search for: oldsamba

Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this o...

...the procedure step by step (which I had already done) but unfortunately I always have the same error: [2019/11/05 11:49:47.748159, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/oldsamba at DOM.CORP(kvno 113) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] please pay attention to (kvno 113) the problem is here and not the keytab file. klist -ke /etc/krb5.keyatb Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- --------------------------------------------------...

Luis, my typos, I'v to mask the output sorry (compliance) # su - testuser $ smbclient --option='client min protocol=NT1' -U testuser //oldsamba/testuser -c 'ls' Unable to initialize messaging context Enter DOM\testuser's password: session setup failed: NT_STATUS_LOGON_FAILURE [2019/11/05 15:50:50.009481, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous fa...

samba-tool computer remove oldsamba Il giorno mar 5 nov 2019 alle ore 17:04 L.P.H. van Belle <belle at bazuin.nl> ha scritto: > Hai, > > Well that great you found it. > > Ah.. so you removed the entry from the DNS or ADDB? > Can you tell what you exactly did, that might help the next person with a > prob...

Hai, Nope.. To much again ;-) This is one step to much: step2: # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba.dom.corp at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba$@DOM.CORP And why are you adding @REALM .. Do it exactly as shown below. Because a CNAME resolves to the REAL hostname it&...

...cts-hmac-sha1-96) 7 host/fs-a.dom.corp at DOM.CORP (aes256-cts-hmac-sha1-96) 7 host/fs-a.dom.corp at DOM.CORP (arcfour-hmac) 7 host/fs-a.dom.corp at DOM.CORP (des-cbc-crc) 7 host/fs-a.dom.corp at DOM.CORP (des-cbc-md5) step2: # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba.dom.corp at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba$@DOM.CORP klist 7 cifs/FS-A at DOM.CORP (aes128-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (aes256-cts-hmac-sha1-96)...

...already done it: > > > > # samba-tool spn list newsamba\$ > > newsamba$ > > User CN=newsamba,CN=Computers,DC=domain,DC=corp has the following > > servicePrincipalName: > > HOST/NEWSAMBA > > HOST/newsamba.domain.corp > > cifs/oldsamba at DOMAIN.CORP > > cifs/oldsamba.domain.corp at DOMAIN.CORP > > From your log fragment, it appears to be looking for > 'cifs/OLDSAMBA at DOMAIN.CORP', the case matters. You will probably have to > remove the lowercase version SPN and replace it with the uppercase...

Hi Rowland, I refer again after a week, perhaps missing an important piece to the big picture: the error message appears ONLY when you access the share using the netbios alias: [Global] workgroup = WG1 realm = DOM.CORP netbios name = fs-a netbios aliases = oldsamba security = ADS if you access the \\fs-a\sharename is ok if you access \\oldsamba\sharename the logs report the absence of the kerberos ticket, to overcome this I have to re-import the oldsamba keytab with ktutil. ciao. Il giorno mer 9 ott 2019 alle ore 09:16 Rowland penny via samba < samb...

...g, step 1: > > KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P I have said this once already, but, I will try again ;-) You are creating a keytab, which may or may not be called /etc/krb5.keytab2 > step2: > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD > cifs/oldsamba.dom.corp at DOM.CORP > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD > cifs/oldsamba at DOM.CORP > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD > cifs/oldsamba$@DOM.CORP You then add to the keytab > test from windows machine: > > [2019/11/05 13:14:49.108879...

Hai, > > Change this one. > > /etc/hosts > > 10.0.0.2 fs-a.dom.corp fs-a oldsamba # Old/wrong > > 10.0.0.2 fs-a.dom.corp fs-a oldsamba.dom.corp oldsamba # > new/correct > > Or > > 10.0.0.2 fs-a.dom.corp fs-a oldsamba.dom.corp # new/correct > No, none of them are correct No, Rowland, your really wrong here. ( i dont say that often.. ) :-p But i give...

...nl-nl/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and # Verify in DNS the following, A - PTR records for netbios name, setup CNAME for all alias-names, # point CNAME to the A record if which the PTR also exists.. netbios name = FS-A netbios aliases = OLDSAMBA security = ADS # kerberos method = secrets and keytab dedicated keytab file = /etc/krb5.keytab # renew the kerberos ticket winbind refresh tickets = yes ON THIS MEMBER... ( you dont run : samba-tool spn list ..... ) You run : net ads keytab cp /etc/krb5.keytab{,.backup} kinit...

Rowland, it is not a problem of mount but of kerberso ticket: [2019/10/08 10:58:09.626059, 1] ../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE [2019/10/08 10:58:09.634532, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)

Hello, I'v to migrate one file server (old samba 3) to a new file samba 4, I thought I could use the parameters netbios aliases = oldsamba but it doesn't work, trying to access the share, with the old names, the credentials popup appears and the log show: gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/oldsamba3 at lan.corp(kvno 107) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]...

...lem was using the original DC name. > > Another question: > When you said clean out samba records, what files should I delete? > (/usr/local/samba/private/sam.ldb.d/*   ?) > > > Ah, you are using a self compiled Samba, this is even easier, move /usr/local/samba to /usr/local/oldsamba , then run 'make install again. You will get a perfectly new /usr/local/samba again ;-) Rowland

...sing the > original DC name. > >> Another question: >> When you said clean out samba records, what files should I delete? >> (/usr/local/samba/private/sam.ldb.d/*   ?) > Ah, you are using a self compiled Samba, this is even easier, > move /usr/local/samba to /usr/local/oldsamba , then run 'make install > again. You will get a perfectly new /usr/local/samba again ;-) > > Rowland > > >

...Verzonden: donderdag 26 september 2019 11:13 > Aan: samba at lists.samba.org > Onderwerp: [Samba] access to share with dns alias hostname > > Hello, I'v to migrate one file server (old samba 3) to a new > file samba 4, > I thought I could use the parameters netbios aliases = oldsamba but it > doesn't work, trying to access the share, with the old names, the > credentials popup appears and the log show: > > gss_accept_sec_context failed with [ Miscellaneous failure > (see text): > Failed to find cifs/oldsamba3 at lan.corp(kvno 107) in keytab > MEMORY...

...Louis? ? ------------------------- ? Van: banda bassotti [mailto:bandabasotti at gmail.com] Verzonden: dinsdag 5 november 2019 17:10 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab samba-tool computer remove oldsamba? Il giorno mar 5 nov 2019 alle ore 17:04 L.P.H. van Belle <belle at bazuin.nl> ha scritto: Hai, ? Well that great you found it. ? Ah.. so you removed the entry from the DNS or ADDB?? Can?you tell what you exactly did, that might help the next person with a problem like this. ? And not...

On Tue, 31 Jul 2018 07:37:38 -0500 Denis Morejon via samba <samba at lists.samba.org> wrote: > Hi: > > I have two samba 4.7.4 DCs. One of them has problems. I can not use > samba-tool on it. Then, when I try to fix It's database It returns: > > ------------------------------------------------------------------------------------------------------------------- >

...short preserve case = yes guest account = nobody map to guest = Bad User admin users = administrator join-backup usershare max shares = 0 smb.conf of new member server: [global] workgroup = LAN realm = lan.corp netbios name = fs1 netbios aliases = oldsamba3 security = ADS logging = file log level = 1 auth_audit:3 log file = /var/log/samba/%m.log idmap config *:backend = tdb idmap config *:range = 300000-400000 idmap config LAN:backend = rid idmap config LAN:range = 500000-700000 vfs objects = acl_xattr full_audit map acl inh...