Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

CIFS Server A.03.01.05 - Kerberos problem ?

Highlighted
enrico.nic
Regular Advisor

CIFS Server A.03.01.05 - Kerberos problem ?

I have recently upgraded from 11.23 to 11.31 on our HP 9000 rp3410 system.

Now I was setting up the CIFS Server, version A.03.01.05 (on the old system I was at A.02.04.06 version).

Our CIFS server works as a domain member server of a Windows 2003 R2 domain.

 

Now no user can connect to any Samba share of the server: the problem I encounter has something to do with Kerberos validation, since the following errors are appearing from all the machines that are trying to connect to the server.

 

[2012/10/09 13:27:03,  1] smbd/sesssetup.c:341(reply_spnego_kerberos)

  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

[2012/10/09 13:27:15,  0] lib/util_sock.c:536(read_fd_with_timeout)

[2012/10/09 13:27:15,  0] lib/util_sock.c:1509(get_peer_addr_internal)

  getpeername failed. Error was Invalid argument

  read_fd_with_timeout: client 0.0.0.0 read error = Invalid argument.

[2012/10/09 13:27:33,  2] smbd/sesssetup.c:1359(setup_new_vc_session)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old

resources.

[2012/10/09 13:27:33,  1] smbd/sesssetup.c:341(reply_spnego_kerberos)

  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

[2012/10/09 13:27:33,  2] smbd/sesssetup.c:1359(setup_new_vc_session)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old

resources.

[2012/10/09 13:27:33,  1] smbd/sesssetup.c:341(reply_spnego_kerberos)

  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

 

I tried the following actions:

 

removed all files ending in .tdb from /var/opt/samba/locks

removed secrets.tdb file from /var/opt/samba/private

removed /etc/krb5.keytab

 

substituted the "use kerberos keytab = yes" option in /etc/opt/samba/smb.conf with "kerberos method = system keytab"

 

# net ads join -U myusername

------> works. Domain joined. The /etc/krb5.keytab file has been generated.

# net ads keytab add cifs –U myusername (this is a suggestion from the 3.01.04 Administrator's guide)

------> works

# net ads keytab add <hostname> -U myusername (this is a suggestion from the 3.01.04 Administrator's guide)

------> works

 

# startsmb -w

 

Following this setup, nobody can connect due to the NT_STATUS_LOGON_FAILURE error. But the command "kinit -U myusername" works. I suspect it has something to do with the machine account on the W2003 server.

 

I don't know what to try next ... thank you in advance

 

Enrico

 

3 REPLIES
Ralf Seefeldt
Valued Contributor

Re: CIFS Server A.03.01.05 - Kerberos problem ?

Hi Enrico,

 

what ar the WINDOWS versions of all computres, you are connecting with? ALl WIN 2003?

Have you configured CIFS to use NETBIOS over TCP?

 

Unfortunatedly, I can not give you mor ideas. My CIFS experience is tor that big.

 

Bye

Ralf

Re: CIFS Server A.03.01.05 - Kerberos problem ?

IN smb.conf if you have the line of

 

interface xxxxxxxxx

 

remove it and restart smb servieces .

 

Issue should be resolved .



Sachin Rajput
================

Re: CIFS Server A.03.01.05 - Kerberos problem ?

Just did a os update and patch update from hp's depot from March 2014 - Current

 

Error

[2014/08/10 01:47:29,  0] lib/util_sock.c:1509(get_peer_addr_internal)
  getpeername failed. Error was Invalid argument
  read_fd_with_timeout: client 0.0.0.0 read error = Invalid argument.

 

 

 

has this issue been resolved

 

by removing   --> interfaces from the config file

 

 

 hostname lookups = yes
    workgroup = WORKGROUP
    netbios name = hq-enigma-epc-smb-1
    security = user
    interfaces = 10.0.118.232/10.0.118.0 <------
    bind interfaces only = yes
    server string = Samba Server
    log file = /var/opt/samba/enigma-epc/log.%m
    lock directory = /var/opt/samba/enigma-epc/locks
    pid directory = /var/opt/samba/enigma-epc/locks
    smbpasswd file = /var/opt/samba/enigma-epc/private/smbpasswd
    max log size = 1000