On ti, 12 maalis 2019, fujisan via FreeIPA-users wrote:
I messed up somehow with my samba server.
I'm trying to access a linux share from windows and the log on the linux
server says:
[Unspecified GSS failure. Minor code may provide more information: Request
ticket server cifs/myserver.mydomain.local(a)MYDOMAIN.LOCAL kvno 8 not found
in keytab; ticket is likely out of date]
How can I fix this?
Can you give more details about your setup? Where you run your
Samba
server? A config below looks like the one for ipa-adtrust-install on IPA
master, so do you run it on IPA master?
Can you explain what you did to set it up?
Can you show output of
kinit admin
kvno cifs/myserver.mydomain.local(a)MYDOMAIN.LOCAL
?
Thank you.
-----------------------------------------
# net ads keytab list
Vno Type Principal
16 AES-256 CTS mode with 96-bit SHA-1 HMAC
cifs/myserver.mydomain.local(a)MYDOMAIN.LOCAL
16 AES-128 CTS mode with 96-bit SHA-1 HMAC
cifs/myserver.mydomain.local(a)MYDOMAIN.LOCAL
-----------------------------------------
# net conf list
[global]
workgroup = MYDOMAIN.LOCAL
netbios name = MYSERVER
realm = MYDOMAIN.LOCAL
kerberos method = dedicated keytab
dedicated keytab file = /etc/samba/samba.keytab
create krb5 conf = no
security = user
domain master = yes
domain logons = yes
log level = 1
max log size = 100000
log file = /var/log/samba/log.%m
passdb backend =
ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket
disable spoolss = yes
ldapsam:trusted = yes
ldap ssl = off
ldap suffix = dc=mydomain,dc=local
ldap user suffix = cn=users,cn=accounts
ldap group suffix = cn=groups,cn=accounts
ldap machine suffix = cn=computers,cn=accounts
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
[scratch]
path = /data/scratch
comment = Scratch shared files
create mask = 0644
invalid users = opera
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland