Displaying 20 results from an estimated 29 matches for "gensec_gssapi_update_internal".
2018 Apr 04
3
Unable to rejoin domain, LDAP error 50
...hts? Hard to believe.
Moreover, I'm unable to delete Administrator from Domain Users group, as this is my basic group (I received such an info).
I believe the keytab is needed to sth, cause without it I keep receiving:
[2018/04/03 17:32:39.331938, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): keytab /usr/local/samba/private/secrets.keytab open failed: No such file or directory
About previous errors according: " Decrypt integrity check failed " - I just needed to wait (I believe the ticket time). N...
2017 Nov 07
3
after DCs migration to 4.7, two things
...cords, to allow
them to be be recreated automatically using bind9_dlz.
This seems kind of drastic... Would doing this have unforeseen
side-effects I should take into consideration?
And anyone on my second issue, on
> [2017/11/07 18:23:25.114429, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> [2017/11/07 18:23:25.114456, 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenIn...
2019 Feb 26
1
Gpo computer not applied a boot system
..., 1]
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gssapi_krb5: l'analyse du
contenu de NEG_TOKEN_INIT a échoué (next [(null)]): NT_STATUS_LOGON_FAILURE
[2019/02/20 11: 20: 33.041913, 1]
../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
Merci encore pour votre participation.
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2017/12/27 08:20:55.506501, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gssapi_krb5
[2017/12/27 08:20:55.536259, 5]
../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)
gensec_gssapi: credentials were delegated
[2017/12/27 08:20:55.536320, 5]
../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)
GSSAPI Connection will be cryptographically sealed
[2017/12/27 08:20:55.538591, 6] ../lib/util/util_ldb.c:60(gendb_search_v)
gendb_search_...
2019 Nov 03
2
DC with outdated secrets
Dear list,
by mistake some script (msktutil) has updated machine password and keytab
for one of my DCs (samba-4.10.10). While I could restore the keytab
(/var/lib/samba/private/secrets.keytab) using samba-tool domain
exportkeytab, I fail to come up with a way to update the secrets file
(/var/lib/samba/private/secrets.ldb) with a new machine password.
Can you please help me with an idea how to fix
2018 Apr 03
0
Renaming a joined windows workstation
...2, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2018/04/03 15:38:03.907852, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gssapi_krb5
[2018/04/03 15:38:03.909414, 5]
../source4/auth/gensec/gensec_gssapi.c:670(gensec_gssapi_update_internal)
gensec_gssapi: NO credentials were delegated
[2018/04/03 15:38:03.909444, 5]
../source4/auth/gensec/gensec_gssapi.c:687(gensec_gssapi_update_internal)
GSSAPI Connection will be cryptographically signed
[2018/04/03 15:38:03.914590, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_re...
2017 Nov 07
2
after DCs migration to 4.7, two things
...s to be only about AAAA records... should I do something
to disable ipv6 perhaps..? It happens for many of our workstations.
A second (and perhaps more serious?) issue:
On all four DCs, we're seeing in log.smbd:
> [2017/11/07 18:23:25.114429, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> [2017/11/07 18:23:25.114456, 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenIn...
2023 Jul 06
1
Cannot access PDC shares via alias name
...n a Windows client tries to connect to a share with the old PDC name,
eg. \\dc1.samdom.example.com\netlogon, these errors appears in its Samba
log (sanitized: DC1 is the old server's name, DC2 the new one's):
[2023/06/22 15:53:44.777523, 1]
../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Failed to find DC2$@SAMDOM.EXAMPLE.COM(kvno 1) in keytab
FILE:/var/lib/samba/private/secrets.keytab (aes256-cts-hmac-sha1-96)
[2023/06/22 15:53:44.777912, 1]
../../auth/gensec/spnego.c:1242(gensec_spnego_server_neg...
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...rt.c:739(gensec_start_mech)
> Starting GENSEC mechanism spnego
> [2017/12/27 08:20:55.506501, 5]
> ../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC submechanism gssapi_krb5
> [2017/12/27 08:20:55.536259, 5]
> ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)
> gensec_gssapi: credentials were delegated
> [2017/12/27 08:20:55.536320, 5]
> ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)
> GSSAPI Connection will be cryptographically sealed
> [2017/12/27 08:20:55.538591, 6]
> ../lib/util/util_ldb.c:60(gen...
2018 Apr 03
2
Unable to rejoin domain, LDAP error 50
...getting now the same error in log.samba
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
[2018/04/03 15:08:05.924388, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
Can this be related to the new key of host in keytab?
I've renamed /usr/local/samba and made "make install" to create all paths.
Regards,
Kris
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of lingpanda101 via samba
Sent: Tuesday, April...
