Web lists-archives.com

Re: [Samba] gpupdate - Failed to find DC1 in keytab




On Fri, 3 Feb 2017 16:00:45 +0100
Łukasz Sellmann via samba <samba@xxxxxxxxxxxxxxx> wrote:

> any ideas ? please i got stuck and have no ideas what else i can do
> 
> 
> pozdrawiam
> 
> Łukasz Sellmann
> 
> 2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy@xxxxxxxxx>:
> 
> > Can someone help me with samba4 with internal dns. Something strange
> > showing in log.smbd when computers are doing gpupdate (becouse of
> > this error computers cant apply gpo)
> >
> > log.smbd on DC1:
> >
> > [2017/01/13 13:49:16.075361,
> > 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
> > GSS server Update(krb5)(1) Update failed:  Miscellaneous failure
> > (see text): Failed to find DC1$EXAMPLE.ORG(kvno 7) in keytab
> > FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
> > [2017/01/13 13:49:16.075405,
> > 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
> > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
> >
> >
> > klist on secrets.keytab:
> >
> > Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> > KVNO Principal
> > ----
> > --------------------------------------------------------------------------
> > 1 HOST/dc1@xxxxxxxxxxx (des-cbc-crc) 1
> > HOST/dc1.example.org@xxxxxxxxxxx (des-cbc-crc) 1 DC1$@EXAMPLE.ORG
> > (des-cbc-crc) 1 HOST/dc1@xxxxxxxxxxx (des-cbc-md5)
> >    1 HOST/dc1.example.org@xxxxxxxxxxx (des-cbc-md5)
> >    1 DC1$@EXAMPLE.ORG (des-cbc-md5)
> >    1 HOST/dc1@xxxxxxxxxxx (arcfour-hmac)
> >    1 HOST/dc1.example.org@xxxxxxxxxxx (arcfour-hmac)
> >    1 DC1$@EXAMPLE.ORG (arcfour-hmac)
> >    1 HOST/dc1@xxxxxxxxxxx (aes128-cts-hmac-sha1-96)
> >    1 HOST/dc1.example.org@xxxxxxxxxxx (aes128-cts-hmac-sha1-96)
> >    1 DC1$@EXAMPLE.ORG (aes128-cts-hmac-sha1-96)
> >    1 HOST/dc1@xxxxxxxxxxx (aes256-cts-hmac-sha1-96)
> >    1 HOST/dc1.example.org@xxxxxxxxxxx (aes256-cts-hmac-sha1-96)
> >    1 DC1$@EXAMPLE.ORG (aes256-cts-hmac-sha1-96)
> >
> >
> > Samba version: Version 4.3.11-Ubuntu with Internl_dns
> >
> > DC1 - has correct DNS configuration
> >
> > ping dc1 from computers - resolves to dc1 IP
> >
> > Domain computers can connect to the domain with no problems and has
> > correct dns (dc1 ip)
> >
> > samba-tool ntacl sysvolreset - not resolving problem
> >
> > Tried to generate secrets.keytab but still no results
> >
> > (https://wiki.samba.org/index.php/Keytab_Extraction)
> >
> > Tried to samba-tool user setpassword dc1$ (pasword dumped from
> > tdbdumb secrets.tdb ) - not resolving problem.
> >
> > What should i check to resolve this error ?
> >
> > Please any suggestions,
> >
> >
> > Regards
> > Lukasz
> >

Have checked permissions on the keytab ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba