Discussion:
[Samba] authentication problem after upgrade to Debian Jessie
Pisch Tamás
2016-07-22 08:37:10 UTC
Permalink
Hi,

I upgraded our servers from Wheezy to Jessie. I use samba in classic mode,
with openldap backend. After the upgrade, on the PDC (srv3) everything
seems to be ok, it authetnicates, the netlogon share is accessible on it,
but on the BDC (srv7), what is the file server, the authentication doesn't
work, shares are inaccessible.
I compared and syncronized the configuration files to as similar as
possible on the two servers, but it didn't solve this problem (there were
other smaller issues, they were solved with the changes).
After the upgrade, smbd didn't start at all. I reindexed the ldap
databases, and I think it helped to start smbd.
The folloving commands give correct results:
wbinfo -u
wbinfo -g
nmblookup -B SRV7 __SAMBA__
nmblookup -B DS1021 '*'
nmblookup -d 2 '*'
nmblookup -M xyz

The following commands give errors:
smbclient -U admin //SRV7/NETLOGON
Enter admin's password:
session setup failed: NT_STATUS_LOGON_FAILURE

smbclient -L SRV7 -d 10
...
Processing section "[global]"
doing parameter dos charset = CP852
doing parameter unix charset = UTF8
doing parameter workgroup = XYZ
doing parameter server string = SRV7
doing parameter interfaces = lo 192.168.0.7/24
doing parameter bind interfaces only = Yes
doing parameter security = USER
doing parameter passdb backend = ldapsam:"ldap://127.0.0.1:389"
doing parameter syslog = 0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter smb ports = 139
doing parameter server max protocol = SMB2
doing parameter name resolve order = host wins bcast
doing parameter time server = Yes
doing parameter printcap name = /etc/printcap
doing parameter logon script = scripts\logon.cmd
doing parameter logon path = \\SRV7\profiles\%U
doing parameter logon drive = H:
doing parameter logon home = \\SRV7\%U
doing parameter domain logons = Yes
doing parameter preferred master = No
doing parameter domain master = No
doing parameter dns proxy = No
doing parameter wins server = 192.168.0.3
doing parameter ldap admin dn = cn=ldapsu,dc=xyz,dc=site
doing parameter ldap group suffix = ou=Groups
doing parameter ldap idmap suffix = ou=Idmap
doing parameter ldap machine suffix = ou=People
doing parameter ldap passwd sync = yes
doing parameter ldap suffix = dc=xyz,dc=site
doing parameter ldap ssl = no
doing parameter ldap user suffix = ou=People
doing parameter eventlog list = Security Application Syslog
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter idmap config * : ldap_user_dn = cn=idmapsu,dc=xyz,dc=site
doing parameter idmap config * : ldap_base_dn = ou=Idmap,dc=xyz,dc=site
doing parameter idmap config * : ldap_url = ldap://127.0.0.1:389/
doing parameter idmap config * : range = 10000-20000
doing parameter idmap config * : default = yes
doing parameter ldapsam:trusted = yes
doing parameter idmap config * : backend = ldap
doing parameter acl allow execute always = Yes
doing parameter create mask = 0770
doing parameter directory mask = 0770
doing parameter map acl inherit = Yes
doing parameter veto oplock files = /*.pdf/*.pst/
doing parameter browseable = No
doing parameter csc policy = disable
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface lo ip=::1 bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
interpret_interface: Adding interface 192.168.0.7/24
added interface 192.168.0.7/24 ip=192.168.0.7 bcast=192.168.0.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="SRV7"
Client started (version 4.2.10-Debian).
Enter admin's password:
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for
internal_resolve_name: looking up SRV7#20 (sitename (null))
name SRV7#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 192.168.0.7 at port 445
Connecting to 192.168.0.7 at port 139
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 2626560
SO_RCVBUF = 1061808
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=74)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=***@please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

What could be the problem?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mathias dufresne
2016-07-26 08:43:22 UTC
Permalink
Hi,

SPNEGO is related to SASL which seems to me related to Kerberos (at least
in AD context). You said you are running Samba domain in "classic mode"
which should means that this domain is a NT4 domain. And as far as I'm
aware of NT4 domains don't support Kerberos.

