Bug 11364 - Failed to find cifs/... (kvno 1) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Summary: Failed to find cifs/... (kvno 1) in keytab MEMORY:cifs_srv_keytab (arcfour-hm...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.2.2
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-26 06:27 UTC by Marc Muehlfeld
Modified: 2019-08-01 13:39 UTC (History)
2 users (show)

See Also:


Attachments
Level 10 Debug Log (324.01 KB, text/plain)
2015-06-26 06:27 UTC, Marc Muehlfeld
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Muehlfeld 2015-06-26 06:27:05 UTC
Created attachment 11204 [details]
Level 10 Debug Log

On some of my 4.2.2 and 4.1.17 servers, the logs are getting filled with the following error:

[2015/06/24 03:46:17.051077,  1, pid=32134, effective(0, 0), real(0, 0)] ../source3/librpc/crypto/gse.c:466(gse_get_server_auth_token)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/storage-03.mr.lfmg.de@MUC.MEDIZINISCHE-GENETIK.DE(kvno 1) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]


The messages are still logged, if I remove the machine account from (Samba) AD, delete all local Samba databases and rejoin the host to the domain.


Andreas Schneider supposed on IRC, because of the "no prev machine password" entry in the level 10 debug log, that the machine account password in secrets.tdb is missing/wrong. I run "net ads changetrustpw" which succeeded and I got a new password in the secrets.tdb in SECRETS/MACHINE_PASSWORD.PREV/MUC afterwards. However, this doesn't helped either and the above error is still logged.


Samba is self compiled and runs on CentOS 7.1.
Comment 1 Stefan Metzmacher 2019-08-01 13:39:21 UTC
I don't think this is a problem in current releases.