Kerberos is configured with kerberos method = secrets and keytab
>
> Currently some (not all) users get issues when connecting to samba shares from windows.
> In the corresponding samba logs I found entries:
> ....
> [2020/07/23 12:08:06.697678, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/lpeda1.muc at EUROPE.BMW.CORP(kvno 26) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> [2020/07/23 12:08:06.698028, 1] ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> ...
>
> But when I run
> net ads keytab list| fgrep 26 | fgrep cifs/lpeda1.muc at EUROPE.BMW.CORP | fgrep aes256-cts-hmac-sha1-96
> I get the output
> 26 aes256-cts-hmac-sha1-96 cifs/lpeda1.muc at EUROPE.BMW.CORP<mailto:cifs/lpeda1.muc at EUROPE.BMW.CORP>
>
> So the entry is available in Kerberos keytab, but why does samba fail to find this entry? And why does it work for most users and only some users have this issue?
>
> I have restarted samba and cleared all caches, but this does not help.
>
> Kind regards
>
> Georg
'secrets and keytab' means look in secrets.tdb first, then in the system
keytab.
It looks like the required key isn't in the keytab.
What OS is this ?
What Samba version ?
Can you please post your smb.conf.
Rowland
More information about the samba
mailing list