Could you post your smb.conf files please? For both server srv3 and srv7.
Post by Pisch Tamás
Hi,
I upgraded our servers from Wheezy to Jessie. I use samba in classic mode,
with openldap backend. After the upgrade, on the PDC (srv3) everything
seems to be ok, it authetnicates, the netlogon share is accessible on it,
but on the BDC (srv7), what is the file server, the authentication doesn't
work, shares are inaccessible.
I compared and syncronized the configuration files to as similar as
possible on the two servers, but it didn't solve this problem (there were
other smaller issues, they were solved with the changes).
After the upgrade, smbd didn't start at all. I reindexed the ldap
databases, and I think it helped to start smbd.
wbinfo -u
wbinfo -g
nmblookup -B SRV7 __SAMBA__
nmblookup -B DS1021 '*'
nmblookup -d 2 '*'
nmblookup -M xyz
smbclient -U admin //SRV7/NETLOGON
session setup failed: NT_STATUS_LOGON_FAILURE
smbclient -L SRV7 -d 10
...
Processing section "[global]"
doing parameter dos charset = CP852
doing parameter unix charset = UTF8
doing parameter workgroup = XYZ
doing parameter server string = SRV7
doing parameter interfaces = lo 192.168.0.7/24
doing parameter bind interfaces only = Yes
doing parameter security = USER
doing parameter passdb backend = ldapsam:"ldap://127.0.0.1:389"
doing parameter syslog = 0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter smb ports = 139
doing parameter server max protocol = SMB2
doing parameter name resolve order = host wins bcast
doing parameter time server = Yes
doing parameter printcap name = /etc/printcap
doing parameter logon script = scripts\logon.cmd
doing parameter logon path = \\SRV7\profiles\%U
doing parameter logon home = \\SRV7\%U
doing parameter domain logons = Yes
doing parameter preferred master = No
doing parameter domain master = No
doing parameter dns proxy = No
doing parameter wins server = 192.168.0.3
doing parameter ldap admin dn = cn=ldapsu,dc=xyz,dc=site
doing parameter ldap group suffix = ou=Groups
doing parameter ldap idmap suffix = ou=Idmap
doing parameter ldap machine suffix = ou=People
doing parameter ldap passwd sync = yes
doing parameter ldap suffix = dc=xyz,dc=site
doing parameter ldap ssl = no
doing parameter ldap user suffix = ou=People
doing parameter eventlog list = Security Application Syslog
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter idmap config * : ldap_user_dn = cn=idmapsu,dc=xyz,dc=site
doing parameter idmap config * : ldap_base_dn = ou=Idmap,dc=xyz,dc=site
doing parameter idmap config * : ldap_url = ldap://127.0.0.1:389/
doing parameter idmap config * : range = 10000-20000
doing parameter idmap config * : default = yes
doing parameter ldapsam:trusted = yes
doing parameter idmap config * : backend = ldap
doing parameter acl allow execute always = Yes
doing parameter create mask = 0770
doing parameter directory mask = 0770
doing parameter map acl inherit = Yes
doing parameter veto oplock files = /*.pdf/*.pst/
doing parameter browseable = No
doing parameter csc policy = disable
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface lo ip=::1 bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
interpret_interface: Adding interface 192.168.0.7/24
added interface 192.168.0.7/24 ip=192.168.0.7 bcast=192.168.0.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="SRV7"
Client started (version 4.2.10-Debian).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for
internal_resolve_name: looking up SRV7#20 (sitename (null))
name SRV7#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 192.168.0.7 at port 445
Connecting to 192.168.0.7 at port 139
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 2626560
SO_RCVBUF = 1061808
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=74)
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
What could be the problem?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Pisch Tamás
2016-07-26 09:06:53 UTC
Permalink
Hi,

thank you for your answer. Yesterday I solved the problem.
It turned out that getent passwd and getent group gave entries only from
flat files. It related to nsswitch.conf and libnss-ldap. Former was ok, but
later was different on the two servers. On the PDC, there was libnss-ldapd,
but on the BDC there was libnss-ldap installed. According to the Debian
Wiki, libnss-ldapd is simpler, and better in some way, so I switched to it
on the BDC. During installation, it asked the settings (which I don't know,
where it stores unfortunately) and then the authentication worked! With the
distributiun upgrade, the libnss-ldap version changed, and I think, the
configuration file parameters of the libnss-ldap changed, but I kept my old
settings. Maybe it broke the authentication.

