samba4 DC with samba 3.4.7 issue
Daniele Dario
d.dario76 at gmail.com
Wed Dec 21 07:58:58 MST 2011
Hi all,
my sbs2k3 DC definetly crashed.
Last months I joined the domain with a samba4 Version
4.0.0alpha18-GIT-62ccae3 and this now allows users to login to the
domain.
I managed to move the bind9 from slave to master for the zones (at this
time not with DLZ plugin) and as per the samba4 howto using
tkey-gssapi-keytab option ddns update seems to work right.
The problem I'm facing is that I have a samba 3.4.7 fileserver joined to
the domain and now users are unable to connect the network shares.
What I'm seeing in the samba4 logs is:
...
[2011/12/21 15:49:40,
3] ../libcli/auth/schannel_state_tdb.c:180(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:49:40,
3] ../libcli/auth/schannel_state_tdb.c:110(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:49:40,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:40,
3] ../source4/auth/ntlm/auth.c:243(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user
[SAITEL]\[samuele]@[\\LENOVO-R61]
auth_check_password_send: mapped user is: [SAITEL]\[samuele]@[\
\LENOVO-R61]
[2011/12/21 15:49:41,
3] ../source4/smb_server/tcon.c:106(smbsrv_tcon_destructor)
ipv4:192.168.12.60:1505 closed connection to service IPC$
[2011/12/21 15:49:41,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_END_OF_FILE'
[2011/12/21 15:49:41,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_END_OF_FILE'
[2011/12/21 15:49:41,
2] ../source4/smbd/process_standard.c:210(standard_terminate)
standard_terminate: reason[NT_STATUS_END_OF_FILE]
[2011/12/21 15:49:42,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:42,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:42,
3] ../source4/smb_server/smb/negprot.c:399(reply_nt1)
using SPNEGO
[2011/12/21 15:49:42,
3] ../source4/smb_server/smb/negprot.c:528(smbsrv_reply_negprot)
Selected protocol [8][NT LANMAN 1.0]
[2011/12/21 15:49:42,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:42,
3] ../source4/auth/ntlm/auth.c:243(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user
[]\[]@[192.168.12.6]
auth_check_password_send: mapped user is: [SAITEL]\[]@[192.168.12.6]
[2011/12/21 15:49:42,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:42,
3] ../libcli/auth/schannel_state_tdb.c:110(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:49:42,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:42,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:42,
3] ../libcli/auth/schannel_state_tdb.c:180(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:49:42,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2011/12/21 15:49:42,
3] ../source4/smbd/process_single.c:104(single_terminate)
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
[2011/12/21 15:49:42,
3] ../libcli/auth/schannel_state_tdb.c:180(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:49:42,
3] ../libcli/auth/schannel_state_tdb.c:110(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:49:42,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:49:42,
3] ../source4/auth/ntlm/auth.c:243(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user
[SAITEL]\[ABORT]@[\\LENOVO-R61]
auth_check_password_send: mapped user is: [SAITEL]\[ABORT]@[\
\LENOVO-R61]
[2011/12/21 15:49:42,
3] ../source4/auth/ntlm/auth_sam.c:61(authsam_search_account)
sam_search_user: Couldn't find user [ABORT] in samdb, under
DC=Saitel,DC=local
[2011/12/21 15:49:42,
2] ../source4/auth/ntlm/auth.c:393(auth_check_password_recv)
auth_check_password_recv: sam_ignoredomain authentication for user
[SAITEL\ABORT] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/12/21 15:49:42,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2011/12/21 15:49:42,
3] ../source4/smb_server/tcon.c:106(smbsrv_tcon_destructor)
ipv4:192.168.12.6:47202 closed connection to service IPC$
[2011/12/21 15:49:42,
3] ../source4/smbd/process_single.c:104(single_terminate)
[2011/12/21 15:49:42,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_END_OF_FILE'
[2011/12/21 15:49:42,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_END_OF_FILE'
[2011/12/21 15:49:42,
2] ../source4/smbd/process_standard.c:210(standard_terminate)
standard_terminate: reason[NT_STATUS_END_OF_FILE]
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
[2011/12/21 15:49:49,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to SAITEL<1c> from 192.168.12.57:138
[2011/12/21 15:49:50,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to SAITEL<1c> from 192.168.12.57:138
[2011/12/21 15:49:50,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to SAITEL<1c> from 192.168.12.57:138
[2011/12/21 15:49:51,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to KDC02<00> from 192.168.12.57:138
