[Samba] winbindd authentication fails with NT_STATUS_RPC_SEC_PKG_ERROR intermittently
Bharath Bheemarasetti
bharath.bheemarasetti at gmail.com
Thu Jun 1 21:51:03 UTC 2023
Hi,
I recently upgraded a smb server from Ubuntu 18.04 to Ubuntu 20.04 which
required the Samba version to be upgraded from 4.7.6 to 4.15.13.
Post the upgrade, winbind authentication fails
with NT_STATUS_RPC_SEC_PKG_ERROR intermittently. The error goes away on
restarting the smb service but comes back after some time. There were no
isses with the setup before the upgrade.
Tried clearing the cached tdb files as well but the issue still come back
after some time.
Logs (replaced domain, username and workstation values):
[2023/05/31 17:00:23.634152, 3]
../../auth/ntlmssp/ntlmssp_server.c:509(ntlmssp_server_preauth)
Got user=[<user>] domain=[<domain>] workstation=[<workstation>] len1=24
len2=262
[2023/05/31 17:00:23.634173, 5]
../../source3/auth/auth_util.c:123(make_user_info_map)
Mapping user [<domain>]\[<user>] from workstation [<workstation>]
[2023/05/31 17:00:23.634179, 5]
../../source3/auth/user_info.c:64(make_user_info)
attempting to make a user_info for <user> (<user>)
[2023/05/31 17:00:23.634184, 5]
../../source3/auth/user_info.c:72(make_user_info)
making strings for <user>'s user_info struct
[2023/05/31 17:00:23.634192, 5]
../../source3/auth/user_info.c:117(make_user_info)
making blobs for <user>'s user_info struct
[2023/05/31 17:00:23.634198, 3]
../../source3/auth/auth.c:200(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[<domain>]\[<user>]@[<workstation>] with the new password interface
[2023/05/31 17:00:23.634204, 3]
../../source3/auth/auth.c:203(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [<domain>]\[<user>]@[<workstation>]
[2023/05/31 17:00:23.634209, 5] ../../lib/util/util.c:722(dump_data)
[0000] F6 7D 2D B1 0B 86 57 D7 .}-...W.
[2023/05/31 17:00:23.634224, 4]
../../source3/smbd/sec_ctx.c:215(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2023/05/31 17:00:23.634235, 4] ../../source3/smbd/uid.c:561(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2023/05/31 17:00:23.634240, 4]
../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2023/05/31 17:00:23.634245, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Security token: (NULL)
[2023/05/31 17:00:23.634249, 5]
../../source3/auth/token_util.c:873(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2023/05/31 17:00:23.639376, 4]
../../source3/smbd/sec_ctx.c:437(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2023/05/31 17:00:23.639388, 5]
../../source3/auth/auth.c:258(auth_check_ntlm_password)
auth_check_ntlm_password: winbind authentication for user [<user>] FAILED
with error NT_STATUS_RPC_SEC_PKG_ERROR, authoritative=1
[2023/05/31 17:00:23.639406, 2]
../../source3/auth/auth.c:344(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [<user>] -> [<user>] FAILED
with error NT_STATUS_RPC_SEC_PKG_ERROR, authoritative=1
[2023/05/31 17:00:23.639427, 2]
../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [<domain>]\[<user>] at [Wed, 31 May 2023
17:00:23.639416 UTC] with [NTLMv2] status [NT_STATUS_RPC_SEC_PKG_ERROR]
workstation [<workstation>] remote host [ipv4:127.0.0.1:41710] mapped to
[<domain>]\[<user>]. local host [ipv4:127.0.0.138:1445]
{"timestamp": "2023-05-31T17:00:23.639487+0000", "type": "Authentication",
"Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625,
"logonId": "0", "logonType": 3, "status": "NT_STATUS_RPC_SEC_PKG_ERROR",
"localAddress": "ipv4:127.0.0.138:1445", "remoteAddress": "ipv4:
127.0.0.1:41710", "serviceDescription": "SMB2", "authDescription": null,
"clientDomain": "<domain>", "clientAccount": "<user>", "workstation":
"<workstation>", "becameAccount": null, "becameDomain": null, "becameSid":
null, "mappedAccount": "<user>", "mappedDomain": "<domain>",
"netlogonComputer": null, "netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration":
6683}}
[2023/05/31 17:00:23.639520, 5]
../../source3/auth/auth_ntlmssp.c:210(auth3_check_password_send)
auth3_check_password_send: Checking NTLMSSP password for <domain>\<user>
failed: NT_STATUS_RPC_SEC_PKG_ERROR, authoritative=1
[2023/05/31 17:00:23.639533, 4]
../../source3/smbd/sec_ctx.c:437(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2023/05/31 17:00:23.639547, 5]
../../auth/ntlmssp/ntlmssp_server.c:813(ntlmssp_server_auth_done)
ntlmssp_server_auth_done: Checking NTLMSSP password for <domain>\<user>
failed: NT_STATUS_RPC_SEC_PKG_ERROR
[2023/05/31 17:00:23.639556, 5]
../../auth/gensec/gensec.c:534(gensec_update_done)
gensec_update_done: ntlmssp[0x55b8d9521400]: NT_STATUS_RPC_SEC_PKG_ERROR
[2023/05/31 17:00:23.639564, 3]
../../auth/gensec/spnego.c:1443(gensec_spnego_server_negTokenTarg_step)
gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed:
NT_STATUS_RPC_SEC_PKG_ERROR
[2023/05/31 17:00:23.639571, 5]
../../auth/gensec/gensec.c:534(gensec_update_done)
gensec_update_done: spnego[0x55b8d94e1fd0]: NT_STATUS_RPC_SEC_PKG_ERROR
Below is the configuration:
security = ads
server role = member server
auth methods = winbind
idmap config * : backend = tdb
idmap config * : range = 10000-24999999
winbind enum users = yes
winbind enum groups = yes
usershare allow guests = no
map untrusted to domain = Yes
allow trusted domains = no
More information about the samba
mailing list