[Samba] Domain admin can't access share on samba dm-server
Rowland Penny
rpenny at samba.org
Tue Jan 11 10:05:59 UTC 2022
On Tue, 2022-01-11 at 08:24 +0100, Stefan G. Weichinger via samba
wrote:
> Am 30.12.21 um 19:34 schrieb Rowland Penny via samba:
> > On Wed, 2021-12-29 at 13:03 +0100, Stefan G. Weichinger via samba
> > wrote:
> > > windows2019 server, logged in as domain admin
> > >
> > > accessing \\pre01svdeb01 fails, I see this in the samba logs:
> > >
> > > [2021/12/29 12:57:54.754005, 1]
> > > ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit
> > > _ste
> > > p)
> > > gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
> > > NEG_TOKEN_INIT content failed (next[(null)]):
> > > NT_STATUS_LOGON_FAILURE
> > > [2021/12/29 12:57:54.769715, 1]
> > > ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token)
> > > gss_accept_sec_context failed with [ Miscellaneous failure
> > > (see
> > > text): Failed to find cifs/pre01svdeb01 at mydom.AT(kvno 5) in
> > > keytab
> > > MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> >
> > OK, I went back to the start of this thread and reread it and we
> > all
> > missed it, everyone has been looking at the wrong keytab. The
> > correct
> > keytab is in MEMORY and I do not know of any way of reading that
> > one.
> >
> > I would restart the computer and see if this fixes the problem. If
> > you
> > have already tried this, leave the domain and then join it again,
> > hopefully this should create a new keytab in memory.
>
> Only found your reply now (late), sorry. Rebooting the windows server
> is
> possible in the evening, rebooting the file server has to wait until
> I
> am on site later this week.
>
> You want me to (maybe) un/re-join the samba DM server, not the
> Windows
> server, right?
I am suggesting that you reboot the Unix domain member and if that
doesn't work, make the Unix domain member leave then rejoin the domain.
Rowland
More information about the samba
mailing list