Hallo,
habe eben das Problem gehabt, dass sich bei Kunde einige Benutzer nicht mehr anmelden konnten, Problem war im Log- File schnell gefunden.
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find S-VUCS04$@DOM.LOCAL(kvno 4) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5)
[2013/02/11 09:56:00.650546, 1, pid=28134] ../auth/gensec/spnego.c:574(gensec_spnego_parse_negTokenInit)
[code]root@s-vucs04:~# ktutil -k /etc/krb5.keytab list
/etc/krb5.keytab:
Vno Type Principal Aliases
5 des-cbc-crc HOST/s-vucs04@dom.LOCAL
5 des-cbc-crc HOST/s-vucs04.dom.local@dom.LOCAL
5 des-cbc-crc host/s-vucs04.dom.local@dom.LOCAL
5 des-cbc-crc ldap/s-vucs04.dom.local@dom.LOCAL
5 des-cbc-crc S-VUCS04$@dom.LOCAL
5 des-cbc-md5 HOST/s-vucs04@dom.LOCAL
5 des-cbc-md5 HOST/s-vucs04.dom.local@dom.LOCAL
5 des-cbc-md5 host/s-vucs04.dom.local@dom.LOCAL
5 des-cbc-md5 ldap/s-vucs04.dom.local@dom.LOCAL
5 des-cbc-md5 S-VUCS04$@dom.LOCAL
5 arcfour-hmac-md5 HOST/s-vucs04@dom.LOCAL
5 arcfour-hmac-md5 HOST/s-vucs04.dom.local@dom.LOCAL
5 arcfour-hmac-md5 host/s-vucs04.dom.local@dom.LOCAL
5 arcfour-hmac-md5 ldap/s-vucs04.dom.local@dom.LOCAL
5 arcfour-hmac-md5 S-VUCS04$@dom.LOCAL
5 aes128-cts-hmac-sha1-96 HOST/s-vucs04@dom.LOCAL
5 aes128-cts-hmac-sha1-96 HOST/s-vucs04.dom.local@dom.LOCAL
5 aes128-cts-hmac-sha1-96 host/s-vucs04.dom.local@dom.LOCAL
5 aes128-cts-hmac-sha1-96 ldap/s-vucs04.dom.local@dom.LOCAL
5 aes128-cts-hmac-sha1-96 S-VUCS04$@dom.LOCAL
5 aes256-cts-hmac-sha1-96 HOST/s-vucs04@dom.LOCAL
5 aes256-cts-hmac-sha1-96 HOST/s-vucs04.dom.local@dom.LOCAL
5 aes256-cts-hmac-sha1-96 host/s-vucs04.dom.local@dom.LOCAL
5 aes256-cts-hmac-sha1-96 ldap/s-vucs04.dom.local@dom.LOCAL
5 aes256-cts-hmac-sha1-96 S-VUCS04$@dom.LOCAL
6 des-cbc-crc HOST/s-vucs04@dom.LOCAL
6 des-cbc-crc HOST/s-vucs04.dom.local@dom.LOCAL
6 des-cbc-crc host/s-vucs04.dom.local@dom.LOCAL
6 des-cbc-crc ldap/s-vucs04.dom.local@dom.LOCAL
6 des-cbc-crc S-VUCS04$@dom.LOCAL
6 des-cbc-md5 HOST/s-vucs04@dom.LOCAL
6 des-cbc-md5 HOST/s-vucs04.dom.local@dom.LOCAL
6 des-cbc-md5 host/s-vucs04.dom.local@dom.LOCAL
6 des-cbc-md5 ldap/s-vucs04.dom.local@dom.LOCAL
6 des-cbc-md5 S-VUCS04$@dom.LOCAL
6 arcfour-hmac-md5 HOST/s-vucs04@dom.LOCAL
6 arcfour-hmac-md5 HOST/s-vucs04.dom.local@dom.LOCAL
6 arcfour-hmac-md5 host/s-vucs04.dom.local@dom.LOCAL
6 arcfour-hmac-md5 ldap/s-vucs04.dom.local@dom.LOCAL
6 arcfour-hmac-md5 S-VUCS04$@dom.LOCAL
6 aes128-cts-hmac-sha1-96 HOST/s-vucs04@dom.LOCAL
6 aes128-cts-hmac-sha1-96 HOST/s-vucs04.dom.local@dom.LOCAL
6 aes128-cts-hmac-sha1-96 host/s-vucs04.dom.local@dom.LOCAL
6 aes128-cts-hmac-sha1-96 ldap/s-vucs04.dom.local@dom.LOCAL
6 aes128-cts-hmac-sha1-96 S-VUCS04$@dom.LOCAL
6 aes256-cts-hmac-sha1-96 HOST/s-vucs04@dom.LOCAL
6 aes256-cts-hmac-sha1-96 HOST/s-vucs04.dom.local@dom.LOCAL
6 aes256-cts-hmac-sha1-96 host/s-vucs04.dom.local@dom.LOCAL
6 aes256-cts-hmac-sha1-96 ldap/s-vucs04.dom.local@dom.LOCAL
6 aes256-cts-hmac-sha1-96 S-VUCS04$@dom.LOCAL[/code]
Hier fehlt die 4te Version des Keys??