Thanks.
Post by mathias dufresne
Hi,
SPNEGO is related to SASL which seems to me related to Kerberos (at least
in AD context). You said you are running Samba domain in "classic mode"
which should means that this domain is a NT4 domain. And as far as I'm
aware of NT4 domains don't support Kerberos.
Could you post your smb.conf files please? For both server srv3 and srv7.
Post by Pisch Tamás
Hi,
I upgraded our servers from Wheezy to Jessie. I use samba in classic mode,
with openldap backend. After the upgrade, on the PDC (srv3) everything
seems to be ok, it authetnicates, the netlogon share is accessible on it,
but on the BDC (srv7), what is the file server, the authentication doesn't
work, shares are inaccessible.
I compared and syncronized the configuration files to as similar as
possible on the two servers, but it didn't solve this problem (there were
other smaller issues, they were solved with the changes).
After the upgrade, smbd didn't start at all. I reindexed the ldap
databases, and I think it helped to start smbd.
wbinfo -u
wbinfo -g
nmblookup -B SRV7 __SAMBA__
nmblookup -B DS1021 '*'
nmblookup -d 2 '*'
nmblookup -M xyz
smbclient -U admin //SRV7/NETLOGON
session setup failed: NT_STATUS_LOGON_FAILURE
smbclient -L SRV7 -d 10
...
Processing section "[global]"
doing parameter dos charset = CP852
doing parameter unix charset = UTF8
doing parameter workgroup = XYZ
doing parameter server string = SRV7
doing parameter interfaces = lo 192.168.0.7/24
doing parameter bind interfaces only = Yes
doing parameter security = USER
doing parameter passdb backend = ldapsam:"ldap://127.0.0.1:389"
doing parameter syslog = 0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter smb ports = 139
doing parameter server max protocol = SMB2
doing parameter name resolve order = host wins bcast
doing parameter time server = Yes
doing parameter printcap name = /etc/printcap
doing parameter logon script = scripts\logon.cmd
doing parameter logon path = \\SRV7\profiles\%U
doing parameter logon home = \\SRV7\%U
doing parameter domain logons = Yes
doing parameter preferred master = No
doing parameter domain master = No
doing parameter dns proxy = No
doing parameter wins server = 192.168.0.3
doing parameter ldap admin dn = cn=ldapsu,dc=xyz,dc=site
doing parameter ldap group suffix = ou=Groups
doing parameter ldap idmap suffix = ou=Idmap
doing parameter ldap machine suffix = ou=People
doing parameter ldap passwd sync = yes
doing parameter ldap suffix = dc=xyz,dc=site
doing parameter ldap ssl = no
doing parameter ldap user suffix = ou=People
doing parameter eventlog list = Security Application Syslog
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter idmap config * : ldap_user_dn = cn=idmapsu,dc=xyz,dc=site
doing parameter idmap config * : ldap_base_dn = ou=Idmap,dc=xyz,dc=site
doing parameter idmap config * : ldap_url = ldap://127.0.0.1:389/
doing parameter idmap config * : range = 10000-20000
doing parameter idmap config * : default = yes
doing parameter ldapsam:trusted = yes
doing parameter idmap config * : backend = ldap
doing parameter acl allow execute always = Yes
doing parameter create mask = 0770
doing parameter directory mask = 0770
doing parameter map acl inherit = Yes
doing parameter veto oplock files = /*.pdf/*.pst/
doing parameter browseable = No
doing parameter csc policy = disable
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface lo ip=::1 bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
interpret_interface: Adding interface 192.168.0.7/24
added interface 192.168.0.7/24 ip=192.168.0.7 bcast=192.168.0.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="SRV7"
Client started (version 4.2.10-Debian).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for
internal_resolve_name: looking up SRV7#20 (sitename (null))
name SRV7#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 192.168.0.7 at port 445
Connecting to 192.168.0.7 at port 139
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 2626560
SO_RCVBUF = 1061808
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=74)
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x62088215 (1644724757)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
WorkstationLen : 0x0000 (0)
WorkstationMaxLen : 0x0000 (0)
Workstation : *
Workstation : ''
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
ProductBuild : 0x0000 (0)
Reserved: ARRAY(3)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15)
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
What could be the problem?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...