Displaying 20 results from an estimated 79 matches for "gss_accept_sec_context".
2018 Aug 07
0
gss_accept_sec_context failed with [ Miscellaneous failure (see text): Decrypt integrity check failed]
Hello,
my fileserver (Debian and samba packages 4.2.14+dfsg-0+deb8u9)
connected to an AD with one Windows DC and one Samba DC get every 10
seconds the following error:
[2018/08/07 12:52:15.351515, 1] ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text): Decrypt integrity check failed]
[2018/08/07 12:52:15.351565, 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2018/08/07 12:52:15.351609, 2] ../auth/gensec/spnego.c:7...
2006 Oct 31
0
6310540 6290437 causes gss_accept_sec_context not to output ret_flags whn no deleg cred; breaks ssh
Author: wyllys
Repository: /hg/zfs-crypto/gate
Revision: 1b97a96daa581c4f53b4fd8acceb76a27a9fe324
Log message:
6310540 6290437 causes gss_accept_sec_context not to output ret_flags whn no deleg cred; breaks ssh
Files:
update: usr/src/lib/libgss/g_accept_sec_context.c
2016 Oct 05
0
Winbind Preauthentication failed
...s_connect for domain DOMAIN failed: Preauthentication failed
# LOG SMB
------------------------------------------------------------
-------------------------------------------------------------------
[2016/10/02 06:10:34.884360, 1] ../source3/librpc/crypto/gse.c
:497(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/fs1.domain.local at DOMAIN.LOCAL(kvno 2) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2016/10/02 06:10:34.884404, 1] ../auth/gensec/spnego.c:541(ge
nsec_spnego_parse_negTokenInit)
SPNEGO(gse_krb5) NEG_TOKEN_INIT failed:...
2016 Oct 04
0
Fwd: Winbind Preauthentication failed
...s_connect for domain DOMAIN failed: Preauthentication failed
# LOG SMB
------------------------------------------------------------
-------------------------------------------------------------------
[2016/10/02 06:10:34.884360, 1] ../source3/librpc/crypto/gse.
c:497(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/fs1.domain.local at DOMAIN.LOCAL(kvno 2) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2016/10/02 06:10:34.884404, 1] ../auth/gensec/spnego.c:541(
gensec_spnego_parse_negTokenInit)
SPNEGO(gse_krb5) NEG_TOKEN_INIT failed:...
2019 Sep 05
2
migrated from gentoo to debian, DM throws errors ...
what do I miss here:
wbinfo -u / -g -/ -pPt works
[2019/09/05 17:15:25.963590, 1]
../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
[2019/09/05 17:15:25.963681, 1]
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negT...
2019 Sep 05
2
migrated from gentoo to debian, DM throws errors ...
...ieb Stefan G. Weichinger via samba:
>>
>> what do I miss here:
>
> update: maybe the reboot of the clients helped ... looks better now
>
>
>
Access works, but I still get
[2019/09/05 17:49:41.888422, 1]
../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
[2019/09/05 17:49:41.888521, 1]
../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negT...
2006 Feb 27
2
Bug in Kerberos support for openssh.
...rt 1960 ssh2
debug1: Got no client credentials
debug1: An invalid name was supplied
A parameter was malformed
Validation error
Couldn't convert client name
debug1: do_cleanup
I spent some time in the debugger, and found that essentially the
problem was that ssh is calling
ctx->major = gss_accept_sec_context(&ctx->minor,
&ctx->context, ctx->creds, recv_tok,
GSS_C_NO_CHANNEL_BINDINGS, &ctx->client, &mech,
send_tok, flags, NULL, &ctx->client_creds);
and saving off ctx->client for later use. Under the hood, ctx->client
is simply a gss_union_...
2018 Jul 02
2
DM 3.6.25 -> 4.x
...gt;
> >> Once you are sure it does exist, you can use 'net ads keytab add
> >> <principal>' to add it to /etc/krb5.keytab
>
> We did that today, the cifs SPN is now on the DCs and in the samba
> keytab.
>
> The message re-appeared though:
>
> gss_accept_sec_context failed with [Unspecified GSS failure. Minor
> code may provide more information: Request ticket server
> cifs/U1customer.customer.intra at customer.INTRA kvno 277 not found in
> keytab; keytab is likely out of date]
>
One question I don't remember asking, just where is that messa...
2019 Jun 26
6
Samba 4.10 member: SMB login no longer working
...ork, generating the following error message:
> [2019/06/26 11:24:13.015993, 3] ../../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
> Selected protocol SMB2_10
> [2019/06/26 11:24:13.021148, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/graz-file.ad.tao.at at AD.TAO.AT(kvno 100) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> [2019/06/26 11:24:13.021265, 1] ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
> gensec_spnego_serv...
2019 Oct 08
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
hello, today the following problem occurred:
[2019/10/08 09: 57: 23.568282, 1]
../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
gss_accept_sec_context failed with [Miscellaneous failure (see text):
Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
MEMORY: cifs_srv_keytab (arcfour-hmac-md5)]
in my smb.conf I have the lines:
kerberos method = dedicated keytab
dedicated keytab file = /etc/samba/fs.keytab
# net ads keytab list
Vno...
