<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hello, </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I have upgraded a client and a freeipa server from Fedora 24 to 25 recently. </div>And I *cannot* access linux shares located on the F25 freeipa client from a windows desktop. But I can access linux shares located on the F25 freeipa server from that windows desktop. </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">And I can access linux shares located on the F24 freeipa client from that windows desktop.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"> </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">To be clear, I have: <div class="gmail_default" style="font-family:arial,helvetica,sans-serif"> A/ 1 F25 freeipa server </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"> B/ 1 F25 freeipa client </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"> C/ 1 F24 freeipa client </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"> D/ 1 windows desktop </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I can access linux shares of A from D. </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I can access linux shares of C from D. </div>I *cannot* access linux shares of B from D. <div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I get these messages on B in /var/log/samba/log.10.0.21.247 : [2016/12/01 11:42:19.218759, 1] ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab) ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key table name malformed) [2016/12/01 11:42:19.218800, 1] ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab - -1765328205 [2016/12/01 11:42:19.218823, 1] ../auth/gensec/gensec_start.c:698(gensec_start_mech) Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.261611, 1] ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab) ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key table name malformed) [2016/12/01 11:42:19.261638, 1] ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab - -1765328205 [2016/12/01 11:42:19.261653, 1] ../auth/gensec/gensec_start.c:698(gensec_start_mech) Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.263330, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [smith] -> [smith] FAILED with error NT_STATUS_NO_SUCH_USER [2016/12/01 11:42:19.263380, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2016/12/01 11:42:19.270531, 1] ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab) ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key table name malformed) [2016/12/01 11:42:19.270562, 1] ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab - -1765328205 [2016/12/01 11:42:19.270586, 1] ../auth/gensec/gensec_start.c:698(gensec_start_mech) Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.313479, 1] ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab) ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key table name malformed) [2016/12/01 11:42:19.313506, 1] ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab - -1765328205 [2016/12/01 11:42:19.313523, 1] ../auth/gensec/gensec_start.c:698(gensec_start_mech) Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.315256, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [smith] -> [smith] FAILED with error NT_STATUS_NO_SUCH_USER [2016/12/01 11:42:19.315291, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Also from the F25 server, I have the following when I run smbclient f25server # smbclient -k -L f25desktop.mydomain lp_load_ex: changing to config backend registry session setup failed: NT_STATUS_LOGON_FAILURE </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">But if i run it with a F24 desktop, it works: f25server # smbclient -k -L f24desktop.mydomain lp_load_ex: changing to config backend registry Domain=[MYDOMAIN] OS=[Windows 6.1] Server=[Samba 4.4.7] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.4.7) data Disk /data on f24desktop data2 Disk /data2 on f24desktop data3 Disk /data3 on f24desktop backup Disk /backup on f24desktop [...] </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">net conf list on the f25desktop gives: f25desktop # net conf list [global] workgroup = MYDOMAIN realm = MYDOMAIN netbios name = F25SERVER server string = Samba Server Version %v kerberos method = dedicated keytab dedicated keytab file = FILE:/etc/samba/samba.keytab log file = /var/log/samba/log.%m rpc_server:epmapper = external rpc_server:lsarpc = external rpc_server:lsass = external rpc_server:lsasd = external rpc_server:samr = external rpc_server:netlogon = external rpc_server:tcpip = yes rpc_daemon:epmd = fork rpc_daemon:lsasd = fork security = user map untrusted to domain = Yes smb ports = 139 445 log level = 2 [data] comment = /data on f25desktop path = /data create mask = 0644 read only = no [data2] comment = /data2 on f25desktop path = /data2 create mask = 0644 read only = no [data3] comment = /data3 on f25desktop path = /data3 create mask = 0644 read only = no [backup] comment = /backup on f25desktop path = /backup read only = no net conf list on the f25server gives: f25server # net conf list [global] workgroup = MYDOMAIN netbios name = F25SERVER realm = MYDOMAIN kerberos method = dedicated keytab dedicated keytab file = FILE:/etc/samba/samba.keytab create krb5 conf = no domain master = yes domain logons = yes max log size = 10000 log file = /var/log/samba/log.%m passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN.socket disable spoolss = yes ldapsam:trusted = yes ldap ssl = off ldap suffix = dc=mydomain ldap user suffix = cn=users,cn=accounts ldap group suffix = cn=groups,cn=accounts ldap machine suffix = cn=computers,cn=accounts rpc_server:epmapper = external rpc_server:lsarpc = external rpc_server:lsass = external rpc_server:lsasd = external rpc_server:samr = external rpc_server:netlogon = external rpc_server:tcpip = yes rpc_daemon:epmd = fork rpc_daemon:lsasd = fork security = user enable core files = no log level = 2 [homes] comment = Home Directories read only = no browseable = yes create mask = 0664 directory mask = 0775 </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">on the F25 server and desktop, i have the following packages installed: </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">samba-4.5.1-1.fc25.x86_64 samba-client-4.5.1-1.fc25.x86_64 samba-client-libs-4.5.1-1.fc25.x86_64 samba-common-4.5.1-1.fc25.noarch samba-common-libs-4.5.1-1.fc25.x86_64 samba-common-tools-4.5.1-1.fc25.x86_64 samba-libs-4.5.1-1.fc25.x86_64 samba-python-4.5.1-1.fc25.x86_64 samba-test-4.5.1-1.fc25.x86_64 samba-test-libs-4.5.1-1.fc25.x86_64 samba-winbind-4.5.1-1.fc25.x86_64 samba-winbind-clients-4.5.1-1.fc25.x86_64 samba-winbind-krb5-locator-4.5.1-1.fc25.x86_64 samba-winbind-modules-4.5.1-1.fc25.x86_64 system-config-samba-1.2.100-5.fc24.noarch system-config-samba-docs-1.0.9-9.fc24.noarch </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Any idea what is wrong? </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Regards, </div>Fuji </div></div>