thr3ads.net - samba - [Samba] gpupdate - Failed to find DC1 in keytab [Feb 2017]

If this information is useful, please help other people find it:
Share via:

Łukasz Sellmann

2017-Feb-01 16:50 UTC

[Samba] gpupdate - Failed to find DC1 in keytab

Can someone help me with samba4 with internal dns. Something strange
showing in log.smbd when computers are doing gpupdate (becouse of this
error computers cant apply gpo)

log.smbd on DC1:

[2017/01/13 13:49:16.075361,  1]
../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
      GSS server Update(krb5)(1) Update failed:  Miscellaneous failure
(see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab
FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
    [2017/01/13 13:49:16.075405,  1]
../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
      SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE


klist on secrets.keytab:

Keytab name: FILE:/var/lib/samba/private/secrets.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc)
   1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc)
   1 DC1$@EXAMPLE.ORG (des-cbc-crc)
   1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5)
   1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5)
   1 DC1$@EXAMPLE.ORG (des-cbc-md5)
   1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac)
   1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac)
   1 DC1$@EXAMPLE.ORG (arcfour-hmac)
   1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
   1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
   1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
   1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
   1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
   1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)


Samba version: Version 4.3.11-Ubuntu with Internl_dns

DC1 - has correct DNS configuration

ping dc1 from computers - resolves to dc1 IP

Domain computers can connect to the domain with no problems and has correct
dns (dc1 ip)

samba-tool ntacl sysvolreset - not resolving problem

Tried to generate secrets.keytab but still no results

(https://wiki.samba.org/index.php/Keytab_Extraction)

Tried to samba-tool user setpassword dc1$ (pasword dumped from tdbdumb
secrets.tdb ) - not resolving problem.

What should i check to resolve this error ?

Please any suggestions,


Regards
Lukasz

Łukasz Sellmann

2017-Feb-03 15:00 UTC

head link

[Samba] gpupdate - Failed to find DC1 in keytab

any ideas ? please i got stuck and have no ideas what else i can do


pozdrawiam

Łukasz Sellmann

2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy at gmail.com>:
> Can someone help me with samba4 with internal dns. Something strange
> showing in log.smbd when computers are doing gpupdate (becouse of this
> error computers cant apply gpo)
>
> log.smbd on DC1:
>
> [2017/01/13 13:49:16.075361,  1]
../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
>       GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see
text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab
FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
>     [2017/01/13 13:49:16.075405,  1]
../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
>       SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>
>
> klist on secrets.keytab:
>
> Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> KVNO Principal
> ----
--------------------------------------------------------------------------
>    1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc)
>    1 DC1$@EXAMPLE.ORG (des-cbc-crc)
>    1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5)
>    1 DC1$@EXAMPLE.ORG (des-cbc-md5)
>    1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac)
>    1 DC1$@EXAMPLE.ORG (arcfour-hmac)
>    1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
>    1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
>    1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
>    1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
>    1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
>
>
> Samba version: Version 4.3.11-Ubuntu with Internl_dns
>
> DC1 - has correct DNS configuration
>
> ping dc1 from computers - resolves to dc1 IP
>
> Domain computers can connect to the domain with no problems and has
> correct dns (dc1 ip)
>
> samba-tool ntacl sysvolreset - not resolving problem
>
> Tried to generate secrets.keytab but still no results
>
> (https://wiki.samba.org/index.php/Keytab_Extraction)
>
> Tried to samba-tool user setpassword dc1$ (pasword dumped from tdbdumb
> secrets.tdb ) - not resolving problem.
>
> What should i check to resolve this error ?
>
> Please any suggestions,
>
>
> Regards
> Lukasz
>

Rowland Penny

2017-Feb-03 15:22 UTC

head link

[Samba] gpupdate - Failed to find DC1 in keytab

On Fri, 3 Feb 2017 16:00:45 +0100
Łukasz Sellmann via samba <samba at lists.samba.org> wrote:
> any ideas ? please i got stuck and have no ideas what else i can do
> 
> 
> pozdrawiam
> 
> Łukasz Sellmann
> 
> 2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy at
gmail.com>:
> 
> > Can someone help me with samba4 with internal dns. Something strange
> > showing in log.smbd when computers are doing gpupdate (becouse of
> > this error computers cant apply gpo)
> >
> > log.smbd on DC1:
> >
> > [2017/01/13 13:49:16.075361,
> > 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
> > GSS server Update(krb5)(1) Update failed:  Miscellaneous failure
> > (see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab
> > FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> > [2017/01/13 13:49:16.075405,
> > 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
> > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
> >
> >
> > klist on secrets.keytab:
> >
> > Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> > KVNO Principal
> > ----
> >
--------------------------------------------------------------------------
> > 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc) 1
> > HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc) 1 DC1$@EXAMPLE.ORG
> > (des-cbc-crc) 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5)
> >    1 DC1$@EXAMPLE.ORG (des-cbc-md5)
> >    1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac)
> >    1 DC1$@EXAMPLE.ORG (arcfour-hmac)
> >    1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> >    1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> >    1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> >    1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> >    1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> >
> >
> > Samba version: Version 4.3.11-Ubuntu with Internl_dns
> >
> > DC1 - has correct DNS configuration
> >
> > ping dc1 from computers - resolves to dc1 IP
> >
> > Domain computers can connect to the domain with no problems and has
> > correct dns (dc1 ip)
> >
> > samba-tool ntacl sysvolreset - not resolving problem
> >
> > Tried to generate secrets.keytab but still no results
> >
> > (https://wiki.samba.org/index.php/Keytab_Extraction)
> >
> > Tried to samba-tool user setpassword dc1$ (pasword dumped from
> > tdbdumb secrets.tdb ) - not resolving problem.
> >
> > What should i check to resolve this error ?
> >
> > Please any suggestions,
> >
> >
> > Regards
> > Lukasz
> >
Have checked permissions on the keytab ?

Rowland

Reasonably Related Threads

Search for more reasonably related threads

samba - Feb 2017 - gpupdate - Failed to find DC1 in keytab

[Samba] gpupdate - Failed to find DC1 in keytab

[Samba] gpupdate - Failed to find DC1 in keytab

[Samba] gpupdate - Failed to find DC1 in keytab

Reasonably Related Threads