2019 Oct 09
2
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
.../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT
content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
[2019/10/08 10:58:09.634532, 1]
../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/dom.corp at DOM.CORP(kvno 109) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
before 10:00 it used kvno (kerberos version number) 108 after 10:00 kvno
109.
Il giorno mar 8 ott 2019 alle ore 22:26 Rowland penny via samba <...
2017 Jan 12
2
Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
...he WindowsXP. I see it's record with
ldbsearch.
Trying to login with the WindowsXP I get an error on the
domain_member_file_server in the file <IP-address-of-client.log> saying:
>>>
[2017/01/11 16:42:34.522067, 1]
../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2017/01/11 16:42:34.522095, 1]
../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
SPNEGO(gse_krb5) NEG_TOKEN_INIT failed...
2019 Sep 26
5
access to share with dns alias hostname
Hello, I'v to migrate one file server (old samba 3) to a new file samba 4,
I thought I could use the parameters netbios aliases = oldsamba but it
doesn't work, trying to access the share, with the old names, the
credentials popup appears and the log show:
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/oldsamba3 at lan.corp(kvno 107) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
unfortunately I have to keep active also the old server for which I thought
I could solve with the dns.
any help?
thnx.
2015 Jul 27
4
Samba4 Domain member only usable with ip
...> What DNS are you using ?
>>>
>>> Rowland
>>>
>>>
>> Look at the log I got this error when using dnsname not wih the ip
>>
>> [2015/07/27 16:50:06.225754, 1]
>> ../source3/librpc/crypto/gse.c:465(gse_get_server_auth_token)
>> gss_accept_sec_context failed with [ Miscellaneous failure (see
>> text): Failed to find cifs/smbfs.DOM.local at DOM.LOCAL(kvno 2) in
>> keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>>
>
> Are you actually using a domain that ends in .local ? if so, try
> turning off Avahi on the member...
2019 Sep 05
0
migrated from gentoo to debian, DM throws errors ...
...a samba:
>>> what do I miss here:
>> update: maybe the reboot of the clients helped ... looks better now
>>
>>
>>
> Access works, but I still get
>
> [2019/09/05 17:49:41.888422, 1]
> ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> [2019/09/05 17:49:41.888521, 1]
> ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
>...
2018 Jul 01
2
DM 3.6.25 -> 4.x
Am 01.07.2018 um 11:04 schrieb Rowland Penny via samba:
> Do you have access to the Windows DC ?
> If so, can you check if the computer (u1customer) has the required cifs
> SPN, if it doesn't exist, it will need to be added.
I can talk to the windows-admin tmrw.
> Once you are sure it does exist, you can use 'net ads keytab add
> <principal>' to add it to
2015 Jul 27
2
Samba4 Domain member only usable with ip
...other two questions ?
>
> How are you trying to access the server ?
> What DNS are you using ?
>
> Rowland
>
>
Look at the log I got this error when using dnsname not wih the ip
[2015/07/27 16:50:06.225754, 1]
../source3/librpc/crypto/gse.c:465(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see
text): Failed to find cifs/smbfs.DOM.local at DOM.LOCAL(kvno 2) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
--
probeSys - spécialiste GNU/Linux
site web : http://www.probesys.com
2019 Nov 05
1
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
...gt; cifs/oldsamba at DOM.CORP
> # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
> cifs/oldsamba$@DOM.CORP
You then add to the keytab
> test from windows machine:
>
> [2019/11/05 13:14:49.108879, 1]
> ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/oldsamba at DOM.CORP(kvno 113) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Then something reads the keytab in memory and cannot find the required
SPN, or to put it another way, whatever is trying to find the SP...
2016 Sep 29
1
Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
...Windows Explorer - it starts to
ask for the password. It doesn't ask the password while accesssing it
via it's IP address, and I see in its logs the following (when accessing
it via its name):
[2016/09/20 10:54:31.451826, 1]
../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/wd.norma.com at NORMA.COM(kvno 2) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
(yup, I know norma.com isn't legitimate, but it's internal domain name).
How can I debug and solve this ?
norma.com is resolving from...
2019 Nov 15
2
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
...a member of that domain (it's a member
of TC83, which trusts TC84):
Nov 15 15:53:04 kvm7246-vm022 smbd[15209]: [2019/11/15 15:53:04.524996, 1,
pid=15209, effective(0, 0), real(0, 0)]
../../source3/librpc/crypto/gse.c:659(gse_get_server_auth_token)
Nov 15 15:53:04 kvm7246-vm022 smbd[15209]: gss_accept_sec_context failed
with [ Miscellaneous failure (see text): Failed to find
cifs/kvm7246-vm022.maas.local at TC84.LOCAL(kvno 10) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
Why is smbd looking for a principal of the form
"cifs/kvm7246-vm022.maas.local at TC84.LOCAL"?
n
[See
https://...