[Samba] smbclient broken after update

L.P.H. van Belle belle at bazuin.nl
Fri Feb 14 05:59:39 MST 2014

Maybe this is because testing is testing and as scary as it can be concerning upgrading. 

its better to use backports or recompile to wheezy. 
the changes between wheezy and jessie are big for what im seeing atm. 

can give problems. .local is reserved TLD 

all below looks good but a few small things.. 

passwd:         files winbind ldap 
whats ldap doing there? should work but for testing this, maybe you can remove it temporarly. 

If you have resolvconf installed, remove it and manualy set your /etc/resolv.conf
you should check resolv.conf. 

i myself use wheezy with samba 4.1.x from backports, sernet and recompiled versions.
All work fine with bind9 from wheezy, and a bind9 from jessie if you really need it, 
recompile is quickly done. 

Best regards, 


>-----Oorspronkelijk bericht-----
>Van: peter at serbe.ch [mailto:samba-bounces at lists.samba.org] 
>Namens Peter Serbe
>Verzonden: vrijdag 14 februari 2014 12:38
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] smbclient broken after update
>Since a bit more than a year I run a Samba4 AD server on a Debian 
>testing box. During that period I did update and dist-update the 
>box about twice a week, and also did update and recompile Sambe, 
>i.e. Samba and Debian Jessie are on their latest stage. I use Bind 
>9.9.3 as name server, which works absolutely smooth. 
>But two days ago something got broken, and I am totally clueless, 
>what went wrong. Samba starts up without any uncommon entries in 
>log.samba. 1) kinit and klist look absolutely normal. 2) However 
>trying to access a Samba share fails with some complaints I don't
>understand enough to find the root cause of all this troubles. 3)
>I clearly see, that this syndrome is way to unclear, to be pinpointed 
>remotely. But I hope for advice on how to systematically debug the 
>I have installed nslcd and pam/winbind and k5start. I did rerun 
>the tests I did during the last reinstall in March last year, and 
>all these test for the auxiliary blocks seem to work. I have the 
>impression that something is wrong with GSSAPI calls, and I also 
>saw SPNEGO calls failing. But I don't have a clue on how to 
>debug that. Maybe someone can point me into the right direction 
>here. And a point to corresponding information would also be 
>grately appreciated. I found some references on the errors like 
>NT_STATUS_OBJECT_NAME_NOT_FOUND, but I was missing the context. 
>Maybe someone can point me in a more detailed step-by-step 
>Thank You in Advance!
>Best regards
>----------------------- attachments --------------------------
>1) log.samba: 
>[2014/02/14 11:59:16.526562,  0] 
>  Calling samba_kcc script
>[2014/02/14 12:03:59.088334,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate: Traceback (most 
>recent call last):
>[2014/02/14 12:03:59.088425,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate:   File 
>"/usr/local/samba/sbin/samba_dnsupdate", line 469, in <module>
>[2014/02/14 12:03:59.088465,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate:     d = 
>parse_dns_line(line, sub_vars)
>[2014/02/14 12:03:59.088486,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate:   File 
>"/usr/local/samba/sbin/samba_dnsupdate", line 174, in parse_dns_line
>[2014/02/14 12:03:59.088527,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate:     return dnsobj(subline)
>[2014/02/14 12:03:59.088553,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate:   File 
>"/usr/local/samba/sbin/samba_dnsupdate", line 152, in __init__
>[2014/02/14 12:03:59.088579,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate:     raise 
>Exception("Received unexpected DNS reply of type %s" % self.type)
>[2014/02/14 12:03:59.088601,  0] 
>  /usr/local/samba/sbin/samba_dnsupdate: Exception: Received 
>unexpected DNS reply of type TXT
>[2014/02/14 12:04:16.590173,  0] 
>----------------------- attachments --------------------------
>2) kinit, klist
>root at ulysses:/etc# kinit administrator
>Password for administrator at SERBE.LOCAL:
>root at ulysses:/etc# klist
>Ticket cache: FILE:/tmp/krb5cc_0
>Default principal: administrator at SERBE.LOCAL
>Valid starting       Expires              Service principal
>14.02.2014 12:07:15  14.02.2014 22:07:15  
>        renew until 15.02.2014 12:07:12
>  Calling samba_kcc script
>----------------------- attachments --------------------------
>3) smbclient //localhost/netlogon -U% -d3
>lp_load_ex: refreshing parameters
>Initialising global parameters
>rlimit_max: increasing rlimit_max (1024) to minimum Windows 
>limit (16384)
>params.c:pm_process() - Processing configuration file 
