[Samba] unable to browse shares
Rowland Penny
rpenny at samba.org
Tue Oct 11 08:07:55 UTC 2016
On Mon, 10 Oct 2016 17:24:31 -0600
jacek burghardt via samba <samba at lists.samba.org> wrote:
> I am running samba on arch linux and I cant browse the shares I get
> prompted for password over and over.
> I see this in my logs
> [2016/10/10 17:14:50.128711, 1]
> ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see
> text): Failed to find cifs/rimfire.hebe.us at HEBE.US(kvno 2) in keytab
> MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]
> [2016/10/10 17:14:50.128737, 1]
> ../auth/gensec/spnego.c:545(gensec_spnego_parse_negTokenInit)
> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
> [2016/10/10 17:14:50.128766, 2]
> ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
> SPNEGO login failed: NT_STATUS_LOGON_FAILURE
> [2016/10/10 17:14:50.128804, 3]
> ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_LOGON_FAILURE] ||
> at ../source3/smbd/smb2_sesssetup.c:134 [2016/10/10 17:14:50.129260,
> 3] ../source3/smbd/server_exit.c:246(exit_server_common)
> Server exit (NT_STATUS_CONNECTION_RESET)
> [2016/10/10 17:14:50.133806,
> 3] ../source3/smbd/oplock.c:1322(init_oplocks) init_oplocks:
> initializing messages. [2016/10/10 17:14:50.133858,
> 3] ../source3/smbd/process.c:1957(process_smb) Transaction 0 of
> length 110 (0 toread) [2016/10/10 17:14:50.134030, 3]
> ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
> Selected protocol SMB3_00
> [libdefaults]
> default_realm = HEBE.US
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
> default_keytab_name = FILE:/etc/krb5.keytab
> [realms]
> HEBE.US = {
> kdc = MAIA.HEBE.US
> admin_server = MAIA.HEBE.US
> default_domain = HEBE.US
> }
>
> [domain_realm]
> .hebe.us = HEBE.US
> hebe.us = MAIA.HEBE.US
>
> [appdefaults]
> pam = {
> ticket_lifetime = 1d
> renew_lifetime = 1d
> forwardable = true
> proxiable = false
> retain_after_close = false
> minimum_uid = 0
> debug = false
> }
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
>
Try changing your smb.conf to this:
[Global]
workgroup = HEBE
security = ads
realm = HEBE.US
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = %h ArchLinux Host
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 4
winbind refresh tickets = yes
winbind offline logon = yes
winbind nested groups = Yes
winbind separator = +
winbind cache time = 300
## map ids outside of domain to tdb file.
idmap config * : backend = tdb
idmap config * : range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config HEBE : backend = rid
idmap config HEBE : range = 10000-20000
template shell = /bin/bash
template homedir = /homes/%D/%U
domain master = no
local master = no
preferred master = no
map to guest = bad user
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
interfaces = bond0
bind interfaces only = no
name resolve order = bcast lmhosts host wins
hosts allow = 192.168. 127.0.0.1
inherit acls = Yes
acl group control = yes
strict allocate = yes
dns proxy = no
wins server = maia.hebe.us
inherit acls = Yes
map acl inherit = Yes
acl group control = yes
load printers = no
debug level = 3
max xmit = 65535
Also does this SPN exist in AD:
cifs/rimfire.hebe.us at HEBE.US
Rowland
More information about the samba
mailing list