[Samba] After Update Member Server not working

Tim lists at kiuni.de
Thu Apr 9 09:52:03 MDT 2015 

I hate this time change twice a year. Really! Should be banned and sent to the moon.

Dank je wel!


Am 09.04.2015 um 16:21 schrieb L.P.H. van Belle:
> The bios of the server did not know about summer and winter time..
>
> And your welkom ;-) if they were all this easy to fix  ;-))
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] Namens Tim
>> Verzonden: donderdag 9 april 2015 16:19
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] After Update Member Server not working
>>
>> Hey Louis,
>>
>> it was the time. For some reason ntp did not work correctly
>> anymore. Thank you very much. It was 1 hour behind.
>>
>> Regards
>> Tim
>>
>>
>>
>>
>> Am 09.04.2015 um 14:26 schrieb L.P.H. van Belle:
>>> Did you reboot your server?
>>>
>>> I would start with check the time on the member and DC server.
>>> make sure its withing 5 min.
>>>
>>> check the resolv.conf file.
>>>
>>> check your keytab file rights
>>>
>>> try to init.
>>> kinit administrator
>>> klist -e
>>>
>>> klist -k /etc/krb5.keytab -e
>>>
>>> and you can try to change:
>>> interfaces = lo enp0s25
>>> to
>>> interfaces = lo ipnumber
>>>
>>> I stoppped using the interface name because of bug in
>> detecting the names. ( ubuntu mostly )
>>>
>>>
>>> Louis
>>>
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org]
>> Namens Tim
>>>> Verzonden: donderdag 9 april 2015 14:10
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: [Samba] After Update Member Server not working
>>>>
>>>> Hello all,
>>>>
>>>> I got some updates for my centos 7 (core), but nothing for the
>>>> sernet-samba-packages.
>>>>
>>>> But now, my (test) member server isn't accessable anymore. Its
>>>> smb.conf:
>>>>
>>>> [global]
>>>>
>>>>      netbios name = SERVERNAME
>>>>      workgroup = DOMAIN
>>>>      security = ADS
>>>>      realm = DOMAIN.EXAMPLE.COM
>>>>      dedicated keytab file = /etc/krb5.keytab
>>>>      kerberos method = secrets and keytab
>>>>      log level = 10 winbind:2
>>>>
>>>>       bind interfaces only = yes
>>>>      interfaces = lo enp0s25
>>>>
>>>>      username map = /etc/samba/user.map
>>>>
>>>>      idmap config *:backend = tdb
>>>>      idmap config *:range = 2000-8999
>>>>      idmap config DOMAIN:backend = ad
>>>>      idmap config DOMAIN:schema_mode = rfc2307
>>>>      idmap config DOMAIN:range = 10000-99999
>>>>
>>>>      winbind nss info = rfc2307
>>>>      winbind trusted domains only = no
>>>>      winbind use default domain = yes
>>>>      winbind enum users  = yes
>>>>      winbind enum groups = yes
>>>>      winbind refresh tickets = Yes
>>>>      winbind expand groups = 4
>>>>      winbind normalize names = Yes
>>>>      domain master = no
>>>>      local master = no
>>>>
>>>>      vfs objects = acl_xattr
>>>>      map acl inherit = Yes
>>>>      store dos attributes = Yes
>>>>
>>>> [share]
>>>>      path = /srv/share
>>>>      read only = no
>>>>
>>>> The behaviour is the following: If I hit \\<IP adress>, I
>>>> can/must authenticate with administrator, normal domain users
>>>> do not work anymore. When I hit \\<Servername>, nothing is
>>>> working. There is only a message, I am not authorized to use
>>>> the resource.
>>>>
>>>>
>>>> Here your are a log of smbd:
>>>> grep LOGON /var/log/samba/log.smbd
>>>>     SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>>     SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>>     smbd_smb2_request_error_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] || at
>>>> ../source3/smbd/smb2_sesssetup.c:131
>>>>     smbd_smb2_request_done_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>>> ../source3/smbd/smb2_server.c:2646
>>>>     SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>>     SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>>     smbd_smb2_request_error_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] || at
>>>> ../source3/smbd/smb2_sesssetup.c:131
>>>>     smbd_smb2_request_done_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>>> ../source3/smbd/smb2_server.c:2646
>>>>     SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>>     SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>>     smbd_smb2_request_error_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] || at
>>>> ../source3/smbd/smb2_sesssetup.c:131
>>>>     smbd_smb2_request_done_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>>> ../source3/smbd/smb2_server.c:2646
>>>>     SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>>     SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>>     smbd_smb2_request_error_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] || at
>>>> ../source3/smbd/smb2_sesssetup.c:131
>>>>     smbd_smb2_request_done_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>>> ../source3/smbd/smb2_server.c:2646
>>>>     SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>>     SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>>     smbd_smb2_request_error_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] || at
>>>> ../source3/smbd/smb2_sesssetup.c:131
>>>>     smbd_smb2_request_done_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>>> ../source3/smbd/smb2_server.c:2646
>>>>     SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>>     SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>>     smbd_smb2_request_error_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] || at
>>>> ../source3/smbd/smb2_sesssetup.c:131
>>>>     smbd_smb2_request_done_ex: idx[1]
>>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>>> ../source3/smbd/smb2_server.c:2646
>>>>
>>>> My krb5.conf
>>>> [libdefaults]
>>>>    dns_lookup_realm = true
>>>>    ticket_lifetime = 24h
>>>>    renew_lifetime = 7d
>>>>    forwardable = true
>>>>    rdns = false
>>>>    default_realm = Q007DPK2.Q007.INTERN
>>>>    dns_lookup_kdc = true
>>>>
>>>> I would appreciate your help. Thanks in advance.
>>>>
>>>> Regards
>>>> Tim
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list