[Samba] smbclient broken after update

Günter Kukkukk linux at kukkukk.com
Tue Feb 18 09:02:24 MST 2014 

Am 14.02.2014 12:37, schrieb Peter Serbe:
> Since a bit more than a year I run a Samba4 AD server on a Debian 
> testing box. During that period I did update and dist-update the 
> box about twice a week, and also did update and recompile Sambe, 
> i.e. Samba and Debian Jessie are on their latest stage. I use Bind 
> 9.9.3 as name server, which works absolutely smooth. 
> 
> But two days ago something got broken, and I am totally clueless, 
> what went wrong. Samba starts up without any uncommon entries in 
> log.samba. 1) kinit and klist look absolutely normal. 2) However 
> trying to access a Samba share fails with some complaints I don't
> understand enough to find the root cause of all this troubles. 3)
> 
> I clearly see, that this syndrome is way to unclear, to be pinpointed 
> remotely. But I hope for advice on how to systematically debug the 
> problem. 
> 
> I have installed nslcd and pam/winbind and k5start. I did rerun 
> the tests I did during the last reinstall in March last year, and 
> all these test for the auxiliary blocks seem to work. I have the 
> impression that something is wrong with GSSAPI calls, and I also 
> saw SPNEGO calls failing. But I don't have a clue on how to 
> debug that. Maybe someone can point me into the right direction 
> here. And a point to corresponding information would also be 
> grately appreciated. I found some references on the errors like 
> NT_STATUS_OBJECT_NAME_NOT_FOUND, but I was missing the context. 
> Maybe someone can point me in a more detailed step-by-step 
> approach. 
> 
> Thank You in Advance!
> 
> Best regards
> Peter
> 
> 
> ----------------------- attachments --------------------------
> 
> 1) log.samba: 
> [2014/02/14 11:59:16.526562,  0] ../source4/dsdb/kcc/kcc_periodic.c:664(kccsrv_samba_kcc)
>   Calling samba_kcc script
> [2014/02/14 12:03:59.088334,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
> [2014/02/14 12:03:59.088425,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/sbin/samba_dnsupdate", line 469, in <module>
> [2014/02/14 12:03:59.088465,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate:     d = parse_dns_line(line, sub_vars)
> [2014/02/14 12:03:59.088486,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/sbin/samba_dnsupdate", line 174, in parse_dns_line
> [2014/02/14 12:03:59.088527,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate:     return dnsobj(subline)
> [2014/02/14 12:03:59.088553,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/sbin/samba_dnsupdate", line 152, in __init__
> [2014/02/14 12:03:59.088579,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate:     raise Exception("Received unexpected DNS reply of type %s" % self.type)
> [2014/02/14 12:03:59.088601,  0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
>   /usr/local/samba/sbin/samba_dnsupdate: Exception: Received unexpected DNS reply of type TXT
> [2014/02/14 12:04:16.590173,  0] ../source4/dsdb/kcc/kcc_periodic.c:664(kccsrv_samba_kcc)
> 
> 
> ----------------------- attachments --------------------------
> 
> 2) kinit, klist
> root at ulysses:/etc# kinit administrator
> Password for administrator at SERBE.LOCAL:
> root at ulysses:/etc# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at SERBE.LOCAL
> 
> Valid starting       Expires              Service principal
> 14.02.2014 12:07:15  14.02.2014 22:07:15  krbtgt/SERBE.LOCAL at SERBE.LOCAL
>         renew until 15.02.2014 12:07:12
> 
>   Calling samba_kcc script
> 
> 
> ----------------------- attachments --------------------------
> 
> 3) smbclient //localhost/netlogon -U% -d3
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> added interface eth0 ip=192.168.41.10 bcast=192.168.41.255 netmask=255.255.255.0
> Client started (version 4.2.0pre1-GIT-0535f73).
> Connecting to ::1 at port 445
> session setup failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
> 
> 
> ----------------------- attachments --------------------------
> 
> smb.conf-excerpt:
> [global]
>         workgroup = SERBE
>         realm = SERBE.LOCAL
>         netbios name = ULYSSES
>         server string = Ulysses
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
>         wins support = yes
>         security = user
>         public = no
>         username map = /usr/local/samba/etc/users.map
>         local master = yes
>         preferred master = yes
>         os level = 65
>         template shell = /bin/bash
>         passdb backend = samba4
>         socket options = TCP_NODELAY IPTOS_LOWDELAY
> 
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/serbe.local/scripts
>         read only = No
> 
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
> 
> [video]
>        path = /srv/raid/video
>        comment = video on raid
>        read only = no
>        inherit acls = yes
> 
> 
> ----------------------- attachments --------------------------
> 
> krb5.conf (note: it doesn't log, don't know why...):
> [libdefaults]
>     debug = true
>         default_realm = SERBE.LOCAL
>         kdc_timesync = 1
>         forwardable = true
>         proxiable = true
>         forward = true
>         renewable = true
>         encrypt = true
>         krb4_get_tickets = false
>         krb4_convert = false
>         krb5_get_tickets = true
> 
> [realms]
>         SERBE.LOCAL = {
>                 kdc = ULYSSES.SERBE.LOCAL:88
>                 admin_server = ULYSSES.SERBE.LOCAL:749
>                 default_domain = SERBE.LOCAL
>         }
> 
> [domain_realm]
>         .serbe.local = SERBE.LOCAL
>         serbe.local = SERBE.LOCAL
> 
> [logging]
>         kdc = FILE:/var/log/kdc.log
>         admin_server = FILE:/var/log/kadmin.log
>         default = FILE:/var/log/kadmin.log
> 
> [kdc]
> check-ticket-addresses = false
> 
> 
> ----------------------- attachments --------------------------
> 
> nsswitch.conf:
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd:         files winbind ldap
> group:          files winbind ldap
> shadow:         files ldap
> 
> hosts:          dns files ldap
> networks:       files ldap
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> 
> ----------------------- attachments --------------------------
> 
> transscript from the provisioning process
> root at ulysses:/usr/src/samba4# /usr/local/samba/bin/samba-tool domain provision
> Realm [HOME.LOCAL]: SERBE.LOCAL
>  Domain [SERBE]:
>  Server Role (dc, member, standalone) [dc]:
>  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ
> Administrator password:
> Retype password:
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=serbe,DC=local
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=serbe,DC=local
> Creating DomainDnsZones and ForestDnsZones partitions
> Populating DomainDnsZones and ForestDnsZones partitions
> Unable to find group id for BIND,
>                 set permissions to sam.ldb* files manually
> See /usr/local/samba/private/named.conf for an example configuration include file for BIND
> and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
> Once the above files are installed, your Samba4 server will be ready to use
> Server Role:           active directory domain controller
> Hostname:              ulysses
> NetBIOS Domain:        SERBE
> DNS Domain:            serbe.local
> DOMAIN SID:            S-1-5-21-**********-**********-**********
> 
> 

Hi Peter,

some commits have been reverted and smbclient's NT_STATUS_OBJECT_NAME_NOT_FOUND
should be gone now when you build with latest git master.

Cheers, Günter

--

More information about the samba mailing list