[Samba] Failed to bind to uuid NT_STATUS_LOGON_FAILURE
Omnis ludis - games
sergey.gortinsc17 at gmail.com
Wed Jun 5 13:06:15 UTC 2024
I tried to replace the secrets.keytab file, but it didn't help solve the
problem somehow, the error is exactly the same, where else can something be
used? why does samba reject the computer's request to view drs showrepl?
maybe I need to somehow change the password of the domain controller myself?
ср, 5 июн. 2024 г. в 15:55, Christian Naumer <christian.naumer at greyfish.net
>:
> OK. You can see the file in /etc was updated the other one was not. So
> you can try to replace the
>
> /opt/reddc/private/secrets.keytab
>
> with the
>
> /etc/krb5.keytab
>
>
> But be aware that Samba also stores some "secrets" in other ldb files in
> the private dir. I am not that much of an expert to say that this will
> work. But now you AD is broken anyway.
>
>
> Regards
>
>
> Christian
>
> Am 05.06.24 um 14:50 schrieb Omnis ludis - game> klist -ke /etc/krb5.keytab
> > Keytab name: FILE:/etc/krb5.keytab
> > KVNO Principal
> > ----
> >
> --------------------------------------------------------------------------
> > 1 host/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 1 host/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 1 host/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 1 host/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 1 host/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 1 host/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 1 ldap/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 1 ldap/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 1 ldap/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 1 ldap/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 1 ldap/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 1 ldap/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 1 gc/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 1 gc/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 1 gc/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 1 gc/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 1 gc/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 1 gc/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom
> > (aes256-cts-hmac-sha1-96)
> > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom
> > (aes256-cts-hmac-sha1-96)
> > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom
> > (aes128-cts-hmac-sha1-96)
> > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom
> > (aes128-cts-hmac-sha1-96)
> > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom
> > (DEPRECATED:arcfour-hmac)
> > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom
> > (DEPRECATED:arcfour-hmac)
> > 1 restrictedkrbhost/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 1 restrictedkrbhost/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 1 restrictedkrbhost/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 1 restrictedkrbhost/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 1 restrictedkrbhost/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 1 restrictedkrbhost/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 1 DC1$@test.dom (aes256-cts-hmac-sha1-96)
> > 1 DC1$@test.dom (aes128-cts-hmac-sha1-96)
> > 1 DC1$@test.dom (DEPRECATED:arcfour-hmac)
> > 2 DC1$@test.dom (DEPRECATED:arcfour-hmac)
> > 2 DC1$@test.dom (aes128-cts-hmac-sha1-96)
> > 2 DC1$@test.dom (aes256-cts-hmac-sha1-96)
> > 2 host/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 host/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 host/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2 host/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 2 host/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 2 host/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 ldap/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2 ldap/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 2 ldap/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 2 ldap/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 2 gc/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 gc/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 gc/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2 gc/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 2 gc/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 2 gc/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom
> > (DEPRECATED:arcfour-hmac)
> > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom
> > (aes128-cts-hmac-sha1-96)
> > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom
> > (aes256-cts-hmac-sha1-96)
> > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom
> > (DEPRECATED:arcfour-hmac)
> > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom
> > (aes128-cts-hmac-sha1-96)
> > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom
> > (aes256-cts-hmac-sha1-96)
> > 2 restrictedkrbhost/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 restrictedkrbhost/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 restrictedkrbhost/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2 restrictedkrbhost/DC1 at test.dom (DEPRECATED:arcfour-hmac)
> > 2 restrictedkrbhost/DC1 at test.dom (aes128-cts-hmac-sha1-96)
> > 2 restrictedkrbhost/DC1 at test.dom (aes256-cts-hmac-sha1-96)
> > 2 HOST/dc1.test.dom/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 HOST/dc1.test.dom/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 HOST/dc1.test.dom/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2 HOST/dc1.test.dom/RED-SOFT at test.dom (DEPRECATED:arcfour-hmac)
> > 2 HOST/dc1.test.dom/RED-SOFT at test.dom (aes128-cts-hmac-sha1-96)
> > 2 HOST/dc1.test.dom/RED-SOFT at test.dom (aes256-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/RED-SOFT at test.dom (DEPRECATED:arcfour-hmac)
> > 2 ldap/dc1.test.dom/RED-SOFT at test.dom (aes128-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/RED-SOFT at test.dom (aes256-cts-hmac-sha1-96)
> > 2 GC/dc1.test.dom/test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 GC/dc1.test.dom/test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 GC/dc1.test.dom/test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2 HOST/dc1.test.dom/test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 HOST/dc1.test.dom/test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 HOST/dc1.test.dom/test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 2 ldap/dc1.test.dom/test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 2
> >
> E3514235-4B06-11D1-AB04-00C04FC2DCD2/7b51045d-a81d-457b-a74a-19ef609cb1fe/test.dom at test.dom
> (DEPRECATED:arcfour-hmac)
> > 2
> >
> E3514235-4B06-11D1-AB04-00C04FC2DCD2/7b51045d-a81d-457b-a74a-19ef609cb1fe/test.dom at test.dom
> (aes128-cts-hmac-sha1-96)
> > 2
> >
> E3514235-4B06-11D1-AB04-00C04FC2DCD2/7b51045d-a81d-457b-a74a-19ef609cb1fe/test.dom at test.dom
> (aes256-cts-hmac-sha1-96)
> > 2 ldap/7b51045d-a81d-457b-a74a-19ef609cb1fe._msdcs.test.dom at test.dom
> > (DEPRECATED:arcfour-hmac)
> > 2 ldap/7b51045d-a81d-457b-a74a-19ef609cb1fe._msdcs.test.dom at test.dom
> > (aes128-cts-hmac-sha1-96)
> > 2 ldap/7b51045d-a81d-457b-a74a-19ef609cb1fe._msdcs.test.dom at test.dom
> > (aes256-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/DomainDnsZones.test.dom at test.dom
> > (DEPRECATED:arcfour-hmac)
> > 2 ldap/dc1.test.dom/DomainDnsZones.test.dom at test.dom
> > (aes128-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/DomainDnsZones.test.dom at test.dom
> > (aes256-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/ForestDnsZones.test.dom at test.dom
> > (DEPRECATED:arcfour-hmac)
> > 2 ldap/dc1.test.dom/ForestDnsZones.test.dom at test.dom
> > (aes128-cts-hmac-sha1-96)
> > 2 ldap/dc1.test.dom/ForestDnsZones.test.dom at test.dom
> > (aes256-cts-hmac-sha1-96)
> >
> > klist -ke /opt/reddc/private/secrets.keytab
> > Keytab name: FILE:/opt/reddc/private/secrets.keytab
> > KVNO Principal
> > ----
> >
> --------------------------------------------------------------------------
> > 1 HOST/dc1 at test.dom (aes256-cts-hmac-sha1-96)
> > 1 HOST/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96)
> > 1 DC1$@test.dom (aes256-cts-hmac-sha1-96)
> > 1 HOST/dc1 at test.dom (aes128-cts-hmac-sha1-96)
> > 1 HOST/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96)
> > 1 DC1$@test.dom (aes128-cts-hmac-sha1-96)
> > 1 HOST/dc1 at test.dom (DEPRECATED:arcfour-hmac)
> > 1 HOST/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac)
> > 1 DC1$@test.dom (DEPRECATED:arcfour-hmac)
> >
> > It looks like it's been successful but mb problems kvno or something
> >
> > ср, 5 июн. 2024 г. в 15:41, Christian Naumer via samba
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>>:
> >
> > Am 05.06.24 um 14:33 schrieb Omnis ludis - games via samba:
> > > this is the only controller in the domain, it is on its own, yes,
> > I use
> > > krb5.keytab to log domain administrator accounts on the machine,
> > it seems
> > > to me there must be some way to defeat this and restore the
> > controller's
> > > functionality
> >
> > what does
> >
> > klist -ke
> >
> >
> > show?
> >
> > and is there "secrets.keytab" in the PRIVATE_DIR eg
> > "/usr/local/samba/private/" ?
> >
> > And is yes what does
> >
> > klist -ke secrets.keytab
> >
> >
> > show?
> >
> > Regards
> >
> >
> > Christian
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> > <https://lists.samba.org/mailman/options/samba>
> >
>
>
More information about the samba
mailing list