Samba4 - NO delegated credentials error seen intermittently
priya sehgal
priyagps at yahoo.co.in
Wed Nov 5 21:34:56 GMT 2008
Hello,
I have configured my samba server (samba)to work as CIFS Proxy Server,
in a Windows 2k3 domain. CIFS Proxy server is also "Trusted for Delegation"
on the Windows 2K3. I was able to access the backend CIFS Servers,
through my proxy w/o any problem sometimes.
But, I am seeing the following error intermittently
"CIFS backend: NO delegated credentials found: You must supply server, user and password or the client must supply delegated credentials
make_connection: NTVFS make connection failed!"
The smbd logs are as follows. Please let me know what extra care needs to
be taken and how can it be fixed?
Processing section "[sysvol]"
Processing section "[homes]"
Unknown parameter encountered: "valid users"
Ignoring unknown parameter "valid users"
Processing section "[share1]"
Processing section "[linuxsmb1]"
Processing section "[winshare1]"
Processing section "[winshare2]"
Processing section "[winshare3]"
Processing section "[priyashare1]"
Processing section "[pcifs1_s1]"
Processing section "[cifs3_f1]"
Processing section "[cifs4_f2]"
Processing section "[IPC$]"
Processing section "[ADMIN$]"
adding hidden service IPC$
adding hidden service ADMIN$
smbd version 4.0.0alpha4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
GENSEC backend 'sasl-DIGEST-MD5' registered
AUTH backend 'winbind_samba3' registered
AUTH backend 'winbind' registered
AUTH backend 'name_to_ntstatus' registered
AUTH backend 'fixed_challenge' registered
AUTH backend 'unix' registered
AUTH backend 'anonymous' registered
AUTH backend 'sam' registered
AUTH backend 'sam_ignoredomain' registered
GENSEC backend 'krb5' registered
gensec subsystem fake_gssapi_krb5 is disabled
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
gensec subsystem gssapi_spnego is disabled
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'ntlmssp' registered
NTPTR backend 'simple_ldb'
NTVFS backend 'simple' for type 1 registered
ENTER ntvfs_cifs_init
NTVFS backend 'cifs' for type 1 registered
NTVFS backend 'nbench' for type 1 registered
NTVFS backend 'unixuid' for type 1 registered
NTVFS backend 'unixuid' for type 3 registered
NTVFS backend 'unixuid' for type 2 registered
NTVFS backend 'cifsposix' for type 1 registered
NTVFS backend 'smb2' for type 1 registered
NTVFS backend 'default' for type 2 registered
NTVFS backend 'xattr' registered
NTVFS backend 'nfs4acl' registered
NTVFS backend 'default' for type 3 registered
NTVFS backend 'default' for type 1 registered
NTVFS backend 'posix' for type 1 registered
PROCESS_MODEL 'standard' registered
PROCESS_MODEL 'prefork' registered
PROCESS_MODEL 'single' registered
SHARE backend [ldb] registered.
SHARE backend [classic] registered.
