[Samba] Problems accessing a file share using kerberos

Pedro Côrte-Real pedro at pedrocr.net
Sat Feb 27 01:55:01 MST 2010 

On Tue, Feb 23, 2010 at 12:10 PM, Pedro Côrte-Real <pedro at pedrocr.net> wrote:
> I think this is small enough to send inline. Here's the log at debug level 10.

I've upgraded to samba 3.4.5 and now the error message has changed:

$ smbclient -U WIN/pedrocr //gsb-filer2/pedrocr -k
ads_krb5_mk_req: krb5_get_credentials failed for
gsb-filer2$@SU-GSB.WIN.STANFORD.EDU (Server not found in Kerberos
database)
cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not
found in Kerberos database
session setup failed: SUCCESS - 0

before it was gathering a bunch of credentials before failing. Now it
can't find the credential for the SU-GSB.WIN realm. I upgraded the
whole distro so it could just be kerberos that is broken.

Here's the -d10 log:

$ smbclient -U WIN/pedrocr //gsb-filer2/pedrocr -k -d10
INFO: Current debug levels:
  all: True/10
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
  locking: False/0
  msdfs: False/0
  dmapi: False/0
  registry: False/0
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = stanford.edu
doing parameter server string = %h server (Samba, Ubuntu)
doing parameter wins server = 171.64.7.155
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter encrypt passwords = true
doing parameter passdb backend = tdbsam
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
doing parameter map to guest = bad user
doing parameter usershare allow guests = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_STANDALONE
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
added interface wlan0 ip=fe80::221:5cff:fe31:f917%wlan0
bcast=fe80::ffff:ffff:ffff:ffff%wlan0 netmask=ffff:ffff:ffff:ffff::
added interface wlan0 ip=10.33.16.60 bcast=10.33.23.255 netmask=255.255.248.0
Netbios name list:-
my_netbios_names[0]="NASH"
Client started (version 3.4.5).
Opening cache file at /var/run/samba/gencache.tdb
tdb(unnamed): tdb_open_ex: could not open file
/var/run/samba/gencache.tdb: Permission denied
gencache_init: Opening cache file /var/run/samba/gencache.tdb read-only.
Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
sitename_fetch: No stored sitename for
internal_resolve_name: looking up gsb-filer2#20 (sitename (null))
Cache entry with key = NBT/GSB-FILER2#20 couldn't be found
no entry for gsb-filer2#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name gsb-filer2<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
resolve_wins: Attempting wins lookup for name gsb-filer2<0x20>
Cache entry with key = WINS_SRV_DEAD/171.64.7.155,0.0.0.0 couldn't be found
wins_srv_is_dead: 171.64.7.155 is alive
Current wins server for tag '*' with source 0.0.0.0 is 171.64.7.155
Cache entry with key = WINS_SRV_DEAD/171.64.7.155,0.0.0.0 couldn't be found
wins_srv_is_dead: 171.64.7.155 is alive
resolve_wins: using WINS server 171.64.7.155 and tag '*'
bind succeeded on port 0
Sending a packet of len 50 to (171.64.7.155) on port 137
read_udp_v4_socket: ip 171.64.7.155 port 35072 read: 62
parse_nmb: packet id = 14541
Received a packet of len 62 from (171.64.7.155) port 137
nmb packet from 171.64.7.155(137) header: id=14541 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=GSB-FILER2<20> rr_type=32 rr_class=1 ttl=0
    answers   0 char `.. at .|   hex 6000AB40D87C
Got a positive name query response from 171.64.7.155 ( 171.64.216.124 )
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for gsb-filer2#20: 171.64.216.124
Adding cache entry with key = NBT/GSB-FILER2#20; value =
171.64.216.124:0 and timeout = Sat Feb 27 01:04:38 2010
 (660 seconds ahead)
internal_resolve_name: returning 1 addresses: 171.64.216.124:0
s3_event: Added timed event "tevent_req_timedout": 0x7f7d8d74f380
s3_event: Added timed event "tevent_req_timedout": 0x7f7d8d750430
Running timed event "tevent_req_timedout" 0x7f7d8d74f380
s3_event: Destroying timer event 0x7f7d8d74f380 "tevent_req_timedout"
s3_event: Added timed event "tevent_req_timedout": 0x7f7d8d74f380
Connecting to 171.64.216.124 at port 445
s3_event: Added timed event "tevent_req_timedout": 0x7f7d8d750cd0
s3_event: Destroying timer event 0x7f7d8d750cd0 "tevent_req_timedout"
s3_event: Destroying timer event 0x7f7d8d74f380 "tevent_req_timedout"
Socket options:
	SO_KEEPALIVE = 0
	SO_REUSEADDR = 0
	SO_BROADCAST = 0
	TCP_NODELAY = 1
	TCP_KEEPCNT = 9
	TCP_KEEPIDLE = 7200
	TCP_KEEPINTVL = 75
	IPTOS_LOWDELAY = 0
	IPTOS_THROUGHPUT = 0
	SO_SNDBUF = 16384
	SO_RCVBUF = 87380
	SO_SNDLOWAT = 1
	SO_RCVLOWAT = 1
	SO_SNDTIMEO = 0
	SO_RCVTIMEO = 0
 session request ok
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
cli_chain_cork: mid=1
handle_incoming_pdu: got mid 1
Doing spnego session setup (blob length=111)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=gsb-filer2$@SU-GSB.WIN.STANFORD.EDU
Doing kerberos session setup
ads_krb5_mk_req: krb5_get_credentials failed for
gsb-filer2$@SU-GSB.WIN.STANFORD.EDU (Server not found in Kerberos
database)
cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not
found in Kerberos database
SPNEGO login failed: Server not found in Kerberos database
lang_tdb_init: /usr/share/samba/en_US.utf8.msg: No such file or directory
session setup failed: SUCCESS - 0

More information about the samba mailing list