Update failed: Miscellaneous failure NEG_TOKEN_INIT content failed: NT_STATUS_LOGON_FAILURE

Hello there!

i got a problem with samba4 and the keytab. i created a new user and tried to login with windows into our domain and it cant find the user. After looking into the rejected list i found this entry:

UCS DN: uid=whiteboardone.user,cn=users,cn=xx,cn=de,dc=xx,dc=xx
          S4 DN: cn=whiteboardone.user,cn=users,cn=xx,cn=de,DC=xx,DC=xx
         Filename: /var/lib/univention-connector/s4/1654598090.102488

in the samba logs i found this error:

[2022/06/07 15:03:04.487808,  1, pid=27668] ../../source4/auth/gensec/gensec_gssapi.c:793(gensec_gssapi_update_internal)
  GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see text): Failed to find MASTER$@xx.LOCAL(kvno 21) in keytab FILE:/etc/krb5.keytab (aes256-cts-hmac-sha1-96)
[2022/06/07 15:03:04.487916,  1, pid=27668] ../../auth/gensec/spnego.c:1244(gensec_spnego_server_negTokenInit_step)
  gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE

already tried to change the server password via

“/usr/lib/univention-server/server_password_change”

seems not to fix the problem

in my keytab is the Vno 27 and 28, don’t know why it is looking for the kvno21 (is this changeable?)

thanks for helping!

UCS-Version 4.4-9
PRETTY_NAME=“Debian GNU/Linux 9 (stretch)”
NAME=“Debian GNU/Linux”
VERSION_ID=“9”
VERSION=“9 (stretch)”
VERSION_CODENAME=stretch
ID=debian

Mastodon