Re: CIFS Server A.03.01.05 - Kerberos problem ? (509 Views)
Reply
Regular Advisor
enrico.nic
Posts: 134
Registered: ‎02-02-1997
Message 1 of 3 (514 Views)

CIFS Server A.03.01.05 - Kerberos problem ?

I have recently upgraded from 11.23 to 11.31 on our HP 9000 rp3410 system.

Now I was setting up the CIFS Server, version A.03.01.05 (on the old system I was at A.02.04.06 version).

Our CIFS server works as a domain member server of a Windows 2003 R2 domain.

 

Now no user can connect to any Samba share of the server: the problem I encounter has something to do with Kerberos validation, since the following errors are appearing from all the machines that are trying to connect to the server.

 

[2012/10/09 13:27:03,  1] smbd/sesssetup.c:341(reply_spnego_kerberos)

  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

[2012/10/09 13:27:15,  0] lib/util_sock.c:536(read_fd_with_timeout)

[2012/10/09 13:27:15,  0] lib/util_sock.c:1509(get_peer_addr_internal)

  getpeername failed. Error was Invalid argument

  read_fd_with_timeout: client 0.0.0.0 read error = Invalid argument.

[2012/10/09 13:27:33,  2] smbd/sesssetup.c:1359(setup_new_vc_session)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old

resources.

[2012/10/09 13:27:33,  1] smbd/sesssetup.c:341(reply_spnego_kerberos)

  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

[2012/10/09 13:27:33,  2] smbd/sesssetup.c:1359(setup_new_vc_session)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old

resources.

[2012/10/09 13:27:33,  1] smbd/sesssetup.c:341(reply_spnego_kerberos)

  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

 

I tried the following actions:

 

removed all files ending in .tdb from /var/opt/samba/locks

removed secrets.tdb file from /var/opt/samba/private

removed /etc/krb5.keytab

 

substituted the "use kerberos keytab = yes" option in /etc/opt/samba/smb.conf with "kerberos method = system keytab"

 

# net ads join -U myusername

------> works. Domain joined. The /etc/krb5.keytab file has been generated.

# net ads keytab add cifs –U myusername (this is a suggestion from the 3.01.04 Administrator's guide)

------> works

# net ads keytab add <hostname> -U myusername (this is a suggestion from the 3.01.04 Administrator's guide)

------> works

 

# startsmb -w

 

Following this setup, nobody can connect due to the NT_STATUS_LOGON_FAILURE error. But the command "kinit -U myusername" works. I suspect it has something to do with the machine account on the W2003 server.

 

I don't know what to try next ... thank you in advance

 

Enrico

 

Please use plain text.
Valued Contributor
Ralf Seefeldt
Posts: 166
Registered: ‎04-02-2001
Message 2 of 3 (509 Views)

Re: CIFS Server A.03.01.05 - Kerberos problem ?

Hi Enrico,

 

what ar the WINDOWS versions of all computres, you are connecting with? ALl WIN 2003?

Have you configured CIFS to use NETBIOS over TCP?

 

Unfortunatedly, I can not give you mor ideas. My CIFS experience is tor that big.

 

Bye

Ralf

Please use plain text.
Advisor
Sachin Rajput
Posts: 22
Registered: ‎10-26-2007
Message 3 of 3 (114 Views)

Re: CIFS Server A.03.01.05 - Kerberos problem ?

IN smb.conf if you have the line of

 

interface xxxxxxxxx

 

remove it and restart smb servieces .

 

Issue should be resolved .



Sachin Rajput
================
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation