On Fri, 3 Feb 2017 16:00:45 +0100 Łukasz Sellmann via samba <samba at lists.samba.org> wrote:> any ideas ? please i got stuck and have no ideas what else i can do > > > pozdrawiam > > Łukasz Sellmann > > 2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy at gmail.com>: > > > Can someone help me with samba4 with internal dns. Something strange > > showing in log.smbd when computers are doing gpupdate (becouse of > > this error computers cant apply gpo) > > > > log.smbd on DC1: > > > > [2017/01/13 13:49:16.075361, > > 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update) > > GSS server Update(krb5)(1) Update failed: Miscellaneous failure > > (see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab > > FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) > > [2017/01/13 13:49:16.075405, > > 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) > > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE > > > > > > klist on secrets.keytab: > > > > Keytab name: FILE:/var/lib/samba/private/secrets.keytab > > KVNO Principal > > ---- > > -------------------------------------------------------------------------- > > 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc) 1 > > HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc) 1 DC1$@EXAMPLE.ORG > > (des-cbc-crc) 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5) > > 1 DC1$@EXAMPLE.ORG (des-cbc-md5) > > 1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac) > > 1 DC1$@EXAMPLE.ORG (arcfour-hmac) > > 1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96) > > 1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96) > > 1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96) > > 1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96) > > > > > > Samba version: Version 4.3.11-Ubuntu with Internl_dns > > > > DC1 - has correct DNS configuration > > > > ping dc1 from computers - resolves to dc1 IP > > > > Domain computers can connect to the domain with no problems and has > > correct dns (dc1 ip) > > > > samba-tool ntacl sysvolreset - not resolving problem > > > > Tried to generate secrets.keytab but still no results > > > > (https://wiki.samba.org/index.php/Keytab_Extraction) > > > > Tried to samba-tool user setpassword dc1$ (pasword dumped from > > tdbdumb secrets.tdb ) - not resolving problem. > > > > What should i check to resolve this error ? > > > > Please any suggestions, > > > > > > Regards > > Lukasz > >Have checked permissions on the keytab ? Rowland
yes, permissions are set as default by apt package instalator> ls -al > -rw------- 1 root root 1082 sty 13 23:25 secrets.keytabsamba,smbd deamons have run as root user> > log.smbd on DC1: > > > > [2017/01/13 13:49:16.075361, > > 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update) > > GSS server Update(krb5)(1) Update failed: Miscellaneous failure > > (see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab > > FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) > > [2017/01/13 13:49:16.075405, > > 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) > > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE > > > > > > klist on secrets.keytab: > > > > Keytab name: FILE:/var/lib/samba/private/secrets.keytab > > KVNO Principal > > ---- > > --------------------------------------------------------------------------> > 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-crc) 1 > > HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-crc) 1 DC1$@EXAMPLE.ORG > > (des-cbc-crc) 1 HOST/dc1 at EXAMPLE.ORG (des-cbc-md5) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (des-cbc-md5) > > 1 DC1$@EXAMPLE.ORG (des-cbc-md5) > > 1 HOST/dc1 at EXAMPLE.ORG (arcfour-hmac) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (arcfour-hmac) > > 1 DC1$@EXAMPLE.ORG (arcfour-hmac) > > 1 HOST/dc1 at EXAMPLE.ORG (aes128-cts-hmac-sha1-96) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (aes128-cts-hmac-sha1-96) > > 1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96) > > 1 HOST/dc1 at EXAMPLE.ORG (aes256-cts-hmac-sha1-96) > > 1 HOST/dc1.example.org at EXAMPLE.ORG (aes256-cts-hmac-sha1-96) > > 1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96) > > > > > > Samba version: Version 4.3.11-Ubuntu with Internl_dns > > > > DC1 - has correct DNS configuration > > > > ping dc1 from computers - resolves to dc1 IP > > > > Domain computers can connect to the domain with no problems and has > > correct dns (dc1 ip) > > > > samba-tool ntacl sysvolreset - not resolving problem > > > > Tried to generate secrets.keytab but still no results > > > > (https://wiki.samba.org/index.php/Keytab_Extraction) > > > > Tried to samba-tool user setpassword dc1$ (pasword dumped from > > tdbdumb secrets.tdb ) - not resolving problem.Have checked permissions on the keytab ?> > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Fri, 3 Feb 2017 16:55:20 +0100 Łukasz Sellmann via samba <samba at lists.samba.org> wrote:> yes, permissions are set as default by apt package instalator > > > ls -al > > -rw------- 1 root root 1082 sty 13 23:25 secrets.keytab > > samba,smbd deamons have run as root user >can you post the smb.conf, /etc/hosts, /etc/hostname, /etc/resolv.conf and /etc/krb5.conf. Can you also give us the hostname and ipaddress of the DC Rowland