[Samba] After Update Member Server not working

L.P.H. van Belle belle at bazuin.nl
Thu Apr 9 06:26:55 MDT 2015 

Did you reboot your server? 

I would start with check the time on the member and DC server.
make sure its withing 5 min. 

check the resolv.conf file.

check your keytab file rights

try to init. 
kinit administrator 
klist -e 

klist -k /etc/krb5.keytab -e 

and you can try to change: 
interfaces = lo enp0s25
to 
interfaces = lo ipnumber 

I stoppped using the interface name because of bug in detecting the names. ( ubuntu mostly ) 


Louis



>-----Oorspronkelijk bericht-----
>Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] Namens Tim
>Verzonden: donderdag 9 april 2015 14:10
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] After Update Member Server not working
>
>Hello all,
>
>I got some updates for my centos 7 (core), but nothing for the 
>sernet-samba-packages.
>
>But now, my (test) member server isn't accessable anymore. Its 
>smb.conf:
>
>[global]
>
>    netbios name = SERVERNAME
>    workgroup = DOMAIN
>    security = ADS
>    realm = DOMAIN.EXAMPLE.COM
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>    log level = 10 winbind:2
>
>     bind interfaces only = yes
>    interfaces = lo enp0s25
>
>    username map = /etc/samba/user.map
>
>    idmap config *:backend = tdb
>    idmap config *:range = 2000-8999
>    idmap config DOMAIN:backend = ad
>    idmap config DOMAIN:schema_mode = rfc2307
>    idmap config DOMAIN:range = 10000-99999
>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users  = yes
>    winbind enum groups = yes
>    winbind refresh tickets = Yes
>    winbind expand groups = 4
>    winbind normalize names = Yes
>    domain master = no
>    local master = no
>
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>
>[share]
>    path = /srv/share
>    read only = no
>
>The behaviour is the following: If I hit \\<IP adress>, I 
>can/must authenticate with administrator, normal domain users 
>do not work anymore. When I hit \\<Servername>, nothing is 
>working. There is only a message, I am not authorized to use 
>the resource.
>
>
>Here your are a log of smbd:
>grep LOGON /var/log/samba/log.smbd
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>
>My krb5.conf
>[libdefaults]
>  dns_lookup_realm = true
>  ticket_lifetime = 24h
>  renew_lifetime = 7d
>  forwardable = true
>  rdns = false
>  default_realm = Q007DPK2.Q007.INTERN
>  dns_lookup_kdc = true
>
>I would appreciate your help. Thanks in advance.
>
>Regards
>Tim
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list