Web lists-archives.com

[Samba] AD member server, some users suddenly can only connect to shares via ip address




I've got some 4.6.5 member servers (debian stretch) that have been running flawlessly for many months. Suddenly a few users get a password prompt when connecting to shares. But they can connect with the ip address. (windows 7 and 10 clients). This happened on all of the member servers at the same time.

The chances of getting the password prompt seem to increase if you are on a different subnet, especially a remote one (WAN connection). There are no firewalls between the subnets.

The key error seems to be this

  gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/pta-cluster.ad.gibb.co.za@xxxxxxxxxxxxx(kvno 81) in keytab MEMORY:cifs_srv__keytab (aes256-cts-hmac-sha1-96)]

(pta-cluster.ad.gibb.co.za is the member server)

I'm guessing this is a kerberos keytab error. I am using the default kerberos method in smb.conf.

dig and dig -x show the expected results, as do nslookup on the windows clients

My DC's are real Windows 2008 and 2012 servers.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba