[Samba] Domain admin can't access share on samba dm-server
Stefan G. Weichinger
lists at xunil.at
Tue Jan 11 07:24:00 UTC 2022
Am 30.12.21 um 19:34 schrieb Rowland Penny via samba:
> On Wed, 2021-12-29 at 13:03 +0100, Stefan G. Weichinger via samba
> wrote:
>> windows2019 server, logged in as domain admin
>>
>> accessing \\pre01svdeb01 fails, I see this in the samba logs:
>>
>> [2021/12/29 12:57:54.754005, 1]
>> ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_ste
>> p)
>> gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
>> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
>> [2021/12/29 12:57:54.769715, 1]
>> ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token)
>> gss_accept_sec_context failed with [ Miscellaneous failure (see
>> text): Failed to find cifs/pre01svdeb01 at mydom.AT(kvno 5) in keytab
>> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
>
> OK, I went back to the start of this thread and reread it and we all
> missed it, everyone has been looking at the wrong keytab. The correct
> keytab is in MEMORY and I do not know of any way of reading that one.
>
> I would restart the computer and see if this fixes the problem. If you
> have already tried this, leave the domain and then join it again,
> hopefully this should create a new keytab in memory.
Only found your reply now (late), sorry. Rebooting the windows server is
possible in the evening, rebooting the file server has to wait until I
am on site later this week.
You want me to (maybe) un/re-join the samba DM server, not the Windows
server, right?
More information about the samba
mailing list