- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- CIFS Server A.03.01.05 - Kerberos problem ?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2012 05:38 AM
10-09-2012 05:38 AM
CIFS Server A.03.01.05 - Kerberos problem ?
I have recently upgraded from 11.23 to 11.31 on our HP 9000 rp3410 system.
Now I was setting up the CIFS Server, version A.03.01.05 (on the old system I was at A.02.04.06 version).
Our CIFS server works as a domain member server of a Windows 2003 R2 domain.
Now no user can connect to any Samba share of the server: the problem I encounter has something to do with Kerberos validation, since the following errors are appearing from all the machines that are trying to connect to the server.
[2012/10/09 13:27:03, 1] smbd/sesssetup.c:341(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/09 13:27:15, 0] lib/util_sock.c:536(read_fd_with_timeout)
[2012/10/09 13:27:15, 0] lib/util_sock.c:1509(get_peer_addr_internal)
getpeername failed. Error was Invalid argument
read_fd_with_timeout: client 0.0.0.0 read error = Invalid argument.
[2012/10/09 13:27:33, 2] smbd/sesssetup.c:1359(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2012/10/09 13:27:33, 1] smbd/sesssetup.c:341(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/09 13:27:33, 2] smbd/sesssetup.c:1359(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2012/10/09 13:27:33, 1] smbd/sesssetup.c:341(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
I tried the following actions:
removed all files ending in .tdb from /var/opt/samba/locks
removed secrets.tdb file from /var/opt/samba/private
removed /etc/krb5.keytab
substituted the "use kerberos keytab = yes" option in /etc/opt/samba/smb.conf with "kerberos method = system keytab"
# net ads join -U myusername
------> works. Domain joined. The /etc/krb5.keytab file has been generated.
# net ads keytab add cifs –U myusername (this is a suggestion from the 3.01.04 Administrator's guide)
------> works
# net ads keytab add <hostname> -U myusername (this is a suggestion from the 3.01.04 Administrator's guide)
------> works
# startsmb -w
Following this setup, nobody can connect due to the NT_STATUS_LOGON_FAILURE error. But the command "kinit -U myusername" works. I suspect it has something to do with the machine account on the W2003 server.
I don't know what to try next ... thank you in advance
Enrico
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2012 06:36 AM
10-09-2012 06:36 AM
Re: CIFS Server A.03.01.05 - Kerberos problem ?
Hi Enrico,
what ar the WINDOWS versions of all computres, you are connecting with? ALl WIN 2003?
Have you configured CIFS to use NETBIOS over TCP?
Unfortunatedly, I can not give you mor ideas. My CIFS experience is tor that big.
Bye
Ralf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2014 07:39 AM
03-31-2014 07:39 AM
Re: CIFS Server A.03.01.05 - Kerberos problem ?
IN smb.conf if you have the line of
interface xxxxxxxxx
remove it and restart smb servieces .
Issue should be resolved .
Sachin Rajput
================
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2014 02:14 PM
08-12-2014 02:14 PM
Re: CIFS Server A.03.01.05 - Kerberos problem ?
Just did a os update and patch update from hp's depot from March 2014 - Current
Error
[2014/08/10 01:47:29, 0] lib/util_sock.c:1509(get_peer_addr_internal)
getpeername failed. Error was Invalid argument
read_fd_with_timeout: client 0.0.0.0 read error = Invalid argument.
has this issue been resolved
by removing --> interfaces from the config file
hostname lookups = yes
workgroup = WORKGROUP
netbios name = hq-enigma-epc-smb-1
security = user
interfaces = 10.0.118.232/10.0.118.0 <------
bind interfaces only = yes
server string = Samba Server
log file = /var/opt/samba/enigma-epc/log.%m
lock directory = /var/opt/samba/enigma-epc/locks
pid directory = /var/opt/samba/enigma-epc/locks
smbpasswd file = /var/opt/samba/enigma-epc/private/smbpasswd
max log size = 1000