Re: samba authenticating users via kerberos failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Friday, March 30, 2012 05:40 PM, Christopher Chan wrote:
When users try to access the samba server via \\shortname, they get a dialog prompting them for their username and password. Access via \\ip.addr does not exhibit that though.

samba 3.5.13 + winbind + idmap_ldap backend

Logs from samba during attempts to access via \\shortname:

From log.clientip
[2012/03/30 17:27:46.502131, 1] ../../../samba-3.5.13/source3/smbd/sesssetup.c:332()
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

From log.winbindd
[2012/03/30 17:27:01.538840, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:768()
  accepted socket 21
[2012/03/30 17:27:01.539159, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:620()
  process_request: request fn INTERFACE_VERSION
[2012/03/30 17:27:01.539244, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_misc.c:352()
  [14121]: request interface version
[2012/03/30 17:27:01.539382, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14121:INTERFACE_VERSION]: deliverd response to client [2012/03/30 17:27:01.539525, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:620()
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2012/03/30 17:27:01.539595, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_misc.c:385()
  [14121]: request location of privileged pipe
[2012/03/30 17:27:01.539755, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14121:WINBINDD_PRIV_PIPE_DIR]: deliverd response to client [2012/03/30 17:27:01.540017, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:768()
  accepted socket 30
[2012/03/30 17:27:01.540160, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:816()
  closing socket 21, client exited
[2012/03/30 17:27:01.540332, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:593()
  process_request: Handling async request 14121:GETGROUPS
[2012/03/30 17:27:01.540408, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_getgroups.c:60()
  getgroups root
[2012/03/30 17:27:01.540646, 5] ../../../samba-3.5.13/source3/winbindd/winbindd_getgroups.c:187()
  Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:01.540733, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:655()
  wb_request_done[14121:GETGROUPS]: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:01.540866, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14121:GETGROUPS]: deliverd response to client [2012/03/30 17:27:01.541252, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:593()
  process_request: Handling async request 14121:GETGROUPS
[2012/03/30 17:27:01.541333, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_getgroups.c:60()
  getgroups root
[2012/03/30 17:27:01.541513, 5] ../../../samba-3.5.13/source3/winbindd/winbindd_getgroups.c:187()
  Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:01.541588, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:655()
  wb_request_done[14121:GETGROUPS]: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:01.541706, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14121:GETGROUPS]: deliverd response to client [2012/03/30 17:27:01.546385, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:816()
  closing socket 30, client exited
[2012/03/30 17:27:10.089633, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:768()
  accepted socket 21
[2012/03/30 17:27:10.089909, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:620()
  process_request: request fn INTERFACE_VERSION
[2012/03/30 17:27:10.089985, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_misc.c:352()
  [14124]: request interface version
[2012/03/30 17:27:10.090116, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14124:INTERFACE_VERSION]: deliverd response to client [2012/03/30 17:27:10.090248, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:620()
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2012/03/30 17:27:10.090317, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_misc.c:385()
  [14124]: request location of privileged pipe
[2012/03/30 17:27:10.090474, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14124:WINBINDD_PRIV_PIPE_DIR]: deliverd response to client [2012/03/30 17:27:10.090775, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:768()
  accepted socket 30
[2012/03/30 17:27:10.090910, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:816()
  closing socket 21, client exited
[2012/03/30 17:27:10.091091, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:593()
  process_request: Handling async request 14124:GETPWNAM
[2012/03/30 17:27:10.091183, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_getpwnam.c:55()
  getpwnam mailnull
[2012/03/30 17:27:10.091329, 10] ../../../samba-3.5.13/source3/winbindd/winbindd_cache.c:4805()
  Entry has timed out
[2012/03/30 17:27:10.096324, 5] ../../../samba-3.5.13/source3/winbindd/winbindd_getpwnam.c:138()
  Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:10.096456, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:655()
  wb_request_done[14124:GETPWNAM]: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:10.096618, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14124:GETPWNAM]: deliverd response to client [2012/03/30 17:27:10.096905, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:593()
  process_request: Handling async request 14124:GETPWNAM
[2012/03/30 17:27:10.096982, 3] ../../../samba-3.5.13/source3/winbindd/winbindd_getpwnam.c:55()
  getpwnam sendmail
[2012/03/30 17:27:10.097107, 10] ../../../samba-3.5.13/source3/winbindd/winbindd_cache.c:4800()
  Entry has wrong sequence number: 15036703
[2012/03/30 17:27:10.100185, 5] ../../../samba-3.5.13/source3/winbindd/winbindd_getpwnam.c:138()
  Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:10.100324, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:655()
  wb_request_done[14124:GETPWNAM]: NT_STATUS_NONE_MAPPED
[2012/03/30 17:27:10.100483, 10] ../../../samba-3.5.13/source3/winbindd/winbindd.c:716() winbind_client_response_written[14124:GETPWNAM]: deliverd response to client [2012/03/30 17:27:10.115875, 6] ../../../samba-3.5.13/source3/winbindd/winbindd.c:816()
  closing socket 30, client exited

From log.winbindd-dc
[2012/03/30 17:27:39.657484, 0] ../../../samba-3.5.13/source3/lib/util_sock.c:1441()
  getpeername failed. Error was Transport endpoint is not connected

Does anybody have any idea just what the problem is? It was working fine with version 3.5.5 until it maxxed out the gid range but upgrading to 3.5.13 has not fixed the problem even though 3.5.13 has a winbind bug fix that stops it from continually allocating new gids.

log level = 10

[2012/04/02 12:41:36.727903, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1.bradbury.lan@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.728153, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1.bradbury.lan@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.728301, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1.bradbury.lan@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.728401, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1.bradbury.lan@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.728534, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1.bradbury.lan@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.728638, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1.bradbury.lan@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.728772, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.728907, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.729044, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(host/bradsuper1@xxxxxxxxxxxx) failed: Wrong principal in request [2012/04/02 12:41:36.729178, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(BRADSUPER1$@BRADBURY.LAN) failed: Wrong principal in request [2012/04/02 12:41:36.729310, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(BRADSUPER1$@BRADBURY.LAN) failed: Wrong principal in request [2012/04/02 12:41:36.729445, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:221() ads_keytab_verify_ticket: krb5_rd_req_return_keyblock_from_keytab(BRADSUPER1$@BRADBURY.LAN) failed: Wrong principal in request [2012/04/02 12:41:36.729572, 3] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:267() ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab principals [2012/04/02 12:41:36.729750, 3] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:589() ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2012/04/02 12:41:36.729832, 10] ../../../samba-3.5.13/source3/libads/kerberos_verify.c:598()
  ads_verify_ticket: returning error NT_STATUS_LOGON_FAILURE
[2012/04/02 12:41:36.729994, 1] ../../../samba-3.5.13/source3/smbd/sesssetup.c:332()
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/04/02 12:41:36.730087, 3] ../../../samba-3.5.13/source3/smbd/error.c:80() error packet at ../../../samba-3.5.13/source3/smbd/sesssetup.c(334) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE

What does this mean? A configuration problem?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux