I'm having trouble accessing a samba share from windows. In the log file, it says "ticket is likely out of date", it is looking for kvno 3 and the output of kvno is 4.
How can I update the ticket? Thanks Fuji Server log: [2022/05/13 12:05:35.353907, 1, pid=252383] ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token) gss_accept_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: Request ticket server cifs/myserver.mydomain.local@MYDOMAIN.LOCAL kvno 3 not found in keytab; ticket is likely out of date] # kvno cifs/myserver.mydomain.local@MYDOMAIN.LOCAL cifs/myserver.mydomain.local@MYDOMAIN.LOCAL: kvno = 4 # net conf list [global] create krb5 conf = no workgroup = MYDOMAIN.LOCAL netbios name = MYSERVER realm = MYDOMAIN..LOCAL dedicated keytab file = FILE:/etc/samba/samba.keytab kerberos method = dedicated keytab server role = IPA PRIMARY DOMAIN CONTROLLER security = user domain master = yes domain logons = yes log level = 2 max log size = 100000 log file = /var/log/samba/log.%m rpc_server:epmapper = external rpc_server:lsarpc = external rpc_server:lsass = external rpc_server:lsasd = external rpc_server:samr = external rpc_server:netlogon = external rpc_server:tcpip = yes rpc_daemon:epmd = fork rpc_daemon:lsasd = fork idmap config * : backend = tdb idmap config * : range = 0 - 0 idmap config MYDOMAIN : backend = sss idmap config MYDOMAIN : range = 1000 - 201000 max smbd processes = 1000 passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN.-LOCAL.socket ldapsam:trusted = yes ldap group suffix = cn=groups,cn=accounts ldap machine suffix = cn=computers,cn=accounts ldap ssl = off ldap suffix = dc=mydomain,dc=local ldap user suffix = cn=users,cn=accounts disable spoolss = yes [myshare] path = /data/myshare read only = no browseable = yes guest ok = no create mask = 0644 The pacquages installed are: samba-4.14.12-0.fc34.x86_64 freeipa-client-common-4.9.6-4.fc34.noarch freeipa-selinux-4.9.6-4.fc34.noarch freeipa-common-4.9.6-4.fc34.noarch freeipa-server-common-4.9.6-4.fc34.noarch freeipa-healthcheck-core-0.10-1.fc34.noarch freeipa-client-4.9.6-4.fc34.x86_64 freeipa-server-4.9.6-4.fc34.x86_64 freeipa-server-dns-4.9.6-4.fc34.noarch freeipa-server-trust-ad-4.9.6-4.fc34.x86_64 freeipa-python-compat-4.9.6-4.fc34.noarch
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure