[Samba] NT_STATUS_NETWORK_SESSION_EXPIRED

David Mace David.Mace at smartodds.co.uk
Tue Sep 8 10:03:12 UTC 2020 

Hi,

Keyutils is installed and PAM settings appear correct, and cached credentials do work

I did add

winbind refresh tickets = yes

After joining the Samba server to the domain. I did restart the machine after adding this setting. I am assuming this is enough?

I am also wondering if this is acceptable?

pam = {
ticket_lifetime = 1d
renew_lifetime = 1d

Should the ticket lifetime and renew lifetime be the same? Wondering what the best practice is here

Thanks

David

-----Original Message-----
From: L.P.H. van Belle via samba <samba at lists.samba.org<mailto:%22L.P.H.%20van%20Belle%20via%20samba%22%20%3csamba at lists.samba.org%3e>>
Reply-To: L.P.H. van Belle <belle at bazuin.nl<mailto:%22L.P.H.%20van%20Belle%22%20%3cbelle at bazuin.nl%3e>>
To: samba at lists.samba.org <samba at lists.samba.org<mailto:%22samba at lists.samba.org%22%20%3csamba at lists.samba.org%3e>>
Subject: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED
Date: Mon, 07 Sep 2020 11:23:49 +0200


Check

 /etc/krb5.conf

[libdefaults]

        default_realm = YOUR.INTERNAL.REALM


# The following krb5.conf variables are only for MIT Kerberos.

        kdc_timesync = 1

        ccache_type = 4         < this one best is to match the windows defaults.

(see:

<https://eu-west-1.protection.sophos.com?d=microsoft.com&u=aHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93cy9zZWN1cml0eS90aHJlYXQtcHJvdGVjdGlvbi9zZWN1cml0eS1wb2xpY3ktc2V0dGluZ3MvbWF4aW11bS1saWZldGltZS1mb3Itc2VydmljZS10aWNrZXQ=&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=QUVqSWdWRzMvRFYvNCszWUp5bEdKMjVQVm9mRUV0N1NGRUhCc0ZOeXpwQT0=&h=a928a399969c4f10ba8bfe61e14bdec6>

https://eu-west-1.protection.sophos.com?d=microsoft.com&u=aHR0cHM6Ly9kb2NzLm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93cy9zZWN1cml0eS90aHJlYXQtcHJvdGVjdGlvbi9zZWN1cml0eS1wb2xpY3ktc2V0dGluZ3MvbWF4aW11bS1saWZldGltZS1mb3Itc2VydmljZS10aWNrZXQ=&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=QUVqSWdWRzMvRFYvNCszWUp5bEdKMjVQVm9mRUV0N1NGRUhCc0ZOeXpwQT0=&h=a928a399969c4f10ba8bfe61e14bdec6

 )


        forwardable = true

        proxiable = true


And, is keyutils installed?

Pam settings correct to use cached passwords?


All i can say here, because i dont know Suse that good.



Greetz,


Louis



-----Oorspronkelijk bericht-----

Van: samba [mailto:

<mailto:samba-bounces at lists.samba.org>

samba-bounces at lists.samba.org

] Namens

David Mace via samba

Verzonden: maandag 7 september 2020 10:51

Aan:

<mailto:samba at lists.samba.org>

samba at lists.samba.org


Onderwerp: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED


Hi,


Looking for some help with this issue, been struggling for a few weeks


We run a file server using Samba 4.9.5 (openSUSE Leap 15.2

4.9.5+git.343.4bc358522a9-lp151.2.27.1).


Active Directory using Windows Server 2016. The Samba server is a

member of the domain. Windows 10 desktops and Linux desktops are also

domain members.


Windows 10 desktops map network drives to the Samba server, no issues

seen. Everything appears to be working.


Linux desktops map shares using GVFS `gio mount` command and

authenticate with user's kerberos ticket.


After 10 hours or so, the gio mounts become inaccessible. GNOME

Nautilus gives error "invalid argument".


GVFS debug log shows


smbc_stat(smb://fileserver.domain.co.uk/share)

SMBC_getatr: sending qpathinfo

map_errno_from_nt_status: 32 bit codes: code=c000035c

smbc errno NT_STATUS_NETWORK_SESSION_EXPIRED -> 22

smb: send_reply(0x7fb930002840), failed=1 (Invalid argument)

smb: backend_dbus_handler org.gtk.vfs.Mount:QueryInfo (pid=24714)

smb: Queued new job 0x7fb924007700 (GVfsJobQueryInfo)



These Linux desktops also mount shares from a Windows Server 2012

server, using gio mount, and do not experience the same issue. Only

when Linux desktops map to the Samba server do we see this issue


Thanks

This e-mail and any files transmitted with it are

confidential and may be legally privileged. If you receive it

in error or are not the intended recipient you must not copy,

distribute or take any action in reliance upon it. Instead,

please notify us immediately by telephoning +44 (20) 7482

0077 and delete the material from your systems. Smartodds is

a business carried on by Smartodds Limited, a company

registered with the Registrar of Companies for England and

Wales with number 05108548. Registered office: Unit 540

Highgate Studios, 53-79 Highgate Road, London NW5 1TL

--

To unsubscribe from this list go to the following URL and read the

instructions:

<https://eu-west-1.protection.sophos.com?d=samba.org&u=aHR0cHM6Ly9saXN0cy5zYW1iYS5vcmcvbWFpbG1hbi9vcHRpb25zL3NhbWJh&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=SU1BUUNmcWlyeUJwZnBvVGh6YkdtRUhJL2Y1bk45RGlQeVo1ZEJvTHNpWT0=&h=a928a399969c4f10ba8bfe61e14bdec6>

https://eu-west-1.protection.sophos.com?d=samba.org&u=aHR0cHM6Ly9saXN0cy5zYW1iYS5vcmcvbWFpbG1hbi9vcHRpb25zL3NhbWJh&i=NWNhNWZmZWYwNzBlM2MxNmQzYTQ1ZGM1&t=SU1BUUNmcWlyeUJwZnBvVGh6YkdtRUhJL2Y1bk45RGlQeVo1ZEJvTHNpWT0=&h=a928a399969c4f10ba8bfe61e14bdec6






This e-mail and any files transmitted with it are confidential and may be legally privileged. If you receive it in error or are not the intended recipient you must not copy, distribute or take any action in reliance upon it. Instead, please notify us immediately by telephoning +44 (20) 7482 0077 and delete the material from your systems. Smartodds is a business carried on by Smartodds Limited, a company registered with the Registrar of Companies for England and Wales with number 05108548. Registered office: Unit 540 Highgate Studios, 53-79 Highgate Road, London NW5 1TL

More information about the samba mailing list