[Samba] Keytab MEMORY:cifs_srv_keytab is nonexistent or empty
Jeremy Monnet
jmonnet at gmail.com
Thu May 6 10:26:37 UTC 2021
Hello,
We have just upgraded a RHEL 7 to RHEL 8 virtual machine with samba
providing CIFS shares. We already had a hard time setting up sssd to
authenticate against the AD 2012R2 (we followed
https://access.redhat.com/solutions/5728591 )
Now our keytab is fine (enough fine to allow AD users to authenticate)
but we cannot mount samba CIFS shares, with this message in logs :
[2021/05/06 12:03:35.664983, 0]
../../lib/util/become_daemon.c:136(daemon_ready)
daemon_ready: daemon 'smbd' finished starting up and ready to serve
connections
[2021/05/06 12:04:04.508781, 0]
../../source3/librpc/crypto/gse.c:606(gse_init_server)
smb_gss_krb5_import_cred failed with [Unspecified GSS failure.
Minor code may provide more information: Keytab MEMORY:cifs_srv_keytab
is nonexistent or empty]
[2021/05/06 12:04:04.511756, 0]
../../source3/librpc/crypto/gse.c:606(gse_init_server)
smb_gss_krb5_import_cred failed with [Unspecified GSS failure.
Minor code may provide more information: Keytab MEMORY:cifs_srv_keytab
is nonexistent or empty]
smb.conf looks like :
[global]
kerberos method = secrets and keytab
template homedir = /home/%U@%D
template shell = /bin/bash
security = user
idmap config REALM : schema_mode = rfc2307
idmap config REALM : range = 500-999999
idmap config REALM : backend = ad
idmap config * : range = 10000000-10999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
[Share Tech]
path = /nfs
comment = partage nfs
read only = no
guest ok = no
public = yes
create mask = 0775
directory mask = 0775
valid users = @Groups
I haven't been able to figure what this issue might be ? In case
selinux would be implied I tried
https://www.linuxquestions.org/questions/linux-server-73/error-connecting-to-linux-samba-server-from-windows-clients-4175627094/
chcon -t smbd_tmp_t /var/tmp/host_0 with no success.
Thanks for your help,
Jeremy
More information about the samba
mailing list