[Samba] 2:3.6.6-6+deb7u10 -> client use spnego = yes -> The trust relationship between this workstation and the primary domain failed | no -> net rpc -> NT_STATUS_INVALID_PARAMETER
Jelle de Jong
jelledejong at powercraft.nl
Fri Dec 16 14:53:19 UTC 2016
Hello everybody,
I am trying to keep my samba pdc working with windows 7 pro clients.
After my upgrade: 2016-12-15 15:10:16 upgrade samba:amd64
2:3.6.6-6+deb7u7 2:3.6.6-6+deb7u10
Some of the Windows 7 client can not login anymore and respond with:
The trust relationship between this workstation and the primary domain
failed
Changing the setting client use spnego = no will make the Windows
clients work again work, but will cause my net rpc commands to fail...
Setting client use spnego = yes will make the rpc commands work but the
Windows clients will not be able to login.
Please advice?
stayce:~# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[documenten]"
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = COMPANY
netbios name = SERVER
interfaces = lo, br0
bind interfaces only = Yes
passdb backend = ldapsam
log file = /var/log/samba/log.%m
time server = Yes
client use spnego = No
max open files = 17404
load printers = No
printcap name = /dev/null
disable spoolss = Yes
logon script = netlogon.bat
logon path = \\%N\profiles\%U
domain logons = Yes
os level = 240
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=company,dc=nl
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = yes
ldap suffix = dc=company,dc=nl
ldap ssl = no
ldap user suffix = ou=users
usershare max shares = 0
usershare path = /srv/storage/shares
template homedir = /srv/storage/shares/
template shell = /bin/bash
ldapsam:trusted = yes
ldapsam:editposix = yes
idmap config * : range = 10000-30000000
idmap config * : ldap_url = ldap://localhost/
idmap alloc config : ldap_base_dn = ou=idmap,dc=company,dc=nl
idmap alloc config : ldap_user_dn = cn=admin,dc=company,dc=nl
idmap config * : backend = ldap
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
[documenten]
path = /srv/storage/shares
read only = No
create mask = 0660
security mask = 0770
directory mask = 0770
directory security mask = 0770
inherit acls = Yes
map acl inherit = Yes
hide unreadable = Yes
store dos attributes = Yes
vfs objects = recycle
recycle:keeptree = Yes
recycle:versions = Yes
recycle:touch_mtime = Yes
[homes]
comment = Home Directories
path = /srv/storage/samba/homes/%U
read only = No
inherit acls = Yes
map acl inherit = Yes
store dos attributes = Yes
browseable = No
root preexec = /usr/local/bin/samba-mkdir-home %U
[netlogon]
comment = Network Logon Service
path = /srv/storage/samba/netlogon
read only = No
inherit acls = Yes
map acl inherit = Yes
store dos attributes = Yes
browseable = No
[profiles]
comment = Users profiles
path = /srv/storage/samba/profiles
read only = No
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
store dos attributes = Yes
browseable = No
stayce:~# net -d 10 rpc group members "office" -S localhost -U
Administrator%<secret>
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = COMPANY
doing parameter netbios name = SERVER
handle_netbios_name: set global_myname to: SERVER
doing parameter interfaces = lo, br0
doing parameter bind interfaces only = Yes
doing parameter passdb backend = ldapsam
doing parameter log file = /var/log/samba/log.%m
doing parameter time server = Yes
doing parameter client use spnego = No
doing parameter max open files = 17404
doing parameter load printers = No
doing parameter printcap name = /dev/null
doing parameter disable spoolss = Yes
doing parameter logon script = netlogon.bat
doing parameter logon path = \\%N\profiles\%U
doing parameter domain logons = Yes
doing parameter os level = 240
doing parameter preferred master = Yes
doing parameter domain master = Yes
doing parameter dns proxy = No
doing parameter wins support = Yes
doing parameter ldap admin dn = cn=admin,dc=company,dc=nl
doing parameter ldap delete dn = Yes
doing parameter ldap group suffix = ou=groups
doing parameter ldap idmap suffix = ou=idmap
doing parameter ldap machine suffix = ou=computers
doing parameter ldap passwd sync = yes
doing parameter ldap suffix = dc=company,dc=nl
doing parameter ldap ssl = no
doing parameter ldap user suffix = ou=users
doing parameter usershare max shares = 0
doing parameter usershare path = /srv/storage/shares
doing parameter template homedir = /srv/storage/shares/
doing parameter template shell = /bin/bash
doing parameter idmap alloc config : ldap_user_dn =
cn=admin,dc=company,dc=nl
doing parameter idmap alloc config : ldap_base_dn =
ou=idmap,dc=company,dc=nl
doing parameter idmap config * : ldap_url = ldap://localhost/
doing parameter idmap config * : range = 10000-30000000
doing parameter ldapsam:editposix = yes
doing parameter ldapsam:trusted = yes
doing parameter idmap config * : backend = ldap
doing parameter printing = bsd
doing parameter print command = lpr -r -P'%p' %s
doing parameter lpq command = lpq -P'%p'
doing parameter lprm command = lprm -P'%p' %j
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Netbios name list:-
my_netbios_names[0]="SERVER"
added interface lo ip=::1 bcast=::1
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.22.80 bcast=192.168.22.255
netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Opening cache file at /var/run/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for
internal_resolve_name: looking up localhost#20 (sitename (null))
name localhost#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to host=localhost
Running timed event "tevent_req_timedout" 0x7f75783bf2e0
Connecting to 127.0.0.1 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 173400
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
Substituting charset 'ANSI_X3.4-1968' for LOCALE
cli_session_setup: NT1 session setup failed: NT_STATUS_INVALID_PARAMETER
failed session setup with NT_STATUS_INVALID_PARAMETER
Could not connect to server localhost
Connection failed: NT_STATUS_INVALID_PARAMETER
failed to make ipc connection: NT_STATUS_INVALID_PARAMETER
return code = -1
Kind regards,
Jelle de Jong
More information about the samba
mailing list