[Samba] After Update Member Server not working

Tim lists at kiuni.de
Thu Apr 9 08:19:10 MDT 2015 

Hey Louis,

it was the time. For some reason ntp did not work correctly anymore. Thank you very much. It was 1 hour behind.

Regards
Tim




Am 09.04.2015 um 14:26 schrieb L.P.H. van Belle:
> Did you reboot your server?
>
> I would start with check the time on the member and DC server.
> make sure its withing 5 min.
>
> check the resolv.conf file.
>
> check your keytab file rights
>
> try to init.
> kinit administrator
> klist -e
>
> klist -k /etc/krb5.keytab -e
>
> and you can try to change:
> interfaces = lo enp0s25
> to
> interfaces = lo ipnumber
>
> I stoppped using the interface name because of bug in detecting the names. ( ubuntu mostly )
>
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] Namens Tim
>> Verzonden: donderdag 9 april 2015 14:10
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] After Update Member Server not working
>>
>> Hello all,
>>
>> I got some updates for my centos 7 (core), but nothing for the
>> sernet-samba-packages.
>>
>> But now, my (test) member server isn't accessable anymore. Its
>> smb.conf:
>>
>> [global]
>>
>>     netbios name = SERVERNAME
>>     workgroup = DOMAIN
>>     security = ADS
>>     realm = DOMAIN.EXAMPLE.COM
>>     dedicated keytab file = /etc/krb5.keytab
>>     kerberos method = secrets and keytab
>>     log level = 10 winbind:2
>>
>>      bind interfaces only = yes
>>     interfaces = lo enp0s25
>>
>>     username map = /etc/samba/user.map
>>
>>     idmap config *:backend = tdb
>>     idmap config *:range = 2000-8999
>>     idmap config DOMAIN:backend = ad
>>     idmap config DOMAIN:schema_mode = rfc2307
>>     idmap config DOMAIN:range = 10000-99999
>>
>>     winbind nss info = rfc2307
>>     winbind trusted domains only = no
>>     winbind use default domain = yes
>>     winbind enum users  = yes
>>     winbind enum groups = yes
>>     winbind refresh tickets = Yes
>>     winbind expand groups = 4
>>     winbind normalize names = Yes
>>     domain master = no
>>     local master = no
>>
>>     vfs objects = acl_xattr
>>     map acl inherit = Yes
>>     store dos attributes = Yes
>>
>> [share]
>>     path = /srv/share
>>     read only = no
>>
>> The behaviour is the following: If I hit \\<IP adress>, I
>> can/must authenticate with administrator, normal domain users
>> do not work anymore. When I hit \\<Servername>, nothing is
>> working. There is only a message, I am not authorized to use
>> the resource.
>>
>>
>> Here your are a log of smbd:
>> grep LOGON /var/log/samba/log.smbd
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>
>> My krb5.conf
>> [libdefaults]
>>   dns_lookup_realm = true
>>   ticket_lifetime = 24h
>>   renew_lifetime = 7d
>>   forwardable = true
>>   rdns = false
>>   default_realm = Q007DPK2.Q007.INTERN
>>   dns_lookup_kdc = true
>>
>> I would appreciate your help. Thanks in advance.
>>
>> Regards
>> Tim
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list