[Samba] Domain admin can't access share on samba dm-server

Stefan G. Weichinger lists at xunil.at
Tue Jan 11 07:24:00 UTC 2022

Am 30.12.21 um 19:34 schrieb Rowland Penny via samba:
> On Wed, 2021-12-29 at 13:03 +0100, Stefan G. Weichinger via samba
> wrote:
>> windows2019 server, logged in as domain admin
>> accessing \\pre01svdeb01 fails, I see this in the samba logs:
>> [2021/12/29 12:57:54.754005,  1]
>> ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_ste
>> p)
>>     gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
>> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
>> [2021/12/29 12:57:54.769715,  1]
>> ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token)
>>     gss_accept_sec_context failed with [ Miscellaneous failure (see
>> text): Failed to find cifs/pre01svdeb01 at mydom.AT(kvno 5) in keytab
>> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> OK, I went back to the start of this thread and reread it and we all
> missed it, everyone has been looking at the wrong keytab. The correct
> keytab is in MEMORY and I do not know of any way of reading that one.
> I would restart the computer and see if this fixes the problem. If you
> have already tried this, leave the domain and then join it again,
> hopefully this should create a new keytab in memory.

Only found your reply now (late), sorry. Rebooting the windows server is 
possible in the evening, rebooting the file server has to wait until I 
am on site later this week.

You want me to (maybe) un/re-join the samba DM server, not the Windows 
server, right?

More information about the samba mailing list