[Samba] cifs mount of share fails
eXe2001 at gmx.at
eXe2001 at gmx.at
Sat Sep 10 08:49:48 UTC 2016
Hello,
i have two Samba 4.2.10+dfsg-0+deb8u3 Dabian 8.2 servers, connected to a
2008 R2 AD over krb5/sssd.
Both servers have an identical configuration and are joined to the domain.
The shares on these two servers are perfectly accessible form any of my
windows clients.
But i cannot mount the shares from one of the servers over mount -t cifs.
domain_client_validate: unable to validate password for user <user> in
domain <mydomain> to Domain controller <AD server fqdn>. Error was
NT_STATUS_ACCESS_DENIED.
After setting a more verbose loglevel and comparing the output of these
two servers i noticed this:
[2016/09/07 14:58:32.674886, 8, pid=10468, effective(0, 0), real(0, 0)]
../source3/libsmb/namequery.c:3320(get_sorted_dc_list)
get_sorted_dc_list: attempting lookup for name <mydomain> (sitename A)
[2016/09/07 14:58:32.674929, 5, pid=10468, effective(0, 0), real(0, 0)]
../source3/libsmb/namequery.c:209(saf_fetch)
saf_fetch: failed to find server for "<mydomain>" domain
[2016/09/07 14:58:32.674944, 3, pid=10468, effective(0, 0), real(0, 0)]
../source3/libsmb/namequery.c:3133(get_dc_list)
get_dc_list: preferred server list: ", *"
-------working server output below---------
[2016/09/06 10:33:20.209503, 8, pid=6856, effective(0, 0), real(0, 0)]
../source3/libsmb/namequery.c:3320(get_sorted_dc_list)
get_sorted_dc_list: attempting lookup for name <mydomain> (sitename B)
[2016/09/06 10:33:20.209522, 5, pid=6856, effective(0, 0), real(0, 0)]
../source3/libsmb/namequery.c:212(saf_fetch)
saf_fetch: Returning "<ad server>.<mydomain>" for "<mydomain>" domain
[2016/09/06 10:33:20.209546, 3, pid=6856, effective(0, 0), real(0, 0)]
../source3/libsmb/namequery.c:3133(get_dc_list)
get_dc_list: preferred server list: "<ad server>.<mydomain>, *"
The AD servers are resolvable and pingable for both servers, the servers
have a connection to the AD and Kerberos and SSSD seem to work fine.
I can get a Kerberos ticket and getent passwd/group returns the correct
information.
I have no idea anymore why one of the servers reports "saf_fetch: failed
to find server for "<mydomain>" domain" when i try to mount the share
over cifs from various linux distributions(Arch, CentOS, Debian, Ubuntu)
clients.
smb.conf:
[global]
workgroup = <MY DOMAIN>
realm = <MY DOMAIN>.CORP
security = ADS
netbios name = <hostname>
# password server = <ad server fqdn>
dedicated keytab file = /etc/krb5.keytab
kerberos method = system keytab
passdb backend = tdbsam
map to guest = Bad User
null passwords = Yes
load printers = No
hosts allow = <my networks>
encrypt passwords = true
client ntlmv2 auth = yes
template homedir = /home/%U
template shell = /bin/bash
# shutup CUPS
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[projects]
comment=Data
path=/data
guest ok = no
valid users = @someusers
force group = someusers
browseable = yes
read only = No
create mask = 0660
directory mask = 0770
writable = yes
available = yes
More information about the samba
mailing list