[Samba] cannot access to linux share from windows
Rowland Penny
rpenny at samba.org
Thu Dec 1 11:21:05 UTC 2016
On Thu, 1 Dec 2016 11:58:00 +0100
Fujisan via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I have upgraded a client and a freeipa server from Fedora 24 to 25
> recently. And I cannot access linux shares located on the F25 client
> from a windows desktop.
>
> I get these messages:
>
> [2016/12/01 11:42:19.218759, 1]
> ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
> ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> failed (Key table name malformed)
> [2016/12/01 11:42:19.218800, 1]
> ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> keytab
> - -1765328205
> [2016/12/01 11:42:19.218823, 1]
> ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> Failed to start GENSEC server mech gse_krb5:
> NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.261611, 1]
> ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
> ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> failed (Key table name malformed)
> [2016/12/01 11:42:19.261638, 1]
> ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> keytab
> - -1765328205
> [2016/12/01 11:42:19.261653, 1]
> ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> Failed to start GENSEC server mech gse_krb5:
> NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.263330, 2]
> ../source3/auth/auth.c:315(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [smith] -> [smith]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2016/12/01 11:42:19.263380, 2]
> ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
> SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> [2016/12/01 11:42:19.270531, 1]
> ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
> ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> failed (Key table name malformed)
> [2016/12/01 11:42:19.270562, 1]
> ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> keytab
> - -1765328205
> [2016/12/01 11:42:19.270586, 1]
> ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> Failed to start GENSEC server mech gse_krb5:
> NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.313479, 1]
> ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
> ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> failed (Key table name malformed)
> [2016/12/01 11:42:19.313506, 1]
> ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> keytab
> - -1765328205
> [2016/12/01 11:42:19.313523, 1]
> ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> Failed to start GENSEC server mech gse_krb5:
> NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.315256, 2]
> ../source3/auth/auth.c:315(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [smith] -> [smith]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2016/12/01 11:42:19.315291, 2]
> ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
> SPNEGO login failed: NT_STATUS_NO_SUCH_USER
>
> Also from the F25 server, I have the following when I run smbclient
>
> # smbclient -k -L f25desktop.mydomain
> lp_load_ex: changing to config backend registry
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> But if i run it with a F24 desktop, it works:
>
> # smbclient -k -L f24desktop.mydomain
> lp_load_ex: changing to config backend registry
> Domain=[MYDOMAIN] OS=[Windows 6.1] Server=[Samba 4.4.7]
>
> Sharename Type Comment
> --------- ---- -------
> IPC$ IPC IPC Service (Samba Server Version 4.4.7)
> data Disk /data on f24desktop
> data2 Disk /data2 on f24desktop
> data3 Disk /data3 on f24desktop
> backup Disk /backup on f24desktop
> [...]
>
>
> net conf list on the f25desktop gives:
>
> # net conf list
> [global]
> workgroup = MYDOMAIN
> realm = MYDOMAIN
> netbios name = F25SERVER
> server string = Samba Server Version %v
> kerberos method = dedicated keytab
> dedicated keytab file = FILE:/etc/samba/samba.keytab
> log file = /var/log/samba/log.%m
> rpc_server:epmapper = external
> rpc_server:lsarpc = external
> rpc_server:lsass = external
> rpc_server:lsasd = external
> rpc_server:samr = external
> rpc_server:netlogon = external
> rpc_server:tcpip = yes
> rpc_daemon:epmd = fork
> rpc_daemon:lsasd = fork
> security = user
> map untrusted to domain = Yes
> smb ports = 139 445
> log level = 2
>
> [data]
> comment = /data/beauduin on f25desktop
> path = /data/smith
> create mask = 0644
> read only = no
>
> [data2]
> comment = /data2/beauduin on f25desktop
> path = /data2/smith
> create mask = 0644
> read only = no
>
> [data3]
> comment = /data3 on f25desktop
> path = /data3/smith
> create mask = 0644
> read only = no
>
> [backup]
> comment = /backup on f25desktop
> path = /backup
> read only = no
>
>
> on the F25 server and desktop, i have the following packages
> installed:
>
> samba-4.5.1-1.fc25.x86_64
> samba-client-4.5.1-1.fc25.x86_64
> samba-client-libs-4.5.1-1.fc25.x86_64
> samba-common-4.5.1-1.fc25.noarch
> samba-common-libs-4.5.1-1.fc25.x86_64
> samba-common-tools-4.5.1-1.fc25.x86_64
> samba-libs-4.5.1-1.fc25.x86_64
> samba-python-4.5.1-1.fc25.x86_64
> samba-test-4.5.1-1.fc25.x86_64
> samba-test-libs-4.5.1-1.fc25.x86_64
> samba-winbind-4.5.1-1.fc25.x86_64
> samba-winbind-clients-4.5.1-1.fc25.x86_64
> samba-winbind-krb5-locator-4.5.1-1.fc25.x86_64
> samba-winbind-modules-4.5.1-1.fc25.x86_64
> system-config-samba-1.2.100-5.fc24.noarch
> system-config-samba-docs-1.0.9-9.fc24.noarch
>
> Any idea what is wrong?
>
> Regards,
> Fuji
The default value for 'ntlm auth' got changed from
'yes' to 'no' from Samba 4.5.0. Could this be your problem ?
Rowland
More information about the samba
mailing list