samba - Sep 2019 - migrated from gentoo to debian, DM throws errors ...

Am 05.09.19 um 17:37 schrieb Stefan G. Weichinger via
samba:
> Am 05.09.19 um 17:19 schrieb Stefan G. Weichinger via samba:
>>
>> what do I miss here:
> 
> update: maybe the reboot of the clients helped ... looks better now
> 
> 
> 
Access works, but I still get

[2019/09/05 17:49:41.888422,  1]
../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
[2019/09/05 17:49:41.888521,  1]
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
  gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
[2019/09/05 17:49:41.899494,  1]
../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]


thanks for any pointers

On 05/09/2019 16:50, Stefan G. Weichinger via samba
wrote:
> Am 05.09.19 um 17:37 schrieb Stefan G. Weichinger via samba:
>> Am 05.09.19 um 17:19 schrieb Stefan G. Weichinger via samba:
>>> what do I miss here:
>> update: maybe the reboot of the clients helped ... looks better now
>>
>>
>>
> Access works, but I still get
>
> [2019/09/05 17:49:41.888422,  1]
> ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
>    gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> [2019/09/05 17:49:41.888521,  1]
> ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
>    gensec_spnego_server_negTokenInit_step: gse_krb5: parsing
> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> [2019/09/05 17:49:41.899494,  1]
> ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
>    gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
>
>
> thanks for any pointers
>
>
----->

<--------

That what you mean ? ;-)

You will probably have a keytab now '/etc/krb.keytab', the join should 
have recreated it.

I take it that you are mounting the users homedirs and require the 
'cifs' keytab to do this, I also take it that the computers short 
hostname is 'samba'. You will need to check that the AD object for 
'samba' has the 'cifs/SAMBA.noras.intra' SPN.

I would also find out just how the cifs mount is being done.

A Unix domain member does have a sam.ldb file, just not like the one on 
a DC.

Rowland

Am 05.09.19 um 18:37 schrieb Rowland penny via samba:
> That what you mean ? ;-)
;-)
> You will probably have a keytab now '/etc/krb.keytab', the join
should
> have recreated it.
/etc/krb5.keytab

> I take it that you are mounting the users homedirs and require the
> 'cifs' keytab to do this, I also take it that the computers short
> hostname is 'samba'. You will need to check that the AD object for
> 'samba' has the 'cifs/SAMBA.noras.intra' SPN.
> 
> I would also find out just how the cifs mount is being done.
I don't know ... you suggest there's a linux machine mounting something
via CIFS? It's the only linux machine here ... maybe some NAS somewhere ...

So I understand we should check that AD object within "AD Computers"
under Windows?
> A Unix domain member does have a sam.ldb file, just not like the one on
> a DC.
Not existant here so far.

(I might leave here in ~15min and will be back tmrw)