[Samba] Domain admin can't access share on samba dm-server

Rowland Penny rpenny at samba.org
Thu Dec 30 18:34:37 UTC 2021

On Wed, 2021-12-29 at 13:03 +0100, Stefan G. Weichinger via samba
> windows2019 server, logged in as domain admin
> accessing \\pre01svdeb01 fails, I see this in the samba logs:
> [2021/12/29 12:57:54.754005,  1] 
> ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_ste
> p)
>    gensec_spnego_server_negTokenInit_step: gse_krb5: parsing 
> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> [2021/12/29 12:57:54.769715,  1] 
> ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token)
>    gss_accept_sec_context failed with [ Miscellaneous failure (see 
> text): Failed to find cifs/pre01svdeb01 at mydom.AT(kvno 5) in keytab 
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]

OK, I went back to the start of this thread and reread it and we all
missed it, everyone has been looking at the wrong keytab. The correct
keytab is in MEMORY and I do not know of any way of reading that one.

I would restart the computer and see if this fixes the problem. If you
have already tried this, leave the domain and then join it again,
hopefully this should create a new keytab in memory.


More information about the samba mailing list