Omnis ludis - games
2024-Jun-05 13:06 UTC
[Samba] Failed to bind to uuid NT_STATUS_LOGON_FAILURE
I tried to replace the secrets.keytab file, but it didn't help solve the problem somehow, the error is exactly the same, where else can something be used? why does samba reject the computer's request to view drs showrepl? maybe I need to somehow change the password of the domain controller myself? ??, 5 ???. 2024??. ? 15:55, Christian Naumer <christian.naumer at greyfish.net>:> OK. You can see the file in /etc was updated the other one was not. So > you can try to replace the > > /opt/reddc/private/secrets.keytab > > with the > > /etc/krb5.keytab > > > But be aware that Samba also stores some "secrets" in other ldb files in > the private dir. I am not that much of an expert to say that this will > work. But now you AD is broken anyway. > > > Regards > > > Christian > > Am 05.06.24 um 14:50 schrieb Omnis ludis - game> klist -ke /etc/krb5.keytab > > Keytab name: FILE:/etc/krb5.keytab > > KVNO Principal > > ---- > > > -------------------------------------------------------------------------- > > 1 host/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 1 host/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 1 host/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 1 host/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 1 host/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 1 host/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 1 ldap/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 1 ldap/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 1 ldap/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 1 ldap/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 1 ldap/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 1 ldap/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 1 gc/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 1 gc/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 1 gc/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 1 gc/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 1 gc/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 1 gc/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom > > (aes256-cts-hmac-sha1-96) > > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom > > (aes256-cts-hmac-sha1-96) > > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom > > (aes128-cts-hmac-sha1-96) > > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom > > (aes128-cts-hmac-sha1-96) > > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom > > (DEPRECATED:arcfour-hmac) > > 1 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom > > (DEPRECATED:arcfour-hmac) > > 1 restrictedkrbhost/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 1 restrictedkrbhost/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 1 restrictedkrbhost/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 1 restrictedkrbhost/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 1 restrictedkrbhost/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 1 restrictedkrbhost/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 1 DC1$@test.dom (aes256-cts-hmac-sha1-96) > > 1 DC1$@test.dom (aes128-cts-hmac-sha1-96) > > 1 DC1$@test.dom (DEPRECATED:arcfour-hmac) > > 2 DC1$@test.dom (DEPRECATED:arcfour-hmac) > > 2 DC1$@test.dom (aes128-cts-hmac-sha1-96) > > 2 DC1$@test.dom (aes256-cts-hmac-sha1-96) > > 2 host/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 host/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 host/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 host/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 2 host/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 2 host/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 ldap/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 ldap/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 2 ldap/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 2 ldap/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 2 gc/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 gc/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 gc/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 gc/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 2 gc/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 2 gc/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom > > (DEPRECATED:arcfour-hmac) > > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom > > (aes128-cts-hmac-sha1-96) > > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/dc1.test.dom at test.dom > > (aes256-cts-hmac-sha1-96) > > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom > > (DEPRECATED:arcfour-hmac) > > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom > > (aes128-cts-hmac-sha1-96) > > 2 e3514235-4b06-11d1-ab04-00c04fc2dcd2/DC1 at test.dom > > (aes256-cts-hmac-sha1-96) > > 2 restrictedkrbhost/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 restrictedkrbhost/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 