On Mon, 2 Jul 2018 09:49:52 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2018-07-01 um 15:56 schrieb Stefan G. Weichinger via samba: > > Am 01.07.2018 um 11:04 schrieb Rowland Penny via samba: > > > >> Do you have access to the Windows DC ? > >> If so, can you check if the computer (u1customer) has the required > >> cifs SPN, if it doesn't exist, it will need to be added. > > > > I can talk to the windows-admin tmrw. > > > >> Once you are sure it does exist, you can use 'net ads keytab add > >> <principal>' to add it to /etc/krb5.keytab > > We did that today, the cifs SPN is now on the DCs and in the samba > keytab. > > The message re-appeared though: > > gss_accept_sec_context failed with [Unspecified GSS failure. Minor > code may provide more information: Request ticket server > cifs/U1customer.customer.intra at customer.INTRA kvno 277 not found in > keytab; keytab is likely out of date] >One question I don't remember asking, just where is that message appearing ? and is it the exact message (complete with headers, times etc. What I am trying to get at, is this a Samba problem or some form of mounting problem i.e. is something asking for a particular keytab that has gone out of date. Rowland
Am 2018-07-02 um 10:32 schrieb Rowland Penny:> On Mon, 2 Jul 2018 09:49:52 +0200 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: >> The message re-appeared though: >> >> gss_accept_sec_context failed with [Unspecified GSS failure. Minor >> code may provide more information: Request ticket server >> cifs/U1customer.customer.intra at customer.INTRA kvno 277 not found in >> keytab; keytab is likely out of date] > > One question I don't remember asking, just where is that message > appearing ? and is it the exact message (complete with headers, times > etc. > > What I am trying to get at, is this a Samba problem or some form of > mounting problem i.e. is something asking for a particular keytab that > has gone out of date.It is appearing in /var/log/samba/log.smbd An additional issue today: *some* windows-7 PCs get the GPOs from the (windows-)DCs, but don't get the samba-shares mounted. Might these gss-errors point at some mismatch here? The windows-admin is currently testing things via RDP on a problematic client. - We ran *without* specific keytab on samba until saturday. Should I get rid of that maybe?
On Mon, 2 Jul 2018 10:37:56 +0200 "Stefan G. Weichinger" <lists at xunil.at> wrote:> Am 2018-07-02 um 10:32 schrieb Rowland Penny: > > On Mon, 2 Jul 2018 09:49:52 +0200 > > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > >> The message re-appeared though: > >> > >> gss_accept_sec_context failed with [Unspecified GSS failure. Minor > >> code may provide more information: Request ticket server > >> cifs/U1customer.customer.intra at customer.INTRA kvno 277 not found in > >> keytab; keytab is likely out of date] > > > > One question I don't remember asking, just where is that message > > appearing ? and is it the exact message (complete with headers, > > times etc. > > > > What I am trying to get at, is this a Samba problem or some form of > > mounting problem i.e. is something asking for a particular keytab > > that has gone out of date. > > It is appearing in /var/log/samba/log.smbd > > An additional issue today: > > *some* windows-7 PCs get the GPOs from the (windows-)DCs, but don't > get the samba-shares mounted. > > Might these gss-errors point at some mismatch here? > > The windows-admin is currently testing things via RDP on a problematic > client. > > - > > We ran *without* specific keytab on samba until saturday. Should I get > rid of that maybe?I thought the keytab was a long term one (you can hardly call 'since last Saturday' a long term ). You do not need /etc/krb5.keytab, Samba maintains another keytab in memory and this is very probably where your '277' is coming from. Rowland