ADS - CIFS Server Single Sign On stopped working after upgrade from 3.2.4 to 4.5.11
Silambarasan Madhappan
silambarasan0109 at gmail.com
Tue Jan 1 15:05:24 UTC 2019
Hi Team,
When upgrading CIFS Server from 3.2.4 to 4.5(it will be upgraded to 4.9
soon) in one setup, we are encountering below error while accessing the
share from win10 client .
[2018/11/29 15:39:43.489092, 1]
../source3/librpc/crypto/gse.c:498(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Checksum type hmac-sha1-96-aes256 is keyed, but the key type
arcfour-hmac-md5 passed didn't have that checksum type as the keyed type]
Please find the set up information.
Samba/CIFS server : 4.5
KDC server: RHEL 5 with MIT Kerberos 1.6.1 AD : Windows 10
That error is not seen when KDC server is based on MIT Kerberos 1.10 on
Redhat
Please clarify below
1. Is there any dependency on version of MIT Kerberos to be used as
KDC. We are aware that there is a dependency on version of MIT to enable it
during build (1.9 without ADDC, 1.15 for ADDC)
2. Error is due to mismatch of checksum type and Key type. Can you
please let me about what they correspond to (server or client or KDC) and
in which scenarios that mismatch can occur
Thanks ,
Silambarasan M
More information about the samba-technical
mailing list