Displaying 20 results from an estimated 5000 matches similar to: "Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab"
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hai,
I've re-read you thread, and there are a few things going-on..
I suggest you do the following..
Change these.
/etc/krb5.conf
[libdefaults]
default_realm = DOM.CORP
dns_lookup_kdc = true
dns_lookup_realm = false
forwardable = true
proxiable = true
kdc_timesync = 1
debug = false
/etc/samba/smb.conf
[Global]
workgroup = WG1
realm = DOM.CORP
# Netbios names in
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
samba-tool computer remove oldsamba
Il giorno mar 5 nov 2019 alle ore 17:04 L.P.H. van Belle <belle at bazuin.nl>
ha scritto:
> Hai,
>
> Well that great you found it.
>
> Ah.. so you removed the entry from the DNS or ADDB?
> Can you tell what you exactly did, that might help the next person with a
> problem like this.
>
> And not many list messages today.. ;-)
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hai,
Nope.. To much again ;-)
This is one step to much:
step2:
# KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba.dom.corp at DOM.CORP
# KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba at DOM.CORP
# KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba$@DOM.CORP
And why are you adding @REALM .. Do it exactly as shown below.
Because
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Luis, ok I'v removed everything, step 1:
KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P
klist -ke /etc/krb5.keytab2|grep 7|sort
7 cifs/FS-A at DOM.CORP (aes128-cts-hmac-sha1-96)
7 cifs/FS-A at DOM.CORP (aes256-cts-hmac-sha1-96)
7 cifs/FS-A at DOM.CORP (arcfour-hmac)
7 cifs/FS-A at DOM.CORP (des-cbc-crc)
7 cifs/FS-A at DOM.CORP (des-cbc-md5)
7
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Luis, my typos, I'v to mask the output sorry (compliance)
# su - testuser
$ smbclient --option='client min protocol=NT1' -U testuser
//oldsamba/testuser -c 'ls'
Unable to initialize messaging context
Enter DOM\testuser's password:
session setup failed: NT_STATUS_LOGON_FAILURE
[2019/11/05 15:50:50.009481, 1]
../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
2019 Nov 05
1
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
On 05/11/2019 12:17, banda bassotti via samba wrote:
> Luis, ok I'v removed everything, step 1:
>
> KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P
I have said this once already, but, I will try again ;-)
You are creating a keytab, which may or may not be called /etc/krb5.keytab2
> step2:
> # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD
>
2019 Oct 16
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hi Rowland, I refer again after a week, perhaps missing an important piece
to the big picture: the error message appears ONLY when you access the
share using the netbios alias:
[Global]
workgroup = WG1
realm = DOM.CORP
netbios name = fs-a
netbios aliases = oldsamba
security = ADS
if you access the \\fs-a\sharename is ok if you access
\\oldsamba\sharename the logs report the
2019 Oct 09
2
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Rowland, it is not a problem of mount but of kerberso ticket:
[2019/10/08 10:58:09.626059, 1]
../../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT
content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
[2019/10/08 10:58:09.634532, 1]
../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
2019 Oct 29
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hi, the problem seems to be related to this bug:
https://bugzilla.samba.org/show_bug.cgi?id=6750
I try therefore to set
machine password timeout = 0
Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba <
samba at lists.samba.org> ha scritto:
> On 29/10/2019 10:04, banda bassotti wrote:
> > I had already done it:
> >
> > # samba-tool spn list
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hai,
> > Change this one.
> > /etc/hosts
> > 10.0.0.2 fs-a.dom.corp fs-a oldsamba # Old/wrong
> > 10.0.0.2 fs-a.dom.corp fs-a oldsamba.dom.corp oldsamba #
> new/correct
> > Or
> > 10.0.0.2 fs-a.dom.corp fs-a oldsamba.dom.corp # new/correct
> No, none of them are correct
No, Rowland, your really wrong here. ( i dont say that often.. ) :-p
But i give
2019 Nov 05
7
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok,
Your keytab looks ok now.
oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp.
fs-a.dom.corp has address 10.0.0.2
i would have expected here.
oldsamba.dom.corp is an alias for fs-a.dom.corp.
fs-a.dom.corp has address 10.0.0.2
Or was that a typo? I assuming a typo..
About your setup from the script outpout.
Change this one.
/etc/hosts
10.0.0.2 fs-a.dom.corp fs-a oldsamba #
2019 Nov 05
5
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok, you did to much as far i can tell.
You want to see this: i'll show my output, then i is better to see what i mean.
this is where you start with.
klist -ke |sort ( default member )
---- --------------------------------------------------------------------------
3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96)
3 host/HOSTNAME1 at REALM.DOMAIN.TLD
2019 Oct 08
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
hello, today the following problem occurred:
[2019/10/08 09: 57: 23.568282, 1]
../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
gss_accept_sec_context failed with [Miscellaneous failure (see text):
Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab
MEMORY: cifs_srv_keytab (arcfour-hmac-md5)]
in my smb.conf I have the lines:
kerberos method = dedicated keytab
2019 Nov 19
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
In case you missed the link in the original email, here's the smb.conf:
[global]
kerberos method = secrets and keytab
logging = systemd
realm = TC83.LOCAL
security = ADS
template homedir = /home/%U@%D
template shell = /bin/bash
winbind offline logon = Yes
winbind refresh tickets = Yes
workgroup = TC83
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
2019 Sep 26
0
access to share with dns alias hostname
For this to work
Below shows a A on the old hostname, correct ?
With the "netbios alias" used in samba.
Setup like this :
The new server..
hostname => DNS A
IP => DNS PTR
Netbios Alias => CNAME OLDSERVERNAME
And try again.
Remove the A/PTR of the old hostname also.
Only a CNAME is sufficient..
Note, the new server MUST have A and PTR setup.
optional, set dns
2019 Nov 15
3
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Here's the keytab info:
ubuntu at kvm7246-vm022:~/samba$ sudo klist -ek /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 1)
12 host/KVM7246-VM022 at TC83.LOCAL (etype 1)
12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 3)
12
2019 Nov 20
4
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Your config looks ok, as far i can tell.
This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
As it should spn/hostname.fqdn at REALM nothing wrong with that.
But if i understand it right.
Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( NTDOM:TC83 )
But you get TC84 back?.
On the problem server run the following:
dig a kvm7246-vm022.maas.local @IP_of_AD-DC
2019 Sep 26
3
access to share with dns alias hostname
Hi, below the required files:
smb.conf of ucs master:
[global]
logging = file
max log size = 0
netbios name = ucs
server role = active directory domain controller
name resolve order = wins host bcast
server string = Univention Corporate Server
server services = -dns -smb +s3fs -nbt
server role check:inhibit
2020 Jun 10
1
kinit with SPN fail
The production will be updated as soon as possible, back to the kinit it
seems to me that we are going around the problem :) I will do tests, in the
next few days I will make up for it unless there are some hints.
thanks.
Il giorno mer 10 giu 2020 alle ore 20:46 Rowland penny via samba <
samba at lists.samba.org> ha scritto:
> On 10/06/2020 19:25, banda bassotti via samba wrote:
>
2019 Sep 26
5
access to share with dns alias hostname
Hello, I'v to migrate one file server (old samba 3) to a new file samba 4,
I thought I could use the parameters netbios aliases = oldsamba but it
doesn't work, trying to access the share, with the old names, the
credentials popup appears and the log show:
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/oldsamba3 at lan.corp(kvno 107) in keytab