Im private Ordner ist diese Version jedoch zu finden:
[code]root@s-vucs04:~# ktutil -k /var/lib/samba/private/secrets.keytab list
/var/lib/samba/private/secrets.keytab:
Vno Type Principal Aliases
4 des-cbc-crc HOST/s-vucs04@dom.LOCAL
4 des-cbc-crc HOST/s-vucs04.dom.local@dom.LOCAL
4 des-cbc-crc S-VUCS04$@dom.LOCAL
4 des-cbc-md5 HOST/s-vucs04@dom.LOCAL
4 des-cbc-crc host/s-vucs04.dom.local@dom.LOCAL
4 des-cbc-md5 S-VUCS04$@dom.LOCAL
4 arcfour-hmac-md5 HOST/s-vucs04@dom.LOCAL
4 des-cbc-crc ldap/s-vucs04.dom.local@dom.LOCAL
4 arcfour-hmac-md5 S-VUCS04$@dom.LOCAL
4 aes128-cts-hmac-sha1-96 HOST/s-vucs04@dom.LOCAL
4 des-cbc-md5 HOST/s-vucs04.dom.local@dom.LOCAL
4 aes128-cts-hmac-sha1-96 S-VUCS04$@dom.LOCAL
4 des-cbc-md5 host/s-vucs04.dom.local@dom.LOCAL
4 des-cbc-md5 ldap/s-vucs04.dom.local@dom.LOCAL
4 aes256-cts-hmac-sha1-96 S-VUCS04$@dom.LOCAL
4 arcfour-hmac-md5 HOST/s-vucs04.dom.local@dom.LOCAL
4 arcfour-hmac-md5 host/s-vucs04.dom.local@dom.LOCAL
4 arcfour-hmac-md5 ldap/s-vucs04.dom.local@dom.LOCAL
4 aes128-cts-hmac-sha1-96 HOST/s-vucs04.dom.local@dom.LOCAL
4 aes128-cts-hmac-sha1-96 host/s-vucs04.dom.local@dom.LOCAL
4 aes128-cts-hmac-sha1-96 ldap/s-vucs04.dom.local@dom.LOCAL
4 aes256-cts-hmac-sha1-96 HOST/s-vucs04@dom.LOCAL
4 aes256-cts-hmac-sha1-96 HOST/s-vucs04.dom.local@dom.LOCAL
4 aes256-cts-hmac-sha1-96 host/s-vucs04.dom.local@dom.LOCAL
4 aes256-cts-hmac-sha1-96 ldap/s-vucs04.dom.local@dom.LOCAL[/code]
Mir scheint es so, als würde samba zu bestimmten Situationen nur in das secrets.keytab File zu schreiben, aber nicht in das krb5.keytab.
Nach einem:
ktutil copy /var/lib/samba/private/secrets.keytab /etc/krb5.keytab
funktionierte wieder alles.
root@s-vucs04:~# cat /etc/issue
Univention DC Slave 3.1-0