[Samba] Nonfunctional linux/CIFS mounts after update (ADS / windows DC auth)
Glomski, Patrick
patrick.glomski at corvidtec.com
Wed Apr 27 20:16:21 UTC 2016
Both answered in my initial post; see below:
On Wed, Apr 27, 2016 at 4:02 PM, Jeremy Allison <jra at samba.org> wrote:
> On Wed, Apr 27, 2016 at 03:18:18PM -0400, Glomski, Patrick wrote:
> > I have been running in loglevel 10 and looking at the logs, but as I said
> > in my initial post the credentials function fine with nautilus. Appended
> is
> > a connection log snippet where samba walks through a cascade of
> > authentication methods and finally fails.
> >
> > Earlier in the log, samba successfully determines which domain controller
> > to talk to and pulls its information. However, just before the failure
> > there is a line which I feel is the root cause of the problem.
> >
> > > domain_client_validate: Domain password server not available.
> > >
> > Taken at face value (not the best idea as it seems to be walking through
> a
> > set of authentication methods), it indicates that somehow the information
> > about the domain controller doing the authentication has been lost.
> >
> > The password is good: It works on Windows and it works with nautilus.
> Samba
> > says the password is bad when using cifs or smbclient. What gives?
> >
> > For the situational awareness of others affected by this issue, I hoped
> it
> > was sssd or the associated name service switch libraries, so I built and
> > installed rpms for an older version of sssd. No dice.
>
> What is your smb.conf.
[global]
workgroup = WORKGROUP
server string = Linux Server
netbios name = SRVNAME
log level = 1
security = ads
dedicated keytab file = /etc/krb5.keytab
kerberos method = system keytab
realm = WORKGROUP.COM
passdb backend = tdbsam
socket options = TCP_NODELAY IPTOS_LOWDELAY
client NTLMv2 auth = yes
oplocks = False
level2oplocks = False
posix locking = no
log file = /var/log/samba/log.%m
max log size = 5000
include = /etc/samba/rhs-samba.conf
[test]
path = /home/test
inherit permissions = yes
inherit acls = yes
public = yes
only guest = no
writable = yes
printable = no
browseable = yes
strict locking = no
> Is winbindd running ? If so you might
> want to look in the winbindd logs, as this is an NTLM auth
> which should be passed to winbindd in the domain case.
>
We don't and have never run winbind on the system, so winbind is off.
More information about the samba
mailing list