DCERPC endpoint server 'wkssvc' registered
DCERPC endpoint server 'drsuapi' registered
DCERPC endpoint server 'spoolss' registered
DCERPC endpoint server 'winreg' registered
DCERPC endpoint server 'epmapper' registered
DCERPC endpoint server 'srvsvc' registered
DCERPC endpoint server 'netlogon' registered
DCERPC endpoint server 'rpcecho' registered
DCERPC endpoint server 'unixinfo' registered
DCERPC endpoint server 'samr' registered
DCERPC endpoint server 'remote' registered
DCERPC endpoint server 'dssetup' registered
DCERPC endpoint server 'lsarpc' registered
New event context requested. Parent: [autofree_context:0x8b91620]
smbd: using 'single' process model
added interface ip=192.168.6.253 nmask=255.255.0.0
task_server_terminate: [ldap_server: no LDAP server required in member server configuration]
single_terminate: reason[ldap_server: no LDAP server required in member server configuration]
added interface ip=192.168.6.253 nmask=255.255.0.0
task_server_terminate: [cldap_server: no CLDAP server required in member server configuration]
single_terminate: reason[cldap_server: no CLDAP server required in member server configuration]
task_server_terminate: [kdc: no KDC required in member server configuration]
single_terminate: reason[kdc: no KDC required in member server configuration]
task_server_terminate: [dreplsrv: no DSDB replication required in domain member configuration]
single_terminate: reason[dreplsrv: no DSDB replication required in domain member configuration]
Registered LINUX_SAMBA<00> with 192.168.6.253 on interface 192.168.255.255
Registered LINUX_SAMBA<03> with 192.168.6.253 on interface 192.168.255.255
Registered LINUX_SAMBA<20> with 192.168.6.253 on interface 192.168.255.255
Registered PRIYADOMAIN<00> with 192.168.6.253 on interface 192.168.255.255
using SPNEGO
Selected protocol [5][NT LM 0.12]
Got NTLMSSP neg_flags=0xe2088297
Got user=[] domain=[] workstation=[PRIYA] len1=1 len2=0
auth_check_password_send: Checking password for unmapped user []\[]@[PRIYA]
auth_check_password_send: mapped user is: [PRIYADOMAIN]\[]@[PRIYA]
Got NTLMSSP neg_flags=0xe2088297
Got user=[Administrator] domain=[PRIYADOMAIN] workstation=[PRIYA] len1=24 len2=24
auth_check_password_send: Checking password for unmapped user [PRIYADOMAIN]\[Administrator]@[PRIYA]
auth_check_password_send: mapped user is: [PRIYADOMAIN]\[Administrator]@[PRIYA]
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
nbtd_getdcname called
Received dgram packet of length 264 from 192.168.6.217:138
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
Received smb_krb5 packet of length 321
Received smb_krb5 packet of length 1335
added interface ip=192.168.6.253 nmask=255.255.0.0
Received smb_krb5 packet of length 1284
Received smb_krb5 packet of length 1308
added interface ip=192.168.6.253 nmask=255.255.0.0
Received smb_krb5 packet of length 1284
Received smb_krb5 packet of length 1308
Received smb_krb5 packet of length 1308
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
added interface ip=192.168.6.253 nmask=255.255.0.0
Received smb_krb5 packet of length 1284
Received smb_krb5 packet of length 1308
ldap_bind returned NT_STATUS_OK
ENTER cvfs_connect
CIFS backend: NO delegated credentials found: You must supply server, user and password or the client must supply delegated credentials
make_connection: NTVFS make connection failed!
192.168.6.227 closed connection to service priyashare1
ENTER cvfs_disconnect
Got NTLMSSP neg_flags=0xe2088297
Got user=[Administrator] domain=[PRIYADOMAIN] workstation=[PRIYA] len1=24 len2=24
auth_check_password_send: Checking password for unmapped user [PRIYADOMAIN]\[Administrator]@[PRIYA]
auth_check_password_send: mapped user is: [PRIYADOMAIN]\[Administrator]@[PRIYA]
ENTER cvfs_connect
CIFS backend: NO delegated credentials found: You must supply server, user and password or the client must supply delegated credentials
make_connection: NTVFS make connection failed!
192.168.6.227 closed connection to service priyashare1
ENTER cvfs_disconnect
Got NTLMSSP neg_flags=0xe2088297
Got user=[Administrator] domain=[PRIYADOMAIN] workstation=[PRIYA] len1=24 len2=24
auth_check_password_send: Checking password for unmapped user [PRIYADOMAIN]\[Administrator]@[PRIYA]
auth_check_password_send: mapped user is: [PRIYADOMAIN]\[Administrator]@[PRIYA]
ENTER cvfs_connect
CIFS backend: NO delegated credentials found: You must supply server, user and password or the client must supply delegated credentials
make_connection: NTVFS make connection failed!
192.168.6.227 closed connection to service priyashare1
ENTER cvfs_disconnect
Thanks,
Priya
More information about the samba-technical
mailing list