[Samba] SPNEGO login failed: An internal error occurred
Rowland Penny
rpenny at samba.org
Mon Sep 4 12:59:24 UTC 2017
On Mon, 04 Sep 2017 14:34:41 +0200
Gregor Burck via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I setup a test envirement on a dedicatet server.
>
> OS: debian stretch
> samba: 4.5.8
> smbclient: 4.5.8
>
> I set it up as DC, the provision work well, yes I've delete the
> smb.conf in advance.
> When I test kinit I got an kerberos ticket, but I've problems with
> smbclient either I use kerberos or password auth.
>
> Myabee someone could help me?
>
> my smb.conf:
>
> # Global parameters
> [global]
> netbios name = MX01
> realm = RABADANTEN.DE
> workgroup = RABADANTEN
> dns forwarder = 8.8.8.8
> server role = active directory domain controller
>
> [netlogon]
> path = /var/lib/samba/sysvol/rabadanten.de/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> my krb5.conf:
>
> [libdefaults]
> default_realm = RABADANTEN.DE
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> when I try with 'smbclient -L localhost -UAdministrator -d3' :
> <start>
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) Processing section "[global]"
> added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
> netmask=255.255.255.255
> Client started (version 4.5.8-Debian).
> Enter Administrator's password:
> resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
> resolve_wins: WINS server resolution selected and no WINS servers
> listed. resolve_hosts: Attempting host lookup for name localhost<0x20>
> Connecting to ::1 at port 445
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore GENSEC backend
> 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088215
> SPNEGO login failed: An internal error occurred.
> session setup failed: NT_STATUS_INTERNAL_ERROR
> </stop>
>
> with 'smbclient -L //mx01 -k -d6':
>
> <start>
> INFO: Current debug levels:
> all: 6
> tdb: 6
> printdrivers: 6
> lanman: 6
> smb: 6
> rpc_parse: 6
> rpc_srv: 6
> rpc_cli: 6
> passdb: 6
> sam: 6
> auth: 6
> winbind: 6
> vfs: 6
> idmap: 6
> quota: 6
> acls: 6
> locking: 6
> msdfs: 6
> dmapi: 6
> registry: 6
> scavenger: 6
> dns: 6
> ldb: 6
> tevent: 6
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) INFO: Current debug levels:
> all: 6
> tdb: 6
> printdrivers: 6
> lanman: 6
> smb: 6
> rpc_parse: 6
> rpc_srv: 6
> rpc_cli: 6
> passdb: 6
> sam: 6
> auth: 6
> winbind: 6
> vfs: 6
> idmap: 6
> quota: 6
> acls: 6
> locking: 6
> msdfs: 6
> dmapi: 6
> registry: 6
> scavenger: 6
> dns: 6
> ldb: 6
> tevent: 6
> Processing section "[global]"
> doing parameter netbios name = MX01
> doing parameter realm = RABADANTEN.DE
> doing parameter workgroup = RABADANTEN
> doing parameter dns forwarder = 8.8.8.8
> doing parameter server role = active directory domain controller
> pm_process() returned Yes
> added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
> netmask=255.255.255.255
> Netbios name list:-
> my_netbios_names[0]="MX01"
> Client started (version 4.5.8-Debian).
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: No stored sitename for realm 'RABADANTEN.DE'
> name mx01#20 found.
> Connecting to 127.0.1.1 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 2626560
> SO_RCVBUF = 1061808
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> session request ok
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> cli_session_setup_spnego: using target hostname not SPNEGO principal
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
> FILE:/tmp/krb5cc_0
> cli_session_setup_spnego: guessed server
> principal=cifs/mx01 at RABADANTEN.DE GENSEC backend 'gssapi_spnego'
> registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gse_krb5
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
> FILE:/tmp/krb5cc_0
> SPNEGO login failed: An internal error occurred.
> session setup failed: NT_STATUS_INTERNAL_ERROR
> </stop>
>
>
Can you post your /etc/hosts file
Rowland
More information about the samba
mailing list