[Samba] SPNEGO login failed: An internal error occurred
Gregor Burck
gregor at aeppelbroe.de
Mon Sep 4 12:34:41 UTC 2017
Hi,
I setup a test envirement on a dedicatet server.
OS: debian stretch
samba: 4.5.8
smbclient: 4.5.8
I set it up as DC, the provision work well, yes I've delete the
smb.conf in advance.
When I test kinit I got an kerberos ticket, but I've problems with
smbclient either I use kerberos or password auth.
Myabee someone could help me?
my smb.conf:
# Global parameters
[global]
netbios name = MX01
realm = RABADANTEN.DE
workgroup = RABADANTEN
dns forwarder = 8.8.8.8
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/rabadanten.de/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
my krb5.conf:
[libdefaults]
default_realm = RABADANTEN.DE
dns_lookup_realm = false
dns_lookup_kdc = true
when I try with 'smbclient -L localhost -UAdministrator -d3' :
<start>
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
netmask=255.255.255.255
Client started (version 4.5.8-Debian).
Enter Administrator's password:
resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name localhost<0x20>
Connecting to ::1 at port 445
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore GENSEC backend
'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR
</stop>
with 'smbclient -L //mx01 -k -d6':
<start>
INFO: Current debug levels:
all: 6
tdb: 6
printdrivers: 6
lanman: 6
smb: 6
rpc_parse: 6
rpc_srv: 6
rpc_cli: 6
passdb: 6
sam: 6
auth: 6
winbind: 6
vfs: 6
idmap: 6
quota: 6
acls: 6
locking: 6
msdfs: 6
dmapi: 6
registry: 6
scavenger: 6
dns: 6
ldb: 6
tevent: 6
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 6
tdb: 6
printdrivers: 6
lanman: 6
smb: 6
rpc_parse: 6
rpc_srv: 6
rpc_cli: 6
passdb: 6
sam: 6
auth: 6
winbind: 6
vfs: 6
idmap: 6
quota: 6
acls: 6
locking: 6
msdfs: 6
dmapi: 6
registry: 6
scavenger: 6
dns: 6
ldb: 6
tevent: 6
Processing section "[global]"
doing parameter netbios name = MX01
doing parameter realm = RABADANTEN.DE
doing parameter workgroup = RABADANTEN
doing parameter dns forwarder = 8.8.8.8
doing parameter server role = active directory domain controller
pm_process() returned Yes
added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
netmask=255.255.255.255
Netbios name list:-
my_netbios_names[0]="MX01"
Client started (version 4.5.8-Debian).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for realm 'RABADANTEN.DE'
name mx01#20 found.
Connecting to 127.0.1.1 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 2626560
SO_RCVBUF = 1061808
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
FILE:/tmp/krb5cc_0
cli_session_setup_spnego: guessed server
principal=cifs/mx01 at RABADANTEN.DE GENSEC backend 'gssapi_spnego'
registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
FILE:/tmp/krb5cc_0
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR
</stop>
More information about the samba
mailing list