Connecting S3 Print server to S4
Aaron E.
ssureshot at gmail.com
Wed May 9 07:50:51 MDT 2012
I posted this a few days ago in General and then posted it was fixed
after compile of newest version of kerberos with S3 Compiled .. This
worked for a short period then reverted back.. I've been at this issue
for 5 days with no resolution.. I've used built in packages,, compiled
from source a few times.. ect..
Server is Samba 4, Print Server is Samba3, Member terminal server is
2008R2. OS = Ubuntu 10.4 lts
Problem is I can browse to the print server via "\\IP" and it works
perfect, when I browse with "\\name" it prompts for a username and pass
but will never connect.. Below is a full debug of the machine log..
After the log Ill have relevent smb.conf and krb5.conf (please note that
these configs are just what I have current and have tested many many
options)
Notes -- kinit works, DNS FlatFile,, All dns works and can resolve SRV
records.. wbinfo / getent all work and pull users/groups..
[2012/05/09 09:18:56, 3] smbd/oplock.c:911(init_oplocks)
init_oplocks: initializing messages.
[2012/05/09 09:18:56, 3] smbd/oplock_linux.c:223(linux_init_kernel_oplocks)
Linux kernel oplocks enabled
[2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb)
Transaction 0 of length 159 (0 toread)
[2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message)
switch message SMBnegprot (pid 1852) conn 0x0
[2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [LANMAN1.0]
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [LM1.2X002]
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [LANMAN2.1]
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [NT LM 0.12]
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [SMB 2.002]
[2012/05/09 09:18:56, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [SMB 2.???]
[2012/05/09 09:18:56, 3] smbd/negprot.c:387(reply_nt1)
using SPNEGO
[2012/05/09 09:18:56, 3] smbd/negprot.c:672(reply_negprot)
Selected protocol NT LM 0.12
[2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb)
Transaction 1 of length 1764 (0 toread)
[2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 1852) conn 0x0
[2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1619
[2012/05/09 09:18:56, 0]
libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket)
krb5_rd_req failed (Wrong principal in request)
[2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in
request)
[2012/05/09 09:18:56, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/05/09 09:18:56, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb)
Transaction 2 of length 1764 (0 toread)
[2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 1852) conn 0x0
[2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 1852) conn 0x0
[2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1619
[2012/05/09 09:18:56, 0]
libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket)
krb5_rd_req failed (Wrong principal in request)
[2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in
request)
[2012/05/09 09:18:56, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/05/09 09:18:56, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb)
Transaction 3 of length 1764 (0 toread)
[2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 1852) conn 0x0
[2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1619
[2012/05/09 09:18:56, 0]
libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket)
krb5_rd_req failed (Wrong principal in request)
[2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in
request)
[2012/05/09 09:18:56, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/05/09 09:18:56, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2012/05/09 09:18:56, 3] smbd/process.c:1459(process_smb)
Transaction 4 of length 1764 (0 toread)
[2012/05/09 09:18:56, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 1852) conn 0x0
[2012/05/09 09:18:56, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/05/09 09:18:56, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/05/09 09:18:56, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1619
[2012/05/09 09:18:56, 0]
libads/kerberos_verify.c:72(ads_dedicated_keytab_verify_ticket)
krb5_rd_req failed (Wrong principal in request)
[2012/05/09 09:18:56, 3] libads/kerberos_verify.c:568(ads_verify_ticket)
ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in
request)
[2012/05/09 09:18:56, 1] smbd/sesssetup.c:342(reply_spnego_kerberos)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/05/09 09:18:56, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2012/05/09 09:19:09, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2012/05/09 09:19:09, 0] lib/util_sock.c:1498(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2012/05/09 09:19:09, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/05/09 09:19:09, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2012/05/09 09:19:09, 3] smbd/server.c:849(exit_server_common)
Server exit (failed to receive smb request)
~
~
[global]
os level = 33
domain master = no
netbios name = appsrv1
workgroup = ASTROINTERNAL
realm = ASTROINTERNAL.COM
preferred master = no
server string = Linux Appsrv1
security = ADS
password server = astrodc1.astrointernal.com
encrypt passwords = yes
# private dir = /var/lib/samba
log level = 3
log file = /var/log/samba/log.%m
max log size = 5000
printcap name = cups
printing = cups
cups options = raw
load printers = yes
# bind interfaces only = yes
# interfaces = 127.0.0.1 bond0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
allow trusted domains = yes
winbind enum users = Yes
winbind enum groups = Yes
# winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = /
idmap uid = 1000-20000
idmap gid = 1000-20000
;template primary group = "Domain Users"
template shell = /bin/bash
# client use spnego = yes
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab
[libdefaults]
default_realm = ASTROINTERNAL.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
allow_weak_crypto = true
forwardable = yes
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
[realms]
ASTROINTERNAL.COM = {
kdc = astrodc1.astrointernal.com
admin_server = astrodc1.astrointernal.com
default_domain = astroshapes.com
}
[domain_realm]
.astrointernal.com = ASTROINTERNAL.COM
astrointernal.com = ASTROINTERNAL.COM
More information about the samba-technical
mailing list