search for: gss_accept_sec_context

Hello, my fileserver (Debian and samba packages 4.2.14+dfsg-0+deb8u9) connected to an AD with one Windows DC and one Samba DC get every 10 seconds the following error: [2018/08/07 12:52:15.351515, 1] ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Decrypt integrity check failed] [2018/08/07 12:52:15.351565, 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE [2018/08/07 12:52:15.351609, 2] ../auth/gensec/spnego.c:7...

Author: wyllys Repository: /hg/zfs-crypto/gate Revision: 1b97a96daa581c4f53b4fd8acceb76a27a9fe324 Log message: 6310540 6290437 causes gss_accept_sec_context not to output ret_flags whn no deleg cred; breaks ssh Files: update: usr/src/lib/libgss/g_accept_sec_context.c

...s_connect for domain DOMAIN failed: Preauthentication failed # LOG SMB ------------------------------------------------------------ ------------------------------------------------------------------- [2016/10/02 06:10:34.884360, 1] ../source3/librpc/crypto/gse.c :497(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/fs1.domain.local at DOMAIN.LOCAL(kvno 2) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] [2016/10/02 06:10:34.884404, 1] ../auth/gensec/spnego.c:541(ge nsec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed:...

...s_connect for domain DOMAIN failed: Preauthentication failed # LOG SMB ------------------------------------------------------------ ------------------------------------------------------------------- [2016/10/02 06:10:34.884360, 1] ../source3/librpc/crypto/gse. c:497(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/fs1.domain.local at DOMAIN.LOCAL(kvno 2) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] [2016/10/02 06:10:34.884404, 1] ../auth/gensec/spnego.c:541( gensec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed:...

what do I miss here: wbinfo -u / -g -/ -pPt works [2019/09/05 17:15:25.963590, 1] ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] [2019/09/05 17:15:25.963681, 1] ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negT...

...ieb Stefan G. Weichinger via samba: >> >> what do I miss here: > > update: maybe the reboot of the clients helped ... looks better now > > > Access works, but I still get [2019/09/05 17:49:41.888422, 1] ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] [2019/09/05 17:49:41.888521, 1] ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negT...

...rt 1960 ssh2 debug1: Got no client credentials debug1: An invalid name was supplied A parameter was malformed Validation error Couldn't convert client name debug1: do_cleanup I spent some time in the debugger, and found that essentially the problem was that ssh is calling ctx->major = gss_accept_sec_context(&ctx->minor, &ctx->context, ctx->creds, recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &ctx->client, &mech, send_tok, flags, NULL, &ctx->client_creds); and saving off ctx->client for later use. Under the hood, ctx->client is simply a gss_union_...

...gt; > >> Once you are sure it does exist, you can use 'net ads keytab add > >> <principal>' to add it to /etc/krb5.keytab > > We did that today, the cifs SPN is now on the DCs and in the samba > keytab. > > The message re-appeared though: > > gss_accept_sec_context failed with [Unspecified GSS failure. Minor > code may provide more information: Request ticket server > cifs/U1customer.customer.intra at customer.INTRA kvno 277 not found in > keytab; keytab is likely out of date] > One question I don't remember asking, just where is that messa...

...ork, generating the following error message: > [2019/06/26 11:24:13.015993, 3] ../../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot) > Selected protocol SMB2_10 > [2019/06/26 11:24:13.021148, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token) > gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/graz-file.ad.tao.at at AD.TAO.AT(kvno 100) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] > [2019/06/26 11:24:13.021265, 1] ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) > gensec_spnego_serv...

hello, today the following problem occurred: [2019/10/08 09: 57: 23.568282, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token) gss_accept_sec_context failed with [Miscellaneous failure (see text): Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab MEMORY: cifs_srv_keytab (arcfour-hmac-md5)] in my smb.conf I have the lines: kerberos method = dedicated keytab dedicated keytab file = /etc/samba/fs.keytab # net ads keytab list Vno...

