[Samba] Failed to find cifs/foo.bar in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Eugene M. Zheganin via samba
I'm using Samba 4.3.11 as a domain member on FreeBSD 10.x.
Some of my users (around 1%) are experiencing problems from time to
time, browsing this server's shares in Windows Explorer - it starts to
ask for the password. It doesn't ask the password while accesssing it
via it's IP address, and I see in its logs the following (when accessing
it via its name):
[2016/09/20 10:54:31.451826, 1]
../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/wd.nor...@NORMA.COM(kvno 2) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
(yup, I know norma.com isn't legitimate, but it's internal domain name).
How can I debug and solve this ?
norma.com is resolving from this machine, so does wd.norma.com. AD
controller shows the cifs/wd.nor...@NORMA.COM is mapped to the wd
machine (it wasn't, I mapped it by hand, but nothing changed).
I googled this issue a bit, but didn't find any appropriate solution.
I'm not using a dedicated keytab for samba (I tried once, to solve this
issue as was proposed in some article, but it made things even worse).
Thanks.
Eugene.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jeremy Allison via samba
> Hi.
>
> I'm using Samba 4.3.11 as a domain member on FreeBSD 10.x.
>
> Some of my users (around 1%) are experiencing problems from time to
> time, browsing this server's shares in Windows Explorer - it starts to
> ask for the password. It doesn't ask the password while accesssing it
> via it's IP address, and I see in its logs the following (when accessing
> it via its name):
When you access via IP then it's using NTLM so you
don't get the krb5 issue you're seeing here.
> [2016/09/20 10:54:31.451826, 1]
> ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see text):
> Failed to find cifs/wd.nor...@NORMA.COM(kvno 2) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>
> (yup, I know norma.com isn't legitimate, but it's internal domain name).
>
> How can I debug and solve this ?
> norma.com is resolving from this machine, so does wd.norma.com. AD
> controller shows the cifs/wd.nor...@NORMA.COM is mapped to the wd
> machine (it wasn't, I mapped it by hand, but nothing changed).
>
> I googled this issue a bit, but didn't find any appropriate solution.
> I'm not using a dedicated keytab for samba (I tried once, to solve this
> issue as was proposed in some article, but it made things even worse).
Oh I've been trying to track down THIS EXACT ISSUE this week
up at Microsoft !!!!! (But I can't get it to reproduce).
It seems to be when winbindd is changing the machine password.
As a work-around you can try setting "machine password timeout = 0"
to prevent winbindd changing the password.