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...ting GENSEC mechanism spnego
>>> [2017/12/27 08:20:55.506501, 5]
>>> ../auth/gensec/gensec_start.c:739(gensec_start_mech)
>>> Starting GENSEC submechanism gssapi_krb5
>>> [2017/12/27 08:20:55.536259, 5]
>>> ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)
>>> gensec_gssapi: credentials were delegated
>>> [2017/12/27 08:20:55.536320, 5]
>>> ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)
>>> GSSAPI Connection will be cryptographically sealed
>>> [2017/12/27 08:20:55.538591...
2019 Feb 26
5
gpo not applied a boot computer
...20: 33.013351, 1]
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
NEG_TOKEN_INIT content failed (next [(null)]): NT_STATUS_LOGON_FAILURE
[2019/02/20 11: 20: 33.041913, 1]
../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
thank you again for your participation.
2019 Nov 03
2
DC with outdated secrets
.../scripts/devel/chgtdcpass
> which updated the machine password as well as the keytab.
> After a restart samba keeps complaining now that the (outdated) KVNO 6 is
> no longer part of the secrets.keytab:
> [2019/11/03 16:22:12.319958, 1]
> ../../source4/auth/gensec/gensec_gssapi.c:793(gensec_gssapi_update_internal)
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
> text): Failed to find DC3$@MY.DOMAIN(kvno 6) in keytab
> FILE:/var/lib/samba/private/secrets.keytab (aes256-cts-hmac-sha1-96)
>
> Apparently I missed one place in the update. Any ideas how to fix this last...
2018 Apr 03
2
Unable to rejoin domain, LDAP error 50
There was lack of membership in Administrators domain/Builtin group.
I had only:
Domain Users
Group Policy Creator Owners
Enterprise Admins
Schema Admins
Domain Admins
I've added and I'll try. Thank you.
Any hint with the recreation of keytab file?
Regards,
Kris
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent:
2019 Feb 26
2
gpo not applied a boot computer
....c:1218(gensec_spnego_server_negTokenInit_step)
> > gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
> > NEG_TOKEN_INIT content failed (next [(null)]): NT_STATUS_LOGON_FAILURE
> > [2019/02/20 11: 20: 33.041913, 1]
> > ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> >
> > thank you again for your participation.
>
> What does this show:
>
> klist -e -k /var/lib/samba/private/secrets.keytab
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/...
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...t; > Starting GENSEC mechanism spnego
> > [2017/12/27 08:20:55.506501, 5]
> > ../auth/gensec/gensec_start.c:739(gensec_start_mech)
> > Starting GENSEC submechanism gssapi_krb5
> > [2017/12/27 08:20:55.536259, 5]
> > ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)
> > gensec_gssapi: credentials were delegated
> > [2017/12/27 08:20:55.536320, 5]
> > ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)
> > GSSAPI Connection will be cryptographically sealed
> > [2017/12/27 08:20:55.538591, 6]
> >...
2017 Nov 07
0
after DCs migration to 4.7, two things
...so the update was
refused. After deletion, the computer created the records again, and as
the computer now 'owns' the records, it can now update them.
>
> And anyone on my second issue, on
> > [2017/11/07 18:23:25.114429,
> > 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
> > GSS server Update(krb5)(1) Update failed: Miscellaneous failure
> > (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab
> > FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> > [2017/11/07 18:23:25.114456,
> > 1] ../auth/gensec/spnego...
2018 Apr 03
0
Unable to rejoin domain, LDAP error 50
...n log.samba
>
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure
> (see text): Decrypt integrity check failed for checksum type
> hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 [2018/04/03
> 15:08:05.924388,
> 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
>
>
> Can this be related to the new key of host in keytab?
Do you have 'etc/krb5.keytab' (or similar), if so try deleting it and
then create a new one.
Rowland
2018 Apr 08
0
Unable to rejoin domain, LDAP error 50
...018/04/03 14:36:46.822531,
>>> 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenInit)
>>> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>> [2018/04/03 14:36:46.968728,
>>> 1]
>>> ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
>>> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
>>> text): Failed to find DC$@DOMAIN.NET.PL(kvno 2) in keytab
>>> FILE:/usr/local/samba/private/secrets.keytab
>>> (aes256-cts-hmac-sha1-96)
>>>
>>> kvno DC
>>>...
2019 Feb 26
0
gpo not applied a boot computer
..../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
> NEG_TOKEN_INIT content failed (next [(null)]): NT_STATUS_LOGON_FAILURE
> [2019/02/20 11: 20: 33.041913, 1]
> ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal)
>
> thank you again for your participation.
What does this show:
klist -e -k /var/lib/samba/private/secrets.keytab
Rowland