.../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE [2019/10/08 10:58:09.634532, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/dom.corp at DOM.CORP(kvno 109) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] before 10:00 it used kvno (kerberos version number) 108 after 10:00 kvno 109. Il giorno mar 8 ott 2019 alle ore 22:26 Rowland penny via samba &lt...

...he WindowsXP. I see it's record with ldbsearch. Trying to login with the WindowsXP I get an error on the domain_member_file_server in the file <IP-address-of-client.log> saying: >>> [2017/01/11 16:42:34.522067, 1] ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] [2017/01/11 16:42:34.522095, 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed...

Hello, I'v to migrate one file server (old samba 3) to a new file samba 4, I thought I could use the parameters netbios aliases = oldsamba but it doesn't work, trying to access the share, with the old names, the credentials popup appears and the log show: gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/oldsamba3 at lan.corp(kvno 107) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] unfortunately I have to keep active also the old server for which I thought I could solve with the dns. any help? thnx.

...> What DNS are you using ? >>> >>> Rowland >>> >>> >> Look at the log I got this error when using dnsname not wih the ip >> >> [2015/07/27 16:50:06.225754, 1] >> ../source3/librpc/crypto/gse.c:465(gse_get_server_auth_token) >> gss_accept_sec_context failed with [ Miscellaneous failure (see >> text): Failed to find cifs/smbfs.DOM.local at DOM.LOCAL(kvno 2) in >> keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] >> > > Are you actually using a domain that ends in .local ? if so, try > turning off Avahi on the member...

...a samba: >>> what do I miss here: >> update: maybe the reboot of the clients helped ... looks better now >> >> >> > Access works, but I still get > > [2019/09/05 17:49:41.888422, 1] > ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token) > gss_accept_sec_context failed with [ Miscellaneous failure (see text): > Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab > MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] > [2019/09/05 17:49:41.888521, 1] > ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) >...

Am 01.07.2018 um 11:04 schrieb Rowland Penny via samba: > Do you have access to the Windows DC ? > If so, can you check if the computer (u1customer) has the required cifs > SPN, if it doesn't exist, it will need to be added. I can talk to the windows-admin tmrw. > Once you are sure it does exist, you can use 'net ads keytab add > <principal>' to add it to

...other two questions ? > > How are you trying to access the server ? > What DNS are you using ? > > Rowland > > Look at the log I got this error when using dnsname not wih the ip [2015/07/27 16:50:06.225754, 1] ../source3/librpc/crypto/gse.c:465(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/smbfs.DOM.local at DOM.LOCAL(kvno 2) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] -- probeSys - spécialiste GNU/Linux site web : http://www.probesys.com

...gt; cifs/oldsamba at DOM.CORP > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD > cifs/oldsamba$@DOM.CORP You then add to the keytab > test from windows machine: > > [2019/11/05 13:14:49.108879, 1] > ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token) > gss_accept_sec_context failed with [ Miscellaneous failure (see text): > Failed to find cifs/oldsamba at DOM.CORP(kvno 113) in keytab > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] Then something reads the keytab in memory and cannot find the required SPN, or to put it another way, whatever is trying to find the SP...

...Windows Explorer - it starts to ask for the password. It doesn't ask the password while accesssing it via it's IP address, and I see in its logs the following (when accessing it via its name): [2016/09/20 10:54:31.451826, 1] ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/wd.norma.com at NORMA.COM(kvno 2) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] (yup, I know norma.com isn't legitimate, but it's internal domain name). How can I debug and solve this ? norma.com is resolving from...

...a member of that domain (it's a member of TC83, which trusts TC84): Nov 15 15:53:04 kvm7246-vm022 smbd[15209]: [2019/11/15 15:53:04.524996, 1, pid=15209, effective(0, 0), real(0, 0)] ../../source3/librpc/crypto/gse.c:659(gse_get_server_auth_token) Nov 15 15:53:04 kvm7246-vm022 smbd[15209]: gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/kvm7246-vm022.maas.local at TC84.LOCAL(kvno 10) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] Why is smbd looking for a principal of the form "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"? n [See https://...