thr3ads.net - samba - [Samba] gpo not applied a boot computer [Feb 2019]

If this information is useful, please help other people find it:
Share via:

David Jehin

2019-Feb-26 15:37 UTC

[Samba] gpo not applied a boot computer

THANK YOU FOR YOUR REPLY

THE RESULT :
KVNO Principal
----
--------------------------------------------------------------------------
   1 HOST/samba4 at FSS.LAN (des-cbc-crc)
   1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
   1 SAMBA4$@FSS.LAN (des-cbc-crc)
   1 HOST/samba4 at FSS.LAN (des-cbc-md5)
   1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
   1 SAMBA4$@FSS.LAN (des-cbc-md5)
   1 HOST/samba4 at FSS.LAN (arcfour-hmac)
   1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
   1 SAMBA4$@FSS.LAN (arcfour-hmac)
   1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
   1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
   1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
   1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
   1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
   1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
   2 HOST/samba4 at FSS.LAN (des-cbc-crc)
   2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
   2 SAMBA4$@FSS.LAN (des-cbc-crc)
   2 HOST/samba4 at FSS.LAN (des-cbc-md5)
   2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
   2 SAMBA4$@FSS.LAN (des-cbc-md5)
   2 HOST/samba4 at FSS.LAN (arcfour-hmac)
   2 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
   2 SAMBA4$@FSS.LAN (arcfour-hmac)
   2 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
   2 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
   2 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
   2 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
   2 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
   2 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
   1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
   1 SAMBA4$@FSS.LAN (des-cbc-crc)
   1 HOST/samba4 at FSS.LAN (des-cbc-md5)
   1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
   1 SAMBA4$@FSS.LAN (des-cbc-md5)
   1 HOST/samba4 at FSS.LAN (arcfour-hmac)
   1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
   1 SAMBA4$@FSS.LAN (arcfour-hmac)
   1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
   1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
   1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
   1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
   1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
   1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)


Le mar. 26 févr. 2019 à 16:22, Rowland Penny via samba <
samba at lists.samba.org> a écrit :
> On Tue, 26 Feb 2019 15:57:03 +0100
> David Jehin via samba <samba at lists.samba.org> wrote:
>
> > Hello everyone
> > since now a certain time I pull my hair and do not understand the
> > source of my problem.
> > after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client
> > starts the gpo computer is not applied to the boot.
> > in the windows logs there are 1058 GPO errors and server side samba
> > here are the logs:
> >
> >   GSS server Update (krb5) (1) Update failed: Miscellaneous failure
> > (see text): Failed to find SAMBA4$@FSS.LAN (kvno 2) in keytab FILE:
> > /var/lib/samba/private/secrets.keytab (arcfour -hmac-md5)
> > [2019/02/20 11: 20: 33.013351, 1]
> > ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> >    gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
> > NEG_TOKEN_INIT content failed (next [(null)]): NT_STATUS_LOGON_FAILURE
> > [2019/02/20 11: 20: 33.041913, 1]
> >
../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> >
> > thank you again for your participation.
>
> What does this show:
>
> klist -e -k /var/lib/samba/private/secrets.keytab
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Rowland Penny

2019-Feb-26 16:11 UTC

head link

[Samba] gpo not applied a boot computer

On Tue, 26 Feb 2019 16:37:39 +0100
David Jehin <bedou210977 at gmail.com> wrote:
> THANK YOU FOR YOUR REPLY
> 
> THE RESULT :
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>    1 HOST/samba4 at FSS.LAN (des-cbc-crc)
>    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
>    1 SAMBA4$@FSS.LAN (des-cbc-crc)
>    1 HOST/samba4 at FSS.LAN (des-cbc-md5)
>    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
>    1 SAMBA4$@FSS.LAN (des-cbc-md5)
>    1 HOST/samba4 at FSS.LAN (arcfour-hmac)
>    1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
>    1 SAMBA4$@FSS.LAN (arcfour-hmac)
>    1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
>    1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
>    1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
>    1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
>    1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
>    1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
>    2 HOST/samba4 at FSS.LAN (des-cbc-crc)
>    2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
>    2 SAMBA4$@FSS.LAN (des-cbc-crc)
>    2 HOST/samba4 at FSS.LAN (des-cbc-md5)
>    2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
>    2 SAMBA4$@FSS.LAN (des-cbc-md5)
>    2 HOST/samba4 at FSS.LAN (arcfour-hmac)
>    2 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
>    2 SAMBA4$@FSS.LAN (arcfour-hmac)
>    2 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
>    2 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
>    2 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
>    2 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
>    2 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
>    2 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
>    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
>    1 SAMBA4$@FSS.LAN (des-cbc-crc)
>    1 HOST/samba4 at FSS.LAN (des-cbc-md5)
>    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
>    1 SAMBA4$@FSS.LAN (des-cbc-md5)
>    1 HOST/samba4 at FSS.LAN (arcfour-hmac)
>    1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
>    1 SAMBA4$@FSS.LAN (arcfour-hmac)
>    1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
>    1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
>    1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
>    1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
>    1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
>    1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
> 
> 
> Le mar. 26 févr. 2019 à 16:22, Rowland Penny via samba <
> samba at lists.samba.org> a écrit :
> 
> > On Tue, 26 Feb 2019 15:57:03 +0100
> > David Jehin via samba <samba at lists.samba.org> wrote:
> >
> > > Hello everyone
> > > since now a certain time I pull my hair and do not understand the
> > > source of my problem.
> > > after a samba 3 pdc migration to samba 4.8.5 AD, when a windows
> > > client starts the gpo computer is not applied to the boot.
> > > in the windows logs there are 1058 GPO errors and server side
> > > samba here are the logs:
> > >
> > >   GSS server Update (krb5) (1) Update failed: Miscellaneous
> > > failure (see text): Failed to find SAMBA4$@FSS.LAN (kvno 2) in
> > > keytab FILE: /var/lib/samba/private/secrets.keytab (arcfour
> > > -hmac-md5) [2019/02/20 11: 20: 33.013351, 1]
> > >
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> > >    gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
> > > NEG_TOKEN_INIT content failed (next [(null)]):
> > > NT_STATUS_LOGON_FAILURE [2019/02/20 11: 20: 33.041913, 1]
> > >
../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> > >
> > > thank you again for your participation.
> >
> > What does this show:
> >
> > klist -e -k /var/lib/samba/private/secrets.keytab
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
Well that shows that the keytab exists and contains the required
enctypes for SAMBA4$@FSS.LAN at KVNO 2, what it doesn't have is
'(arcfour -hmac-md5)' which, to be honest, I don't recognise.

