search for: gensec_gssapi_update_internal

...hts? Hard to believe. Moreover, I'm unable to delete Administrator from Domain Users group, as this is my basic group (I received such an info). I believe the keytab is needed to sth, cause without it I keep receiving: [2018/04/03 17:32:39.331938, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): keytab /usr/local/samba/private/secrets.keytab open failed: No such file or directory About previous errors according: " Decrypt integrity check failed " - I just needed to wait (I believe the ticket time). N...

...cords, to allow them to be be recreated automatically using bind9_dlz. This seems kind of drastic... Would doing this have unforeseen side-effects I should take into consideration? And anyone on my second issue, on > [2017/11/07 18:23:25.114429, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) > GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) > [2017/11/07 18:23:25.114456, 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenIn...

..., 1] ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negTokenInit_step: gssapi_krb5: l'analyse du contenu de NEG_TOKEN_INIT a échoué (next [(null)]): NT_STATUS_LOGON_FAILURE [2019/02/20 11: 20: 33.041913, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) Merci encore pour votre participation.

...] ../auth/gensec/gensec_start.c:739(gensec_start_mech)   Starting GENSEC mechanism spnego [2017/12/27 08:20:55.506501,  5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)   Starting GENSEC submechanism gssapi_krb5 [2017/12/27 08:20:55.536259,  5] ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)   gensec_gssapi: credentials were delegated [2017/12/27 08:20:55.536320,  5] ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)   GSSAPI Connection will be cryptographically sealed [2017/12/27 08:20:55.538591,  6] ../lib/util/util_ldb.c:60(gendb_search_v)   gendb_search_...

Dear list, by mistake some script (msktutil) has updated machine password and keytab for one of my DCs (samba-4.10.10). While I could restore the keytab (/var/lib/samba/private/secrets.keytab) using samba-tool domain exportkeytab, I fail to come up with a way to update the secrets file (/var/lib/samba/private/secrets.ldb) with a new machine password. Can you please help me with an idea how to fix

...2, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech) Starting GENSEC mechanism spnego [2018/04/03 15:38:03.907852, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech) Starting GENSEC submechanism gssapi_krb5 [2018/04/03 15:38:03.909414, 5] ../source4/auth/gensec/gensec_gssapi.c:670(gensec_gssapi_update_internal) gensec_gssapi: NO credentials were delegated [2018/04/03 15:38:03.909444, 5] ../source4/auth/gensec/gensec_gssapi.c:687(gensec_gssapi_update_internal) GSSAPI Connection will be cryptographically signed [2018/04/03 15:38:03.914590, 4] ../auth/auth_log.c:860(log_successful_authz_event_human_re...

...s to be only about AAAA records... should I do something to disable ipv6 perhaps..? It happens for many of our workstations. A second (and perhaps more serious?) issue: On all four DCs, we're seeing in log.smbd: > [2017/11/07 18:23:25.114429, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) > GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) > [2017/11/07 18:23:25.114456, 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenIn...

...n a Windows client tries to connect to a share with the old PDC name, eg. \\dc1.samdom.example.com\netlogon, these errors appears in its Samba log (sanitized: DC1 is the old server's name, DC2 the new one's): [2023/06/22 15:53:44.777523, 1] ../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DC2$@SAMDOM.EXAMPLE.COM(kvno 1) in keytab FILE:/var/lib/samba/private/secrets.keytab (aes256-cts-hmac-sha1-96) [2023/06/22 15:53:44.777912, 1] ../../auth/gensec/spnego.c:1242(gensec_spnego_server_neg...

...rt.c:739(gensec_start_mech) >   Starting GENSEC mechanism spnego > [2017/12/27 08:20:55.506501,  5] > ../auth/gensec/gensec_start.c:739(gensec_start_mech) >   Starting GENSEC submechanism gssapi_krb5 > [2017/12/27 08:20:55.536259,  5] > ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal) >   gensec_gssapi: credentials were delegated > [2017/12/27 08:20:55.536320,  5] > ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal) >   GSSAPI Connection will be cryptographically sealed > [2017/12/27 08:20:55.538591,  6] > ../lib/util/util_ldb.c:60(gen...

...getting now the same error in log.samba GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 [2018/04/03 15:08:05.924388, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) Can this be related to the new key of host in keytab? I've renamed /usr/local/samba and made "make install" to create all paths. Regards, Kris -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of lingpanda101 via samba Sent: Tuesday, April...

...ting GENSEC mechanism spnego >>> [2017/12/27 08:20:55.506501,  5] >>> ../auth/gensec/gensec_start.c:739(gensec_start_mech) >>>   Starting GENSEC submechanism gssapi_krb5 >>> [2017/12/27 08:20:55.536259,  5] >>> ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal) >>>   gensec_gssapi: credentials were delegated >>> [2017/12/27 08:20:55.536320,  5] >>> ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal) >>>   GSSAPI Connection will be cryptographically sealed >>> [2017/12/27 08:20:55.538591...

...20: 33.013351, 1] ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing NEG_TOKEN_INIT content failed (next [(null)]): NT_STATUS_LOGON_FAILURE [2019/02/20 11: 20: 33.041913, 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) thank you again for your participation.

.../scripts/devel/chgtdcpass > which updated the machine password as well as the keytab. > After a restart samba keeps complaining now that the (outdated) KVNO 6 is > no longer part of the secrets.keytab: > [2019/11/03 16:22:12.319958, 1] > ../../source4/auth/gensec/gensec_gssapi.c:793(gensec_gssapi_update_internal) > GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see > text): Failed to find DC3$@MY.DOMAIN(kvno 6) in keytab > FILE:/var/lib/samba/private/secrets.keytab (aes256-cts-hmac-sha1-96) > > Apparently I missed one place in the update. Any ideas how to fix this last...

There was lack of membership in Administrators domain/Builtin group. I had only: Domain Users Group Policy Creator Owners Enterprise Admins Schema Admins Domain Admins I've added and I'll try. Thank you. Any hint with the recreation of keytab file? Regards, Kris -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent:

....c:1218(gensec_spnego_server_negTokenInit_step) > > gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing > > NEG_TOKEN_INIT content failed (next [(null)]): NT_STATUS_LOGON_FAILURE > > [2019/02/20 11: 20: 33.041913, 1] > > ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) > > > > thank you again for your participation. > > What does this show: > > klist -e -k /var/lib/samba/private/secrets.keytab > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/...

...t; >   Starting GENSEC mechanism spnego > > [2017/12/27 08:20:55.506501,  5] > > ../auth/gensec/gensec_start.c:739(gensec_start_mech) > >   Starting GENSEC submechanism gssapi_krb5 > > [2017/12/27 08:20:55.536259,  5] > > ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal) > >   gensec_gssapi: credentials were delegated > > [2017/12/27 08:20:55.536320,  5] > > ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal) > >   GSSAPI Connection will be cryptographically sealed > > [2017/12/27 08:20:55.538591,  6] > >...

...so the update was refused. After deletion, the computer created the records again, and as the computer now 'owns' the records, it can now update them. > > And anyone on my second issue, on > > [2017/11/07 18:23:25.114429, > > 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) > > GSS server Update(krb5)(1) Update failed: Miscellaneous failure > > (see text): Failed to find DC4$@SAMBA.COMPANY.COM(kvno 1) in keytab > > FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) > > [2017/11/07 18:23:25.114456, > > 1] ../auth/gensec/spnego...

...n log.samba > > GSS server Update(krb5)(1) Update failed: Miscellaneous failure > (see text): Decrypt integrity check failed for checksum type > hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 [2018/04/03 > 15:08:05.924388, > 1] ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) > > > Can this be related to the new key of host in keytab? Do you have 'etc/krb5.keytab' (or similar), if so try deleting it and then create a new one. Rowland

...018/04/03 14:36:46.822531, >>> 1] ../auth/gensec/spnego.c:411(gensec_spnego_parse_negTokenInit) >>> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE >>> [2018/04/03 14:36:46.968728, >>> 1] >>> ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) >>> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see >>> text): Failed to find DC$@DOMAIN.NET.PL(kvno 2) in keytab >>> FILE:/usr/local/samba/private/secrets.keytab >>> (aes256-cts-hmac-sha1-96) >>> >>> kvno DC >>&gt...

..../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) > gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing > NEG_TOKEN_INIT content failed (next [(null)]): NT_STATUS_LOGON_FAILURE > [2019/02/20 11: 20: 33.041913, 1] > ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_internal) > > thank you again for your participation. What does this show: klist -e -k /var/lib/samba/private/secrets.keytab Rowland