[Samba] Debian 4.17.3 Kerberos/SPNEGO
samba at txschroeder.family
Fri Nov 25 16:33:40 UTC 2022
I've been following all the threads about Debian's samba 4.17.3+dfsg-1
and dfsg-2 to see if the answer for my broken shares would be revealed.
While similar, I haven't seen the exact same problem, so this may be an
Following is the history.
Debian bullseye 64-bit with 4.17.3+dfsg-1 from backports -- no problems,
and the shares keep working. It sounds like that is to be expected.
Debian bookworm 32-bit with 4.17.3+dfsg-1 -- all shares inaccessible,
but were restored by dfsg-2. Again, that seems to be expected.
Debian bookworm 64-bit with 4.17.3+dfsg-1 -- all shares inaccessible and
_not_ restored by dfsg-2. This, I did not expect. A simple kinit on
this system succeeds, however "net ads testjoin" results in the error
message below, while telling me the join is good.
> gse_get_client_auth_token: gss_init_sec_context failed with [
> Miscellaneous failure (see text): FAST fast response is missing
> FX-FAST (ldap/dc1.domain.realm.tld at DOMAIN.REALM.TLD)](2529639059)
> ads_sasl_spnego_bind: kinit succeeded but SPNEGO bind with Kerberos
> failed for ldap/dc1.domain.realm.tld - user[AM1100$],
> realm[DOMAIN.REALM.TLD]: The attempted logon is invalid. This is
> either due to a bad username or authentication information.
> Join is OK
Because of this weirdness, out of an abundance of caution, I have not
updated the bullseye 64-bit system, as that is where the most important
shares are located.
Has anyone seen this error before?
More information about the samba