[Samba] cannot access to linux share from windows
Fujisan
fujisan43 at gmail.com
Thu Dec 1 12:37:28 UTC 2016
By the way, I can access to the linux shares that are on the freeipa F25
server from the windows desktop and I do not have the 'ntlm auth' set to
yes.
On Thu, Dec 1, 2016 at 1:10 PM, Fujisan <fujisan43 at gmail.com> wrote:
> Now I have this config on the f25 desktop and restarted the smb service
> but I still have the same problem.
>
> # net conf list
> [global]
> workgroup = MYDOMAIN
> realm = MYDOMAIN
> netbios name = F25SERVER
> server string = Samba Server Version %v
> kerberos method = dedicated keytab
> dedicated keytab file = FILE:/etc/samba/samba.keytab
> log file = /var/log/samba/log.%m
> rpc_server:epmapper = external
> rpc_server:lsarpc = external
> rpc_server:lsass = external
> rpc_server:lsasd = external
> rpc_server:samr = external
> rpc_server:netlogon = external
> rpc_server:tcpip = yes
> rpc_daemon:epmd = fork
> rpc_daemon:lsasd = fork
> security = user
> map untrusted to domain = Yes
> smb ports = 139 445
> ntlm auth = yes
> log level = 2
>
> [data]
> comment = /data/beauduin on f25desktop
> path = /data/smith
> create mask = 0644
> read only = no
>
> [data2]
> comment = /data2/beauduin on f25desktop
> path = /data2/smith
> create mask = 0644
> read only = no
>
> [data3]
> comment = /data3 on f25desktop
> path = /data3/smith
> create mask = 0644
> read only = no
>
> [backup]
> comment = /backup on f25desktop
> path = /backup
> read only = no
>
> On Thu, Dec 1, 2016 at 12:21 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Thu, 1 Dec 2016 11:58:00 +0100
>> Fujisan via samba <samba at lists.samba.org> wrote:
>>
>> > Hello,
>> >
>> > I have upgraded a client and a freeipa server from Fedora 24 to 25
>> > recently. And I cannot access linux shares located on the F25 client
>> > from a windows desktop.
>> >
>> > I get these messages:
>> >
>> > [2016/12/01 11:42:19.218759, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from
>> _dedicated_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
>> > failed (Key table name malformed)
>> > [2016/12/01 11:42:19.218800, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
>> > keytab
>> > - -1765328205
>> > [2016/12/01 11:42:19.218823, 1]
>> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
>> > Failed to start GENSEC server mech gse_krb5:
>> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.261611, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from
>> _dedicated_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
>> > failed (Key table name malformed)
>> > [2016/12/01 11:42:19.261638, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
>> > keytab
>> > - -1765328205
>> > [2016/12/01 11:42:19.261653, 1]
>> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
>> > Failed to start GENSEC server mech gse_krb5:
>> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.263330, 2]
>> > ../source3/auth/auth.c:315(auth_check_ntlm_password)
>> > check_ntlm_password: Authentication for user [smith] -> [smith]
>> > FAILED with error NT_STATUS_NO_SUCH_USER
>> > [2016/12/01 11:42:19.263380, 2]
>> > ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
>> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER
>> > [2016/12/01 11:42:19.270531, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from
>> _dedicated_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
>> > failed (Key table name malformed)
>> > [2016/12/01 11:42:19.270562, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
>> > keytab
>> > - -1765328205
>> > [2016/12/01 11:42:19.270586, 1]
>> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
>> > Failed to start GENSEC server mech gse_krb5:
>> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.313479, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from
>> _dedicated_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
>> > failed (Key table name malformed)
>> > [2016/12/01 11:42:19.313506, 1]
>> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
>> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
>> > keytab
>> > - -1765328205
>> > [2016/12/01 11:42:19.313523, 1]
>> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
>> > Failed to start GENSEC server mech gse_krb5:
>> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.315256, 2]
>> > ../source3/auth/auth.c:315(auth_check_ntlm_password)
>> > check_ntlm_password: Authentication for user [smith] -> [smith]
>> > FAILED with error NT_STATUS_NO_SUCH_USER
>> > [2016/12/01 11:42:19.315291, 2]
>> > ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
>> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER
>> >
>> > Also from the F25 server, I have the following when I run smbclient
>> >
>> > # smbclient -k -L f25desktop.mydomain
>> > lp_load_ex: changing to config backend registry
>> > session setup failed: NT_STATUS_LOGON_FAILURE
>> >
>> > But if i run it with a F24 desktop, it works:
>> >
>> > # smbclient -k -L f24desktop.mydomain
>> > lp_load_ex: changing to config backend registry
>> > Domain=[MYDOMAIN] OS=[Windows 6.1] Server=[Samba 4.4.7]
>> >
>> > Sharename Type Comment
>> > --------- ---- -------
>> > IPC$ IPC IPC Service (Samba Server Version 4.4.7)
>> > data Disk /data on f24desktop
>> > data2 Disk /data2 on f24desktop
>> > data3 Disk /data3 on f24desktop
>> > backup Disk /backup on f24desktop
>> > [...]
