[Samba] NT_STATUS_NETWORK_SESSION_EXPIRED
David Mace
David.Mace at smartodds.co.uk
Tue Sep 8 10:03:12 UTC 2020
Hi,
Keyutils is installed and PAM settings appear correct, and cached credentials do work
I did add
winbind refresh tickets = yes
After joining the Samba server to the domain. I did restart the machine after adding this setting. I am assuming this is enough?
I am also wondering if this is acceptable?
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
Should the ticket lifetime and renew lifetime be the same? Wondering what the best practice is here
Thanks
David
-----Original Message-----
From: L.P.H. van Belle via samba <samba at lists.samba.org<mailto:%22L.P.H.%20van%20Belle%20via%20samba%22%20%3csamba at lists.samba.org%3e>>
Reply-To: L.P.H. van Belle <belle at bazuin.nl<mailto:%22L.P.H.%20van%20Belle%22%20%3cbelle at bazuin.nl%3e>>
To: samba at lists.samba.org <samba at lists.samba.org<mailto:%22samba at lists.samba.org%22%20%3csamba at lists.samba.org%3e>>
Subject: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED
Date: Mon, 07 Sep 2020 11:23:49 +0200
Check
/etc/krb5.conf
[libdefaults]
default_realm = YOUR.INTERNAL.REALM
# The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1
ccache_type = 4 < this one best is to match the windows defaults.
(see:
<https://eu-west-1.protection.sophos.com?d=microsoft.com&u=aHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93cy9zZWN1cml0eS90aHJlYXQtcHJvdGVjdGlvbi9zZWN1cml0eS1wb2xpY3ktc2V0dGluZ3MvbWF4aW11bS1saWZldGltZS1mb3Itc2VydmljZS10aWNrZXQ=&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=QUVqSWdWRzMvRFYvNCszWUp5bEdKMjVQVm9mRUV0N1NGRUhCc0ZOeXpwQT0=&h=a928a399969c4f10ba8bfe61e14bdec6>
https://eu-west-1.protection.sophos.com?d=microsoft.com&u=aHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93cy9zZWN1cml0eS90aHJlYXQtcHJvdGVjdGlvbi9zZWN1cml0eS1wb2xpY3ktc2V0dGluZ3MvbWF4aW11bS1saWZldGltZS1mb3Itc2VydmljZS10aWNrZXQ=&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=QUVqSWdWRzMvRFYvNCszWUp5bEdKMjVQVm9mRUV0N1NGRUhCc0ZOeXpwQT0=&h=a928a399969c4f10ba8bfe61e14bdec6
)
forwardable = true
proxiable = true
And, is keyutils installed?
Pam settings correct to use cached passwords?
All i can say here, because i dont know Suse that good.
Greetz,
Louis
-----Oorspronkelijk bericht-----
Van: samba [mailto:
<mailto:samba-bounces at lists.samba.org>
samba-bounces at lists.samba.org
] Namens
David Mace via samba
Verzonden: maandag 7 september 2020 10:51
Aan:
<mailto:samba at lists.samba.org>
samba at lists.samba.org
Onderwerp: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED
Hi,
Looking for some help with this issue, been struggling for a few weeks
We run a file server using Samba 4.9.5 (openSUSE Leap 15.2
4.9.5+git.343.4bc358522a9-lp151.2.27.1).
Active Directory using Windows Server 2016. The Samba server is a
member of the domain. Windows 10 desktops and Linux desktops are also
domain members.
Windows 10 desktops map network drives to the Samba server, no issues
seen. Everything appears to be working.
Linux desktops map shares using GVFS `gio mount` command and
authenticate with user's kerberos ticket.
After 10 hours or so, the gio mounts become inaccessible. GNOME
Nautilus gives error "invalid argument".
GVFS debug log shows
smbc_stat(smb://fileserver.domain.co.uk/share)
SMBC_getatr: sending qpathinfo
map_errno_from_nt_status: 32 bit codes: code=c000035c
smbc errno NT_STATUS_NETWORK_SESSION_EXPIRED -> 22
smb: send_reply(0x7fb930002840), failed=1 (Invalid argument)
smb: backend_dbus_handler org.gtk.vfs.Mount:QueryInfo (pid=24714)
smb: Queued new job 0x7fb924007700 (GVfsJobQueryInfo)
These Linux desktops also mount shares from a Windows Server 2012
server, using gio mount, and do not experience the same issue. Only
when Linux desktops map to the Samba server do we see this issue
Thanks
This e-mail and any files transmitted with it are
confidential and may be legally privileged. If you receive it
in error or are not the intended recipient you must not copy,
distribute or take any action in reliance upon it. Instead,
please notify us immediately by telephoning +44 (20) 7482
0077 and delete the material from your systems. Smartodds is
a business carried on by Smartodds Limited, a company
registered with the Registrar of Companies for England and
Wales with number 05108548. Registered office: Unit 540
Highgate Studios, 53-79 Highgate Road, London NW5 1TL
--
To unsubscribe from this list go to the following URL and read the
instructions:
<https://eu-west-1.protection.sophos.com?d=samba.org&u=aHR0cHM6Ly9saXN0cy5zYW1iYS5vcmcvbWFpbG1hbi9vcHRpb25zL3NhbWJh&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=SU1BUUNmcWlyeUJwZnBvVGh6YkdtRUhJL2Y1bk45RGlQeVo1ZEJvTHNpWT0=&h=a928a399969c4f10ba8bfe61e14bdec6>
https://eu-west-1.protection.sophos.com?d=samba.org&u=aHR0cHM6Ly9saXN0cy5zYW1iYS5vcmcvbWFpbG1hbi9vcHRpb25zL3NhbWJh&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=SU1BUUNmcWlyeUJwZnBvVGh6YkdtRUhJL2Y1bk45RGlQeVo1ZEJvTHNpWT0=&h=a928a399969c4f10ba8bfe61e14bdec6
This e-mail and any files transmitted with it are confidential and may be legally privileged. If you receive it in error or are not the intended recipient you must not copy, distribute or take any action in reliance upon it. Instead, please notify us immediately by telephoning +44 (20) 7482 0077 and delete the material from your systems. Smartodds is a business carried on by Smartodds Limited, a company registered with the Registrar of Companies for England and Wales with number 05108548. Registered office: Unit 540 Highgate Studios, 53-79 Highgate Road, London NW5 1TL
More information about the samba
mailing list