restrictedkrbhost/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 restrictedkrbhost/DC1 at test.dom (DEPRECATED:arcfour-hmac) > > 2 restrictedkrbhost/DC1 at test.dom (aes128-cts-hmac-sha1-96) > > 2 restrictedkrbhost/DC1 at test.dom (aes256-cts-hmac-sha1-96) > > 2 HOST/dc1.test.dom/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 HOST/dc1.test.dom/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 HOST/dc1.test.dom/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 HOST/dc1.test.dom/RED-SOFT at test.dom (DEPRECATED:arcfour-hmac) > > 2 HOST/dc1.test.dom/RED-SOFT at test.dom (aes128-cts-hmac-sha1-96) > > 2 HOST/dc1.test.dom/RED-SOFT at test.dom (aes256-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/RED-SOFT at test.dom (DEPRECATED:arcfour-hmac) > > 2 ldap/dc1.test.dom/RED-SOFT at test.dom (aes128-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/RED-SOFT at test.dom (aes256-cts-hmac-sha1-96) > > 2 GC/dc1.test.dom/test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 GC/dc1.test.dom/test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 GC/dc1.test.dom/test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 HOST/dc1.test.dom/test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 HOST/dc1.test.dom/test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 HOST/dc1.test.dom/test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 2 ldap/dc1.test.dom/test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 2 > > > E3514235-4B06-11D1-AB04-00C04FC2DCD2/7b51045d-a81d-457b-a74a-19ef609cb1fe/test.dom at test.dom > (DEPRECATED:arcfour-hmac) > > 2 > > > E3514235-4B06-11D1-AB04-00C04FC2DCD2/7b51045d-a81d-457b-a74a-19ef609cb1fe/test.dom at test.dom > (aes128-cts-hmac-sha1-96) > > 2 > > > E3514235-4B06-11D1-AB04-00C04FC2DCD2/7b51045d-a81d-457b-a74a-19ef609cb1fe/test.dom at test.dom > (aes256-cts-hmac-sha1-96) > > 2 ldap/7b51045d-a81d-457b-a74a-19ef609cb1fe._msdcs.test.dom at test.dom > > (DEPRECATED:arcfour-hmac) > > 2 ldap/7b51045d-a81d-457b-a74a-19ef609cb1fe._msdcs.test.dom at test.dom > > (aes128-cts-hmac-sha1-96) > > 2 ldap/7b51045d-a81d-457b-a74a-19ef609cb1fe._msdcs.test.dom at test.dom > > (aes256-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/DomainDnsZones.test.dom at test.dom > > (DEPRECATED:arcfour-hmac) > > 2 ldap/dc1.test.dom/DomainDnsZones.test.dom at test.dom > > (aes128-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/DomainDnsZones.test.dom at test.dom > > (aes256-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/ForestDnsZones.test.dom at test.dom > > (DEPRECATED:arcfour-hmac) > > 2 ldap/dc1.test.dom/ForestDnsZones.test.dom at test.dom > > (aes128-cts-hmac-sha1-96) > > 2 ldap/dc1.test.dom/ForestDnsZones.test.dom at test.dom > > (aes256-cts-hmac-sha1-96) > > > > klist -ke /opt/reddc/private/secrets.keytab > > Keytab name: FILE:/opt/reddc/private/secrets.keytab > > KVNO Principal > > ---- > > > -------------------------------------------------------------------------- > > 1 HOST/dc1 at test.dom (aes256-cts-hmac-sha1-96) > > 1 HOST/dc1.test.dom at test.dom (aes256-cts-hmac-sha1-96) > > 1 DC1$@test.dom (aes256-cts-hmac-sha1-96) > > 1 HOST/dc1 at test.dom (aes128-cts-hmac-sha1-96) > > 1 HOST/dc1.test.dom at test.dom (aes128-cts-hmac-sha1-96) > > 1 DC1$@test.dom (aes128-cts-hmac-sha1-96) > > 1 HOST/dc1 at test.dom (DEPRECATED:arcfour-hmac) > > 1 HOST/dc1.test.dom at test.dom (DEPRECATED:arcfour-hmac) > > 1 DC1$@test.dom (DEPRECATED:arcfour-hmac) > > > > It looks like it's been successful but mb problems kvno or something > > > > ??, 5 ???. 2024??. ? 15:41, Christian Naumer via samba > > <samba at lists.samba.org <mailto:samba at lists.samba.org>>: > > > > Am 05.06.24 um 14:33 schrieb Omnis ludis - games via samba: > > > this is the only controller in the domain, it is on its own, yes, > > I use > > > krb5.keytab to log domain administrator accounts on the machine, > > it seems > > > to me there must be some way to defeat this and restore the > > controller's > > > functionality > > > > what does > > > > klist -ke > > > > > > show? > > > > and is there "secrets.keytab" in the PRIVATE_DIR eg > > "/usr/local/samba/private/" ? > > > > And is yes what does > > > > klist -ke secrets.keytab > > > > > > show? > > > > Regards > > > > > > Christian > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > <https://lists.samba.org/mailman/options/samba> > > > >
Christian Naumer
2024-Jun-05 13:13 UTC
[Samba] Failed to bind to uuid NT_STATUS_LOGON_FAILURE
Am 05.06.24 um 15:06 schrieb Omnis ludis - games via samba:> I tried to replace the secrets.keytab file, but it didn't help solve the > problem somehow, the error is exactly the same, where else can something be > used? why does samba reject the computer's request to view drs showrepl? > maybe I need to somehow change the password of the domain controller myself?This is what I feared. Samba gets the password from the secrets.ldb file. I don't know how to update this with a new password from a keytab. Maybe others can help there. Regards Christian