Stefan G. Weichinger
2022-Jan-11 07:24 UTC
[Samba] Domain admin can't access share on samba dm-server
Am 30.12.21 um 19:34 schrieb Rowland Penny via samba:> On Wed, 2021-12-29 at 13:03 +0100, Stefan G. Weichinger via samba > wrote: >> windows2019 server, logged in as domain admin >> >> accessing \\pre01svdeb01 fails, I see this in the samba logs: >> >> [2021/12/29 12:57:54.754005, 1] >> ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_ste >> p) >> gensec_spnego_server_negTokenInit_step: gse_krb5: parsing >> NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE >> [2021/12/29 12:57:54.769715, 1] >> ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token) >> gss_accept_sec_context failed with [ Miscellaneous failure (see >> text): Failed to find cifs/pre01svdeb01 at mydom.AT(kvno 5) in keytab >> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] > > OK, I went back to the start of this thread and reread it and we all > missed it, everyone has been looking at the wrong keytab. The correct > keytab is in MEMORY and I do not know of any way of reading that one. > > I would restart the computer and see if this fixes the problem. If you > have already tried this, leave the domain and then join it again, > hopefully this should create a new keytab in memory.Only found your reply now (late), sorry. Rebooting the windows server is possible in the evening, rebooting the file server has to wait until I am on site later this week. You want me to (maybe) un/re-join the samba DM server, not the Windows server, right?
Rowland Penny
2022-Jan-11 10:05 UTC
[Samba] Domain admin can't access share on samba dm-server
On Tue, 2022-01-11 at 08:24 +0100, Stefan G. Weichinger via samba wrote:> Am 30.12.21 um 19:34 schrieb Rowland Penny via samba: > > On Wed, 2021-12-29 at 13:03 +0100, Stefan G. Weichinger via samba > > wrote: > > > windows2019 server, logged in as domain admin > > > > > > accessing \\pre01svdeb01 fails, I see this in the samba logs: > > > > > > [2021/12/29 12:57:54.754005, 1] > > > ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit > > > _ste > > > p) > > > gensec_spnego_server_negTokenInit_step: gse_krb5: parsing > > > NEG_TOKEN_INIT content failed (next[(null)]): > > > NT_STATUS_LOGON_FAILURE > > > [2021/12/29 12:57:54.769715, 1] > > > ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token) > > > gss_accept_sec_context failed with [ Miscellaneous failure > > > (see > > > text): Failed to find cifs/pre01svdeb01 at mydom.AT(kvno 5) in > > > keytab > > > MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] > > > > OK, I went back to the start of this thread and reread it and we > > all > > missed it, everyone has been looking at the wrong keytab. The > > correct > > keytab is in MEMORY and I do not know of any way of reading that > > one. > > > > I would restart the computer and see if this fixes the problem. If > > you > > have already tried this, leave the domain and then join it again, > > hopefully this should create a new keytab in memory. > > Only found your reply now (late), sorry. Rebooting the windows server > is > possible in the evening, rebooting the file server has to wait until > I > am on site later this week. > > You want me to (maybe) un/re-join the samba DM server, not the > Windows > server, right?I am suggesting that you reboot the Unix domain member and if that doesn't work, make the Unix domain member leave then rejoin the domain. Rowland