What distro is this running on ?
Self compiled Samba or distro packages ?

Rowland

David Jehin

2019-Feb-26 16:42 UTC

head link

[Samba] gpo not applied a boot computer

compiled samba version : 4.8.5  and my distribution is: debian stretch 9.6
I said that when I join the domain, restarting the machine takes the GPO,
the other restart does not take the gpo computer.
Thanks for your help

Le mar. 26 févr. 2019 à 17:11, Rowland Penny via samba <
samba at lists.samba.org> a écrit :
> On Tue, 26 Feb 2019 16:37:39 +0100
> David Jehin <bedou210977 at gmail.com> wrote:
>
> > THANK YOU FOR YOUR REPLY
> >
> > THE RESULT :
> > KVNO Principal
> > ----
> >
> --------------------------------------------------------------------------
> >    1 HOST/samba4 at FSS.LAN (des-cbc-crc)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
> >    1 SAMBA4$@FSS.LAN (des-cbc-crc)
> >    1 HOST/samba4 at FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
> >    1 SAMBA4$@FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4 at FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
> >    1 SAMBA4$@FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
> >    2 HOST/samba4 at FSS.LAN (des-cbc-crc)
> >    2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
> >    2 SAMBA4$@FSS.LAN (des-cbc-crc)
> >    2 HOST/samba4 at FSS.LAN (des-cbc-md5)
> >    2 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
> >    2 SAMBA4$@FSS.LAN (des-cbc-md5)
> >    2 HOST/samba4 at FSS.LAN (arcfour-hmac)
> >    2 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
> >    2 SAMBA4$@FSS.LAN (arcfour-hmac)
> >    2 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    2 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    2 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
> >    2 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    2 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    2 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
> >    1 SAMBA4$@FSS.LAN (des-cbc-crc)
> >    1 HOST/samba4 at FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
> >    1 SAMBA4$@FSS.LAN (des-cbc-md5)
> >    1 HOST/samba4 at FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4.fss.lan at FSS.LAN (arcfour-hmac)
> >    1 SAMBA4$@FSS.LAN (arcfour-hmac)
> >    1 HOST/samba4 at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes128-cts-hmac-sha1-96)
> >    1 HOST/samba4 at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 HOST/samba4.fss.lan at FSS.LAN (aes256-cts-hmac-sha1-96)
> >    1 SAMBA4$@FSS.LAN (aes256-cts-hmac-sha1-96)
> >
> >
> > Le mar. 26 févr. 2019 à 16:22, Rowland Penny via samba <
> > samba at lists.samba.org> a écrit :
> >
> > > On Tue, 26 Feb 2019 15:57:03 +0100
> > > David Jehin via samba <samba at lists.samba.org> wrote:
> > >
> > > > Hello everyone
> > > > since now a certain time I pull my hair and do not
understand the
> > > > source of my problem.
> > > > after a samba 3 pdc migration to samba 4.8.5 AD, when a
windows
> > > > client starts the gpo computer is not applied to the boot.
> > > > in the windows logs there are 1058 GPO errors and server
side
> > > > samba here are the logs:
> > > >
> > > >   GSS server Update (krb5) (1) Update failed: Miscellaneous
> > > > failure (see text): Failed to find SAMBA4$@FSS.LAN (kvno 2)
in
> > > > keytab FILE: /var/lib/samba/private/secrets.keytab (arcfour
> > > > -hmac-md5) [2019/02/20 11: 20: 33.013351, 1]
> > > >
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> > > >    gensec_spnego_server_negTokenInit_step: gssapi_krb5:
parsing
> > > > NEG_TOKEN_INIT content failed (next [(null)]):
> > > > NT_STATUS_LOGON_FAILURE [2019/02/20 11: 20: 33.041913, 1]
> > > >
> ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> > > >
> > > > thank you again for your participation.
> > >
> > > What does this show:
> > >
> > > klist -e -k /var/lib/samba/private/secrets.keytab
> > >
> > > Rowland
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
>
> Well that shows that the keytab exists and contains the required
> enctypes for SAMBA4$@FSS.LAN at KVNO 2, what it doesn't have is
> '(arcfour -hmac-md5)' which, to be honest, I don't recognise.
>
> What distro is this running on ?
> Self compiled Samba or distro packages ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Possibly Parallel Threads

Search for more maybe matching threads

samba - Feb 2019 - gpo not applied a boot computer

[Samba] gpo not applied a boot computer

[Samba] gpo not applied a boot computer

[Samba] gpo not applied a boot computer

Possibly Parallel Threads