[Samba] can not access samba drive on Redhat ES 4

Bober, Mark mark at seas.wustl.edu
Thu Oct 15 11:34:48 MDT 2009 

I ended up compiling from source on both, so as not to interfere with
the rest of the system. Best not to chance it, especially with that big
of a jump on Kerberos. (I may be overly paranoid) I've only got 4
systems I need to modify though, and they're all the same, arch and
os-wise.

My configure lines were:

Samba:

  $ ./configure --prefix=/usr/local/samba --with-ads --with-ldap
--with-krb5 --with-setproctitle --with-cifsupcall --with-mmap
--with-quotas

Kerberos:

  $ ./configure --prefix=/usr/local/samba --enable-dns-for-realm

I put them in the same prefix, so that in the /etc/init.d/smb, I added
the line:

LD_LIBRARY_PATH=/usr/local/samba/lib
export LD_LIBRARY_PATH

right before the "start{} {" line in the script. The daemon will see the
new libs first. Some modifications are needed to the smb.conf file, I
got away with just this:

#use kerberos keytab = true
kerberos method = system keytab

It'll complain about others if you have them.

Mark


-----Original Message-----
From: Kathy Khagani [mailto:kkhagani at stec-inc.com] 
Sent: Thursday, October 15, 2009 12:24 PM
To: Bober, Mark
Subject: RE: [Samba] can not access samba drive on Redhat ES 4

For Redhat ES 4 the available samba is 3.0.33 and Kerberos is 1.3.4, on
the Redhat site. I guess I can download from other sites. If anyone
knows of any incompatibility please let me know.

-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Bober, Mark
Sent: Thursday, October 15, 2009 10:05 AM
To: samba at lists.samba.org
Subject: Re: [Samba] can not access samba drive on Redhat ES 4

I just fixed that same issue (CentOS 5) updating to Samba 3.4.2 linked
against Kerberos 1.7 - we were working against 2008R2, specifically
referring to this part of the log:

[2009/10/12 12:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
<-------------

I don't know if the newest Samba is necessary, but I do know the
Kerberos 1.7 is. You'll want to rejoin the domain after updating.



Mark Bober
Manager of Computational Services
Engineering IT - School of Engineering
Washington University in St. Louis
bober at wustl.edu
314-935-5095

-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Kathy Khagani
Sent: Thursday, October 15, 2009 11:44 AM
To: 'samba at lists.samba.org'
Subject: [Samba] can not access samba drive on Redhat ES 4

Hi,

Our samba server is running  Red Hat Enterprise Linux ES release 4
(Nahant Update 4) with samba version: samba-3.0.33-0.17.el4.  We like to
authenticate all the users with our Primary Domain Controller wnidows
2008.  Some users keep getting asked to enter username and password.
Even with the correct password, still can't access the drive.  The
strange thing is that some users are successful.
These users all have valid accounts on windows.
In this case user "jrau" is a valid user and "JRAUXP" is the PC name
from which he is accessing the samba share.

Wbinfo -u   displays his username:

STEC-INC=jrau

But not the computer name, which makes me think that might be the
problem.
Also we are not using LDAP, just winbind.

Here is some my config files and error logs:

/var/log/samba/<userlog>:

[2009/10/12 07:28:56, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client xxxx.xxx.xx.xx. Error =
Connection reset by peer
[2009/10/12 07:28:56, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2009/10/12 07:28:56, 0] lib/util_sock.c:send_smb(761)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/12 07:47:19, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client xxx.xx.xx.xx. Error
Connection reset by peer
[2009/10/12 07:47:19, 0] lib/util_sock.c:send_smb(761)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/12 08:37:16, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client xxx.xx.xx.xx. Error
Connection reset by peer
[2009/10/12 08:37:16, 0] lib/util_sock.c:send_smb(761)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/12 12:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
<-------------
[2009/10/12 12:11:02, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client xxx.x.xxx.xx. Error =
Connection reset by peer
[2009/10/13 10:26:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
  Username STEC-INC=jrau is invalid on this system
[2009/10/13 10:26:30, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client xxx.xxx.xxx.xx. Error
Connection reset by peer
[2009/10/13 10:26:30, 0] lib/util_sock.c:send_smb(761)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/13 16:16:45, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client xxx.xxx.xx.xx. Error =
Connection reset by peer
[2009/10/13 16:16:46, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client xxx.xx.xx.xx. Error
Connection reset by peer
[2009/10/13 16:16:46, 0] lib/util_sock.c:send_smb(761)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/13 16:51:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
  Username STEC-INC=JRAUXP$ is invalid on this system
<--

.
Thank you for your help.
Kathy


PROPRIETARY-CONFIDENTIAL INFORMATION INCLUDED

This electronic transmission, and any documents attached hereto, may
contain confidential, proprietary and/or legally privileged information.
The information is intended only for use by the recipient named above.
If you received this electronic message in error, please notify the
sender and delete the electronic message. Any disclosure, copying,
distribution, or use of the contents of information received in error is
strictly prohibited, and violators will be pursued legally.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

PROPRIETARY-CONFIDENTIAL INFORMATION INCLUDED



This electronic transmission, and any documents attached hereto, may
contain confidential, proprietary and/or legally privileged information.
The information is intended only for use by the recipient named above.
If you received this electronic message in error, please notify the
sender and delete the electronic message. Any disclosure, copying,
distribution, or use of the contents of information received in error is
strictly prohibited, and violators will be pursued legally.

More information about the samba mailing list