[Samba] smbclient broken after update
Rowland Penny
rowlandpenny at googlemail.com
Fri Feb 14 13:44:28 MST 2014
On 14/02/14 20:18, Peter Serbe wrote:
> I implemented all Your suggestions - but the issue persists.
> It even gets worse, as I have troubles now to log on as
> root, i.e. su -l reports error during authentication.
> I'll try to troubleshoot this first. It looks all so weired.
> Btw, in the meantime I disabled IPv6, so it uses IPv4 now,
> but this didn't affect the problem.
>
>
>
> SERBE\Administrator at ulysses:/etc# smbclient -L ulysses -U
> Administrator%'*********' -d3
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> added interface eth0 ip=192.168.41.10 bcast=192.168.41.255 netmask=255.255.255.0
> Client started (version 4.2.0pre1-GIT-e0bf930).
> Connecting to 192.168.41.10 at port 445
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> SPNEGO login failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> session setup failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
>
>
>
>
> btw, here is the tail of the debug output from above starting from the SPNEGO
> call...
> I don't know, whether it could help in nailing down the issue, anyway.
>
>
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> negotiate: struct NEGOTIATE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmNegotiate (1)
> NegotiateFlags : 0x60088215 (1611170325)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 0: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> 0: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> DomainNameLen : 0x0005 (5)
> DomainNameMaxLen : 0x0005 (5)
> DomainName : *
> DomainName : 'SERBE'
> WorkstationLen : 0x0007 (7)
> WorkstationMaxLen : 0x0007 (7)
> Workstation : *
> Workstation : 'ULYSSES'
> smb_signing_sign_pdu: sent SMB signature of
> [0000] 42 53 52 53 50 59 4C 20 BSRSPYL
> challenge: struct CHALLENGE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmChallenge (0x2)
> TargetNameLen : 0x000a (10)
> TargetNameMaxLen : 0x000a (10)
> TargetName : *
> TargetName : 'SERBE'
> NegotiateFlags : 0x60898215 (1619624469)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 1: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 1: NTLMSSP_NEGOTIATE_TARGET_INFO
> 0: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> ServerChallenge : 1c16558d625ac671
> Reserved : 0000000000000000
> TargetInfoLen : 0x0068 (104)
> TargetNameInfoMaxLen : 0x0068 (104)
> TargetInfo : *
> TargetInfo: struct AV_PAIR_LIST
> count : 0x00000005 (5)
> pair: ARRAY(5)
> pair: struct AV_PAIR
> AvId : MsvAvNbDomainName (0x2)
> AvLen : 0x000a (10)
> Value : union ntlmssp_AvValue(case
> 0x2)
> AvNbDomainName : 'SERBE'
> pair: struct AV_PAIR
> AvId : MsvAvNbComputerName (0x1)
> AvLen : 0x000e (14)
> Value : union ntlmssp_AvValue(case
> 0x1)
> AvNbComputerName : 'ULYSSES'
> pair: struct AV_PAIR
> AvId : MsvAvDnsDomainName (0x4)
> AvLen : 0x0016 (22)
> Value : union ntlmssp_AvValue(case
> 0x4)
> AvDnsDomainName : 'serbe.local'
> pair: struct AV_PAIR
> AvId : MsvAvDnsComputerName (0x3)
> AvLen : 0x0026 (38)
> Value : union ntlmssp_AvValue(case
> 0x3)
> AvDnsComputerName : 'ulysses.serbe.local'
> pair: struct AV_PAIR
> AvId : MsvAvEOL (0x0)
> AvLen : 0x0000 (0)
> Value : union ntlmssp_AvValue(case
> 0x0)
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> authenticate: struct AUTHENTICATE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmAuthenticate (3)
> LmChallengeResponseLen : 0x0018 (24)
> LmChallengeResponseMaxLen: 0x0018 (24)
> LmChallengeResponse : *
> LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
> v1: struct LM_RESPONSE
> Response :
> 7123da4f6300ec6d010398bd6ed17ec04c8c737bee699c84
> NtChallengeResponseLen : 0x0094 (148)
> NtChallengeResponseMaxLen: 0x0094 (148)
> NtChallengeResponse : *
> NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 148)
> v2: struct NTLMv2_RESPONSE
> Response : 32b1f21e22d275d9452f231451660a35
> Challenge: struct NTLMv2_CLIENT_CHALLENGE
> RespType : 0x01 (1)
> HiRespType : 0x01 (1)
> Reserved1 : 0x0000 (0)
> Reserved2 : 0x00000000 (0)
> TimeStamp : Fr Feb 14 19:14:06 2014 CET
> ChallengeFromClient : a25f71bac5d31dd9
> Reserved3 : 0x00000000 (0)
> AvPairs: struct AV_PAIR_LIST
> count : 0x00000005 (5)
> pair: ARRAY(5)
> pair: struct AV_PAIR
> AvId : MsvAvNbDomainName
> (0x2)
> AvLen : 0x000a (10)
> Value : union
> ntlmssp_AvValue(case 0x2)
> AvNbDomainName : 'SERBE'
> pair: struct AV_PAIR
> AvId : MsvAvNbComputerName
> (0x1)
> AvLen : 0x000e (14)
> Value : union
> ntlmssp_AvValue(case 0x1)
> AvNbComputerName : 'ULYSSES'
> pair: struct AV_PAIR
> AvId : MsvAvDnsDomainName
> (0x4)
> AvLen : 0x0016 (22)
> Value : union
> ntlmssp_AvValue(case 0x4)
> AvDnsDomainName : 'serbe.local'
> pair: struct AV_PAIR
> AvId : MsvAvDnsComputerName
> (0x3)
> AvLen : 0x0026 (38)
> Value : union
> ntlmssp_AvValue(case 0x3)
> AvDnsComputerName : 'ulysses.serbe.local'
> pair: struct AV_PAIR
> AvId : MsvAvEOL (0x0)
> AvLen : 0x0000 (0)
> Value : union
> ntlmssp_AvValue(case 0x0)
> DomainNameLen : 0x000a (10)
> DomainNameMaxLen : 0x000a (10)
> DomainName : *
> DomainName : 'SERBE'
> UserNameLen : 0x001a (26)
> UserNameMaxLen : 0x001a (26)
> UserName : *
> UserName : 'Administrator'
> WorkstationLen : 0x000e (14)
> WorkstationMaxLen : 0x000e (14)
> Workstation : *
> Workstation : 'ULYSSES'
> EncryptedRandomSessionKeyLen: 0x0010 (16)
> EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
> EncryptedRandomSessionKey: *
> EncryptedRandomSessionKey: DATA_BLOB length=16
> [0000] 25 01 15 C6 9D 8C F2 C8 E4 F6 72 62 5A FA 16 58 %....... ..rbZ..X
> NegotiateFlags : 0x60088215 (1611170325)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 0: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> 0: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> smb_signing_sign_pdu: sent SMB signature of
> [0000] 42 53 52 53 50 59 4C 20 BSRSPYL
> SPNEGO login failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> session setup failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
>
>
>
>
>
>
>
OK, have you set up /etc/krb5.conf ?
it should look like this:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOM.DE
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
DOM.DE = {
kdc = dc.dom.de
admin_server = dc.dom.de
}
[domain_realm]
.dom.de = DOM.DE
dom.de = DOM.DE
Did you join the domain ?
net ads join -U administrator
After this I am lost.
Rowland
More information about the samba
mailing list