>Processing section "[global]"
>added interface eth0 ip= bcast= 
>Client started (version 4.2.0pre1-GIT-0535f73).
>Connecting to ::1 at port 445
>session setup failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
>----------------------- attachments --------------------------
>        workgroup = SERBE
>        realm = SERBE.LOCAL
>        netbios name = ULYSSES
>        server string = Ulysses
>        server role = active directory domain controller
>        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, 
>kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
>        wins support = yes
>        security = user
>        public = no
>        username map = /usr/local/samba/etc/users.map
>        local master = yes
>        preferred master = yes
>        os level = 65
>        template shell = /bin/bash
>        passdb backend = samba4
>        socket options = TCP_NODELAY IPTOS_LOWDELAY
>        path = /usr/local/samba/var/locks/sysvol/serbe.local/scripts
>        read only = No
>        path = /usr/local/samba/var/locks/sysvol
>        read only = No
>       path = /srv/raid/video
>       comment = video on raid
>       read only = no
>       inherit acls = yes
>----------------------- attachments --------------------------
>krb5.conf (note: it doesn't log, don't know why...):
>    debug = true
>        default_realm = SERBE.LOCAL
>        kdc_timesync = 1
>        forwardable = true
>        proxiable = true
>        forward = true
>        renewable = true
>        encrypt = true
>        krb4_get_tickets = false
>        krb4_convert = false
>        krb5_get_tickets = true
>        SERBE.LOCAL = {
>                kdc = ULYSSES.SERBE.LOCAL:88
>                admin_server = ULYSSES.SERBE.LOCAL:749
>                default_domain = SERBE.LOCAL
>        }
>        .serbe.local = SERBE.LOCAL
>        serbe.local = SERBE.LOCAL
>        kdc = FILE:/var/log/kdc.log
>        admin_server = FILE:/var/log/kadmin.log
>        default = FILE:/var/log/kadmin.log
>check-ticket-addresses = false
>----------------------- attachments --------------------------
># /etc/nsswitch.conf
># Example configuration of GNU Name Service Switch functionality.
># If you have the `glibc-doc-reference' and `info' packages 
>installed, try:
># `info libc "Name Service Switch"' for information about this file.
>passwd:         files winbind ldap
>group:          files winbind ldap
>shadow:         files ldap
>hosts:          dns files ldap
>networks:       files ldap
>protocols:      db files
>services:       db files
>ethers:         db files
>rpc:            db files
>netgroup:       nis
>----------------------- attachments --------------------------
>transscript from the provisioning process
>root at ulysses:/usr/src/samba4# /usr/local/samba/bin/samba-tool 
>domain provision
> Domain [SERBE]:
> Server Role (dc, member, standalone) [dc]:
>Administrator password:
>Retype password:
>Looking up IPv4 addresses
>Looking up IPv6 addresses
>No IPv6 address will be assigned
>Setting up share.ldb
>Setting up secrets.ldb
>Setting up the registry
>Setting up the privileges database
>Setting up idmap db
>Setting up SAM db
>Setting up sam.ldb partitions and settings
>Setting up sam.ldb rootDSE
>Pre-loading the Samba 4 and AD schema
>Adding DomainDN: DC=serbe,DC=local
>Adding configuration container
>Setting up sam.ldb schema
>Setting up sam.ldb configuration data
>Setting up display specifiers
>Modifying display specifiers
>Adding users container
>Modifying users container
>Adding computers container
>Modifying computers container
>Setting up sam.ldb data
>Setting up well known security principals
>Setting up sam.ldb users and groups
>Setting up self join
>Adding DNS accounts
>Creating CN=MicrosoftDNS,CN=System,DC=serbe,DC=local
>Creating DomainDnsZones and ForestDnsZones partitions
>Populating DomainDnsZones and ForestDnsZones partitions
>Unable to find group id for BIND,
>                set permissions to sam.ldb* files manually
>See /usr/local/samba/private/named.conf for an example 
>configuration include file for BIND
>and /usr/local/samba/private/named.txt for further 
>documentation required for secure DNS updates
>Setting up sam.ldb rootDSE marking as synchronized
>Fixing provision GUIDs
>A Kerberos configuration suitable for Samba 4 has been 
>generated at /usr/local/samba/private/krb5.conf
>Once the above files are installed, your Samba4 server will be 
>ready to use
>Server Role:           active directory domain controller
>Hostname:              ulysses
>NetBIOS Domain:        SERBE
>DNS Domain:            serbe.local
>DOMAIN SID:            S-1-5-21-**********-**********-**********
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list