>> >
>> >
>> > net conf list on the f25desktop gives:
>> >
>> > # net conf list
>> > [global]
>> > workgroup = MYDOMAIN
>> > realm = MYDOMAIN
>> > netbios name = F25SERVER
>> > server string = Samba Server Version %v
>> > kerberos method = dedicated keytab
>> > dedicated keytab file = FILE:/etc/samba/samba.keytab
>> > log file = /var/log/samba/log.%m
>> > rpc_server:epmapper = external
>> > rpc_server:lsarpc = external
>> > rpc_server:lsass = external
>> > rpc_server:lsasd = external
>> > rpc_server:samr = external
>> > rpc_server:netlogon = external
>> > rpc_server:tcpip = yes
>> > rpc_daemon:epmd = fork
>> > rpc_daemon:lsasd = fork
>> > security = user
>> > map untrusted to domain = Yes
>> > smb ports = 139 445
>> > log level = 2
>> >
>> > [data]
>> > comment = /data/beauduin on f25desktop
>> > path = /data/smith
>> > create mask = 0644
>> > read only = no
>> >
>> > [data2]
>> > comment = /data2/beauduin on f25desktop
>> > path = /data2/smith
>> > create mask = 0644
>> > read only = no
>> >
>> > [data3]
>> > comment = /data3 on f25desktop
>> > path = /data3/smith
>> > create mask = 0644
>> > read only = no
>> >
>> > [backup]
>> > comment = /backup on f25desktop
>> > path = /backup
>> > read only = no
>> >
>> >
>> > on the F25 server and desktop, i have the following packages
>> > installed:
>> >
>> > samba-4.5.1-1.fc25.x86_64
>> > samba-client-4.5.1-1.fc25.x86_64
>> > samba-client-libs-4.5.1-1.fc25.x86_64
>> > samba-common-4.5.1-1.fc25.noarch
>> > samba-common-libs-4.5.1-1.fc25.x86_64
>> > samba-common-tools-4.5.1-1.fc25.x86_64
>> > samba-libs-4.5.1-1.fc25.x86_64
>> > samba-python-4.5.1-1.fc25.x86_64
>> > samba-test-4.5.1-1.fc25.x86_64
>> > samba-test-libs-4.5.1-1.fc25.x86_64
>> > samba-winbind-4.5.1-1.fc25.x86_64
>> > samba-winbind-clients-4.5.1-1.fc25.x86_64
>> > samba-winbind-krb5-locator-4.5.1-1.fc25.x86_64
>> > samba-winbind-modules-4.5.1-1.fc25.x86_64
>> > system-config-samba-1.2.100-5.fc24.noarch
>> > system-config-samba-docs-1.0.9-9.fc24.noarch
>> >
>> > Any idea what is wrong?
>> >
>> > Regards,
>> > Fuji
>>
>>
>> The default value for 'ntlm auth' got changed from
>> 'yes' to 'no' from Samba 4.5.0. Could this be your problem ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
More information about the samba
mailing list