Web lists-archives.com

[Samba] AD member server, some users suddenly can only connect to shares via ip address

I've got some 4.6.5 member servers (debian stretch) that have been running flawlessly for many months. Suddenly a few users get a password prompt when connecting to shares. But they can connect with the ip address. (windows 7 and 10 clients). This happened on all of the member servers at the same time.

The chances of getting the password prompt seem to increase if you are on a different subnet, especially a remote one (WAN connection). There are no firewalls between the subnets.

The key error seems to be this

  gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/pta-cluster.ad.gibb.co.za@xxxxxxxxxxxxx(kvno 81) in keytab MEMORY:cifs_srv__keytab (aes256-cts-hmac-sha1-96)]

(pta-cluster.ad.gibb.co.za is the member server)

I'm guessing this is a kerberos keytab error. I am using the default kerberos method in smb.conf.

dig and dig -x show the expected results, as do nslookup on the windows clients

My DC's are real Windows 2008 and 2012 servers.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba