Web lists-archives.com

Re: [Samba] gpo not applied a boot computer




On Tue, 2019-02-26 at 15:57 +0100, David Jehin via samba wrote:
> Hello everyone
> since now a certain time I pull my hair and do not understand the
> source of
> my problem.
> after a samba 3 pdc migration to samba 4.8.5 AD, when a windows
> client
> starts the gpo computer is not applied to the boot.
> in the windows logs there are 1058 GPO errors and server side samba
> here
> are the logs:
> 
>   GSS server Update (krb5) (1) Update failed: Miscellaneous failure
> (see
> text): Failed to find SAMBA4$@FSS.LAN (kvno 2) in keytab FILE:
> /var/lib/samba/private/secrets.keytab (arcfour -hmac-md5)
> [2019/02/20 11: 20: 33.013351, 1]
> ../auth/gensec/spnego.c:1218(gensec_spnego_server_negTokenInit_step)
>    gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
> NEG_TOKEN_INIT content failed (next [(null)]):
> NT_STATUS_LOGON_FAILURE
> [2019/02/20 11: 20: 33.041913, 1]
> ../source4/auth/gensec/gensec_gssapi.c:790(gensec_gssapi_update_inter
> nal)
> 
> thank you again for your participation.

In my notes if you use --dns-backend=BIND9_DLZ

# To start named (bind) 
chgrp named /var/lib/samba/private
chmod g+rx /var/lib/samba/private

Samba 4.8 
ls -lai /var/lib/samba/bind-dns/dns/sam.ldb.d/
(everything 660 e root:named)

ll /var/lib/samba/bind-dns/dns/
-rw-rw---- 1 root named 3014656 Nov 15 16:36 sam.ldb
drwxrwx--- 2 root named     281 Nov 15 16:36 sam.ldb.d

chmod g+w /var/lib/samba/bind-dns
chgrp named /var/lib/samba/private/dns.keytab
chmod g+r  /var/lib/samba/private/dns.keytab



-- 
Sérgio M. B.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba