samba - Mar 2021 - GSS server Update(krb5)(1) Update failed: Miscellaneous failure

So some client is connecting with to the old server by the old name,
likely the previous DC?  If so, demote it.

If it is already deleted in LDAP and DNS then this will go away when
the client credentials cache expires.

Andrew Bartlett

On Tue, 2021-03-30 at 22:22 -0300, Carlos Alberto Panozzo Cunha
wrote:
> Uhum ... I change name but i re-used IP. In ase it tis problem re-
> used ip?
> Or will this message disappear in time? or how to solve?
> 
> Thanks
> 
> 
> In ase it tis problema re-used ip or with tie de "msg erro" dont 
> 
> Em ter., 30 de mar. de 2021 ?s 20:46, Andrew Bartlett <
> abartlet at samba.org> escreveu:
> > On Tue, 2021-03-30 at 20:23 -0300, Carlos via samba wrote:
> > > Hi! I Join im new dc, thats is ok but in log o see
> > > 
> > > 
> > > GSS server Update(krb5)(1) Update failed:  Miscellaneous failure
> > > (see 
> > > text): Failed to find DCXXX$@XXXX(kvno 1) in keytab 
> > > FILE:/opt/samba/private/secr
> > > ets.keytab (arcfour-hmac-md5)
> > > 
> > > 
> > > It is a problem ?
> > 
> > This just means that your DC has been contacted by a client who has
> > a
> > ticket encrypted by the KDC with a different machine account
> > password.
> > 
> > This often happens after a domain re-join as the passwords are re-
> > randomised, or if a name or IP is otherwise re-used.
> > 
> > Andrew Bartlett
> > 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

The old dc was demote (i first primary).

Yes, to things that using the old name for access, that's why I kept the
same IP.

Can I leave it this way or does this imply a problem today or in the
future?

thanks and regards;

Em ter., 30 de mar. de 2021 ?s 22:47, Andrew Bartlett <abartlet at
samba.org>
escreveu:
> So some client is connecting with to the old server by the old name,
> likely the previous DC?  If so, demote it.
>
> If it is already deleted in LDAP and DNS then this will go away when
> the client credentials cache expires.
>
> Andrew Bartlett
>
> On Tue, 2021-03-30 at 22:22 -0300, Carlos Alberto Panozzo Cunha wrote:
> > Uhum ... I change name but i re-used IP. In ase it tis problem re-
> > used ip?
> > Or will this message disappear in time? or how to solve?
> >
> > Thanks
> >
> >
> > In ase it tis problema re-used ip or with tie de "msg erro"
dont
> >
> > Em ter., 30 de mar. de 2021 ?s 20:46, Andrew Bartlett <
> > abartlet at samba.org> escreveu:
> > > On Tue, 2021-03-30 at 20:23 -0300, Carlos via samba wrote:
> > > > Hi! I Join im new dc, thats is ok but in log o see
> > > >
> > > >
> > > > GSS server Update(krb5)(1) Update failed:  Miscellaneous
failure
> > > > (see
> > > > text): Failed to find DCXXX$@XXXX(kvno 1) in keytab
> > > > FILE:/opt/samba/private/secr
> > > > ets.keytab (arcfour-hmac-md5)
> > > >
> > > >
> > > > It is a problem ?
> > >
> > > This just means that your DC has been contacted by a client who
has
> > > a
> > > ticket encrypted by the KDC with a different machine account
> > > password.
> > >
> > > This often happens after a domain re-join as the passwords are
re-
> > > randomised, or if a name or IP is otherwise re-used.
> > >
> > > Andrew Bartlett
> > >
> --
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
>
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
>
>
>
>
>
>