[2011/12/21 15:49:58,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to KDC02<00> from 192.168.12.57:138
[2011/12/21 15:50:02,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to SAITEL<1c> from 192.168.12.55:138
[2011/12/21 15:50:03,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to SAITEL<1c> from 192.168.12.55:138
[2011/12/21 15:50:03,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to SAITEL<1c> from 192.168.12.55:138
[2011/12/21 15:50:04,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:04,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:04,
3] ../source4/smb_server/smb/negprot.c:399(reply_nt1)
using SPNEGO
[2011/12/21 15:50:04,
3] ../source4/smb_server/smb/negprot.c:528(smbsrv_reply_negprot)
Selected protocol [8][NT LANMAN 1.0]
[2011/12/21 15:50:04,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:04,
3] ../source4/auth/ntlm/auth.c:243(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user
[]\[]@[192.168.12.6]
auth_check_password_send: mapped user is: [SAITEL]\[]@[192.168.12.6]
[2011/12/21 15:50:04,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:04,
3] ../libcli/auth/schannel_state_tdb.c:110(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:50:04,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:04,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:04,
3] ../libcli/auth/schannel_state_tdb.c:180(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:50:04,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2011/12/21 15:50:04,
3] ../source4/smbd/process_single.c:104(single_terminate)
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
[2011/12/21 15:50:04,
3] ../libcli/auth/schannel_state_tdb.c:180(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:50:04,
3] ../libcli/auth/schannel_state_tdb.c:110(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/FILESRV01
[2011/12/21 15:50:04,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:04,
3] ../source4/auth/ntlm/auth.c:243(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user
[SAITEL]\[ABORT]@[\\LENOVO-R61]
auth_check_password_send: mapped user is: [SAITEL]\[ABORT]@[\
\LENOVO-R61]
[2011/12/21 15:50:04,
3] ../source4/auth/ntlm/auth_sam.c:61(authsam_search_account)
sam_search_user: Couldn't find user [ABORT] in samdb, under
DC=Saitel,DC=local
[2011/12/21 15:50:04,
2] ../source4/auth/ntlm/auth.c:393(auth_check_password_recv)
auth_check_password_recv: sam_ignoredomain authentication for user
[SAITEL\ABORT] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/12/21 15:50:04,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2011/12/21 15:50:04,
3] ../source4/smb_server/tcon.c:106(smbsrv_tcon_destructor)
ipv4:192.168.12.6:47203 closed connection to service IPC$
[2011/12/21 15:50:04,
3] ../source4/smbd/process_single.c:104(single_terminate)
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
[2011/12/21 15:50:04,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_END_OF_FILE'
[2011/12/21 15:50:04,
3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_END_OF_FILE'
[2011/12/21 15:50:04,
2] ../source4/smbd/process_standard.c:210(standard_terminate)
standard_terminate: reason[NT_STATUS_END_OF_FILE]
[2011/12/21 15:50:05,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to KDC02<00> from 192.168.12.57:138
[2011/12/21 15:50:13,
2] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
netlogon request to KDC02<00> from 192.168.12.57:138
[2011/12/21 15:50:14,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:14,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:14,
3] ../source4/smb_server/smb/negprot.c:399(reply_nt1)
using SPNEGO
[2011/12/21 15:50:14,
3] ../source4/smb_server/smb/negprot.c:528(smbsrv_reply_negprot)
Selected protocol [5][NT LM 0.12]
[2011/12/21 15:50:14,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:20,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:20,
3] ../libcli/auth/schannel_state_tdb.c:110(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/AMM01
[2011/12/21 15:50:20,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:20,
3] ../lib/ldb-samba/ldb_wrap.c:316(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2011/12/21 15:50:20,
3] ../libcli/auth/schannel_state_tdb.c:180(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/AMM01
[2011/12/21 15:50:20,
3] ../source4/rpc_server/dcerpc_server.c:961(dcesrv_request)
...
>From my laptop, smbclient //kdc02/netlogon -U daniele works correctly
and the same happens running the command from the file server.
>From the fileserver, kinit -U a_user_of_the_domain works.
What can be the problem?
Please help me because, samba4 saved my ass avoiding to loose the domain
credentials but this is vane if users can't use the network shares.
Daniele.
More information about the samba-technical
mailing list