more samba4 upgrade problems: share not accessible

Thu Jan 13 15:40:50 MST 2011

On 01/13/2011 05:18 PM, Aaron Solochek wrote:
> On 01/11/2011 04:21 PM, Aaron Solochek wrote:
>> I'm going to try to give a complete picture of my install here.  I built the
>> latest git source, configured with:
>>
>> ./configure --disable-rpath --disable-rpath-install --localstatedir=/var
>> --sysconfdir=/etc --prefix=/usr/local/samba --with-piddir=/var/run
>>
>> That is basically the same configuration the debian packages I was previously
>> using used.  I'm doing this so if those packages ever get fixed, I can go back
>> to using them.
>>
>> Then I created links in /usr/local/{bin,sbin,lib,share} for everything in
>> /usr/local/samba.  I made sure to create links for everything, including stuff
>> down in the python subdirectories.
>>
>> I moved /usr/local/samba/private to private.orig and replaced it with a link to
>> /var/lib/samba/private, since that's where my data lives.
>>
>> I am not sure if /usr/local/samba/modules needs to be linked to from somewhere else.
>>
>>
>> When I try to get to my share, windows says "an internal error has occurred."
>>
>> I ran samba with log level = 4 and debug level = 6, and attached it.  The log is
>> nothing more than starting the server, double clicking on my windows share to
>> get the error message, then stopping the server.
>>
>> I can't tell if the log even shows anything about the connection.  The share
>> name is bitbucket.  I see it parsing the config and disconnecting when I
>> shutdown the server, but that's it.  Hopefully someone else will see something
>> useful in the log.
>>
> 
> Has anyone taken a look at this?  I upgraded again this morning hoping something
> fixed it, and still no luck.
> 
> Is there something I should look for in the samba log when it returns an
> internal error to the client?
> 

Ok, running it interactively made it a bit easier to see what's going on when I
attempt to connect to the share.  I'm seeing the following potentially relevant
things:

Could not find machine account in secrets database:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: Could not find entry to match filter:
'(&(flatname=WORKGROUP)(objectclass=primaryDomain))' base: 'cn=Primary Domains':
No such object: (null)

(normal if no LDAP backend) Could not find entry to match filter:
'(&(objectclass=ldapSecret)(cn=SAMDB Credentials))' base: '': No such object: (null)
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
No machine account credentials specified
Failed to start GENSEC server mech gssapi_krb5: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Starting GENSEC submechanism ntlmssp
using SPNEGO
Selected protocol [5][NT LM 0.12]
switch message SMBsesssetupX (task_id 25197)

(normal if no LDAP backend) Could not find entry to match filter:
'(&(objectclass=ldapSecret)(cn=SAMDB Credentials))' base: '': No such object: (null)
Starting GENSEC mechanism schannel
Request for schannel to incorrect domain: FOO != our domain WORKGROUP
GENSEC mech rejected the incoming authentication at bind_ack:
NT_STATUS_LOGON_FAILURE
switch message SMBclose (task_id 25474)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
switch message SMBclose (task_id 25474)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
switch message SMBtdis (task_id 25474)
ipv4:10.1.10.240:39900 closed connection to service IPC$
Terminating connection - 'NT_STATUS_END_OF_FILE'
Terminating connection - 'NT_STATUS_END_OF_FILE'
standard_terminate: reason[NT_STATUS_END_OF_FILE]

So my secrets.tdb only has like 6 keys in it.  It certainly doesn't have a key
for every machine.  It only has 2 machine keys, apparently.  One for the DC, and
one for a print spooler VM.  Is this expected?

-Aaron