[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED

Oliver Werner oliver.werner at kontrast.de
Thu Sep 22 16:14:19 UTC 2016 

Hi,

After some hours (maybe 8-12h) i can’t connect to my Samba Member (SMB://).

After restarting winbind works fine again.

We using 4.5.0 right now.

I hope the following informations will be enough at this moment 


In samba log on DC i got the following Error:

[2016/09/22 08:58:56.925190,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [dfs_samba4]
[2016/09/22 08:58:56.925235,  2] ../source3/modules/vfs_acl_xattr.c:201(connect_acl_xattr)
  connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$
[2016/09/22 08:58:56.928361,  3] ../source3/smbd/service.c:907(make_connection_snum)
  192.168.111.159 (ipv4:192.168.111.159:45070) connect to service IPC$ initially as user HQKONTRAST\pl0024$ (uid=3000085, gid=3000015) (pid 3755)
[2016/09/22 17:21:05.879733,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.880494,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.881399,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.881874,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.882713,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.883692,  3] ../source3/smbd/service.c:1183(close_cnum)
  192.168.111.159 (ipv4:192.168.111.159:45070) closed connection to service IPC$
[2016/09/22 17:21:05.889500,  3] ../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_END_OF_FILE)
[2016/09/22 17:21:05.920155,  3] ../source3/smbd/oplock.c:1322(init_oplocks)
  init_oplocks: initializing messages.



My DC Config:

# Global parameters
[global]
	workgroup = HQKONTRAST
	realm = HQ.KONTRAST
	netbios name = VL0227
	server role = active directory domain controller
	idmap_ldb:use rfc2307 = yes
	interfaces = eth0:35
   bind interfaces only=yes

	ldap server require strong auth = no
	ntlm auth = yes

    # Debug logging information
    log level = 3
    log file = /var/log/samba/samba.log.%m
    #max log size = 50
    #debug timestamp = yesddiid

	tls enabled  = yes
	tls keyfile  = /var/lib/samba/private/tls/key.pem
	tls certfile = /var/lib/samba/private/tls/cert.pem
	tls cafile   = /var/lib/samba/private/tls/ca.pem

[netlogon]
	path = /var/lib/samba/sysvol/hq.kontrast/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

Member config:

[global]
       netbios name = PL0024
       security = ADS
       workgroup = HQKONTRAST
       realm = hq.kontrast

       log file = /var/log/samba/%m.log
       log level = 3 passdb:5 auth:10 winbind:10

       dedicated keytab file = /etc/krb5.keytab
       kerberos method = secrets and keytab
       winbind refresh tickets = yes

       winbind trusted domains only = no
       winbind use default domain = yes
       winbind enum users  = yes
       winbind enum groups = yes
       #winbind cache time = 300

       # Default idmap config used for BUILTIN and local accounts/groups
	#idmap cache time = 604800
	idmap cache time = 1
	idmap negative cache time = 1
	winbind cache time = 1
       idmap config *:backend = tdb
       idmap config *:range = 500-1023

       # idmap config for domain HQKONTRAST
       idmap config HQKONTRAST:backend = ad
       idmap config HQKONTRAST:schema_mode = rfc2307
       idmap config HQKONTRAST:range = 1024-99999


       # Use settings from AD for login shell and home directory
       winbind nss info = rfc2307


Log on Member-Server:

[2016/09/22 18:07:44.380907, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:795(wb_request_done)
  wb_request_done[10221:XIDS_TO_SIDS]: NT_STATUS_OK
[2016/09/22 18:07:44.380936, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:863(winbind_client_response_written)
  winbind_client_response_written[10221:XIDS_TO_SIDS]: delivered response to client
[2016/09/22 18:07:44.381056, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:733(process_request)
  process_request: Handling async request 10221:XIDS_TO_SIDS
[2016/09/22 18:07:44.381072,  3, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_xids_to_sids.c:52(winbindd_xids_to_sids_send)
  xids_to_sids
[2016/09/22 18:07:44.381084, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_xids_to_sids.c:70(winbindd_xids_to_sids_send)
  num_xids: 1
[2016/09/22 18:07:44.382846, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:795(wb_request_done)
  wb_request_done[10221:XIDS_TO_SIDS]: NT_STATUS_OK
[2016/09/22 18:07:44.382874, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:863(winbind_client_response_written)
  winbind_client_response_written[10221:XIDS_TO_SIDS]: delivered response to client
[2016/09/22 18:07:49.013472,  1, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:352(trustdom_list_done)
  trustdom_list_done: Could not receive trusts for domain HQKONTRAST
[2016/09/22 18:10:10.176988,  4, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1397(child_handler)
  Finished processing child request 20
[2016/09/22 18:10:10.177000, 10, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
  Writing 3496 bytes to parent
[2016/09/22 18:10:11.178087,  4, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1389(child_handler)
  child daemon request 20
[2016/09/22 18:10:11.178113, 10, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:512(child_process_request)
  child_process_request: request fn LIST_TRUSTDOM
[2016/09/22 18:10:11.178131,  3, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
  [ 5520]: list trusted domains
[2016/09/22 18:10:11.178145,  3, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:168(winbindd_dual_list_trusted_domains)
  winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL


Best wishes

OLIVER WERNER
Systemadministrator

More information about the samba mailing list