additional note: # kinit sgw Password for sgw at customer.INTRA: # smbclient \\\\u1customer\\IT -U sgw -k SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/u1customer failed (next[(null)]): NT_STATUS_INVALID_PARAMETER SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT session setup failed: NT_STATUS_INVALID_PARAMETER (krb5.conf already reduced to minimum, btw) Does that point to some mismatching encryption stuff? I repeat: the same server worked for 2 weeks now ... without changes yesterday ...
On Sat, 30 Jun 2018 23:26:02 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> additional note: > > > # kinit sgw > Password for sgw at customer.INTRA: > > # smbclient \\\\u1customer\\IT -U sgw -k > SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/u1customer failed > (next[(null)]): NT_STATUS_INVALID_PARAMETER > SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT > session setup failed: NT_STATUS_INVALID_PARAMETER > > (krb5.conf already reduced to minimum, btw) > > Does that point to some mismatching encryption stuff? > > I repeat: the same server worked for 2 weeks now ... without changes > yesterday ... >Do you have access to the Windows DC ? If so, can you check if the computer (u1customer) has the required cifs SPN, if it doesn't exist, it will need to be added. Once you are sure it does exist, you can use 'net ads keytab add <principal>' to add it to /etc/krb5.keytab One of the problems I am trying to get my head round is this: ticket kvno 277 '277' ????? Rowland
Am 01.07.2018 um 11:04 schrieb Rowland Penny via samba:> Do you have access to the Windows DC ? > If so, can you check if the computer (u1customer) has the required cifs > SPN, if it doesn't exist, it will need to be added.I can talk to the windows-admin tmrw.> Once you are sure it does exist, you can use 'net ads keytab add > <principal>' to add it to /etc/krb5.keytab > > One of the problems I am trying to get my head round is this: > > ticket kvno 277 > > '277' ?????Don't ask *me* ;-) The message seems to have disappeared now. We will see tomorrow when ~30 users access the shares.