[Samba] samba client

jacek burghardt jaceksburghardt at gmail.com
Wed Sep 13 13:42:47 UTC 2023 

I am running samba client on arch linux and I run a hardening script on my
domain controller that generated new gpos.  Now I unable to mount windows
server on linux clients.
 1473.134869] CIFS: VFS: \\192.168.50.4 Send error in SessSetup = -5
[ 1473.134886] CIFS: VFS: cifs_mount failed w/return code = -5
[ 2725.958482] CIFS: Attempting to mount //192.168.50.4/radio
[ 2725.965412] CIFS: Status code returned 0xc000018d
STATUS_TRUSTED_RELATIONSHIP_FAILURE
[ 2725.965428] CIFS: VFS: \\192.168.50.4 Send error in SessSetup = -5
[ 2725.965450] CIFS: VFS: cifs_mount failed w/return code = -5
wbinfo -u works fine
  ldb_wrap open of secrets.ldb
[2023/09/13 04:26:24.445968,  1]
../../source3/rpc_client/cli_pipe.c:550(cli_pipe_validate_current_pdu)
  ../../source3/rpc_client/cli_pipe.c:550: RPC fault code
DCERPC_FAULT_ACCESS_DENIED received from host den-dc01.HEBE.US!
[2023/09/13 04:26:24.446950,  3]
../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2023/09/13 04:26:24.450943,  1]
../../source3/rpc_client/cli_pipe.c:550(cli_pipe_validate_current_pdu)
  ../../source3/rpc_client/cli_pipe.c:550: RPC fault code
DCERPC_FAULT_ACCESS_DENIED received from host den-dc01.HEBE.US!
[2023/09/13 04:26:24.451308,  1]
../../source3/winbindd/winbindd_cm.c:2688(cm_connect_sam)
  Unwilling to make SAMR connection to domain HEBE without connection level
security, must set 'winbind sealed pipes:HEBE = false' and 'require strong
key:H>
[2023/09/13 04:26:24.452234,  3]
../../source3/winbindd/winbindd_msrpc.c:820(msrpc_lockout_policy)
  msrpc_lockout_policy: fetch lockout policy for HEBE
[2023/09/13 04:26:24.452263,  3]
../../source3/winbindd/winbindd_cm.c:1918(connection_ok)
  connection_ok: Connection to den-dc01.HEBE.US for domain HEBE is not
connected
[2023/09/13 04:26:24.452318,  3]
../../source3/libsmb/namequery.c:2387(resolve_hosts)
  resolve_hosts: Attempting host lookup for name den-dc01.HEBE.US<0x20>
[2023/09/13 04:26:24.453729,  3]
../../source3/libads/ldap.c:916(ads_connect)
  Successfully contacted LDAP server 192.168.1.8
Is the way to fix it on linux side or I need to disable something in gpo ?

More information about the samba mailing list