[Samba] Nonfunctional linux/CIFS mounts after update (ADS / windows DC auth)

Glomski, Patrick patrick.glomski at corvidtec.com
Wed Apr 27 20:16:21 UTC 2016


Both answered in my initial post; see below:

On Wed, Apr 27, 2016 at 4:02 PM, Jeremy Allison <jra at samba.org> wrote:

> On Wed, Apr 27, 2016 at 03:18:18PM -0400, Glomski, Patrick wrote:
> > I have been running in loglevel 10 and looking at the logs, but as I said
> > in my initial post the credentials function fine with nautilus. Appended
> is
> > a connection log snippet where samba walks through a cascade of
> > authentication methods and finally fails.
> >
> > Earlier in the log, samba successfully determines which domain controller
> > to talk to and pulls its information. However, just before the failure
> > there is a line which I feel is the root cause of the problem.
> >
> > >   domain_client_validate: Domain password server not available.
> > >
> > Taken at face value (not the best idea as it seems to be walking through
> a
> > set of authentication methods), it indicates that somehow the information
> > about the domain controller doing the authentication has been lost.
> >
> > The password is good: It works on Windows and it works with nautilus.
> Samba
> > says the password is bad when using cifs or smbclient. What gives?
> >
> > For the situational awareness of others affected by this issue, I hoped
> it
> > was sssd or the associated name service switch libraries, so I built and
> > installed rpms for an older version of sssd. No dice.
>
> What is your smb.conf.



[global]
workgroup = WORKGROUP
server string = Linux Server
netbios name = SRVNAME
log level = 1
security = ads
dedicated keytab file = /etc/krb5.keytab
kerberos method = system keytab
realm = WORKGROUP.COM
passdb backend = tdbsam
socket options = TCP_NODELAY IPTOS_LOWDELAY
client NTLMv2 auth = yes

oplocks = False
level2oplocks = False
posix locking = no

log file = /var/log/samba/log.%m
max log size = 5000
include = /etc/samba/rhs-samba.conf

[test]
 path = /home/test
 inherit permissions = yes
 inherit acls = yes
 public = yes
 only guest = no
 writable = yes
 printable = no
 browseable = yes
 strict locking = no


> Is winbindd running ? If so you might
> want to look in the winbindd logs, as this is an NTLM auth
> which should be passed to winbindd in the domain case.
>

We don't and have never run winbind on the system, so winbind is off.


More information about the samba mailing list