[Samba] SPNEGO login failed: An internal error occurred
L.P.H. van Belle
belle at bazuin.nl
Mon Sep 4 13:02:56 UTC 2017
What happens if you use :
smbclient -L $(hostname -f) -UAdministrator -d3 -m smb2
This works on samba 4.6.7, if it still does not work for you, you did hit one of the smbclient bugs related to smb1 protocol.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Gregor Burck via samba
> Verzonden: maandag 4 september 2017 14:35
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] SPNEGO login failed: An internal error occurred
>
> Hi,
>
> I setup a test envirement on a dedicatet server.
>
> OS: debian stretch
> samba: 4.5.8
> smbclient: 4.5.8
>
> I set it up as DC, the provision work well, yes I've delete
> the smb.conf in advance.
> When I test kinit I got an kerberos ticket, but I've problems
> with smbclient either I use kerberos or password auth.
>
> Myabee someone could help me?
>
> my smb.conf:
>
> # Global parameters
> [global]
> netbios name = MX01
> realm = RABADANTEN.DE
> workgroup = RABADANTEN
> dns forwarder = 8.8.8.8
> server role = active directory domain controller
>
> [netlogon]
> path = /var/lib/samba/sysvol/rabadanten.de/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> my krb5.conf:
>
> [libdefaults]
> default_realm = RABADANTEN.DE
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> when I try with 'smbclient -L localhost -UAdministrator -d3' :
> <start>
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows
> limit (16384) Processing section "[global]"
> added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
> netmask=255.255.255.255
> Client started (version 4.5.8-Debian).
> Enter Administrator's password:
> resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
> resolve_wins: WINS server resolution selected and no WINS
> servers listed.
> resolve_hosts: Attempting host lookup for name
> localhost<0x20> Connecting to ::1 at port 445 Doing spnego
> session setup (blob length=96) got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore GENSEC
> backend 'gssapi_spnego' registered GENSEC backend
> 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl'
> registered GENSEC backend 'spnego' registered GENSEC backend
> 'schannel' registered GENSEC backend 'naclrpc_as_system'
> registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC
> backend 'ntlmssp' registered GENSEC backend
> 'ntlmssp_resume_ccache' registered GENSEC backend
> 'http_basic' registered GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered GENSEC backend
> 'fake_gssapi_krb5' registered Got challenge flags:
> Got NTLMSSP neg_flags=0x62898215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088215
> SPNEGO login failed: An internal error occurred.
> session setup failed: NT_STATUS_INTERNAL_ERROR </stop>
>
> with 'smbclient -L //mx01 -k -d6':
>
> <start>
> INFO: Current debug levels:
> all: 6
> tdb: 6
> printdrivers: 6
> lanman: 6
> smb: 6
> rpc_parse: 6
> rpc_srv: 6
> rpc_cli: 6
> passdb: 6
> sam: 6
> auth: 6
> winbind: 6
> vfs: 6
> idmap: 6
> quota: 6
> acls: 6
> locking: 6
> msdfs: 6
> dmapi: 6
> registry: 6
> scavenger: 6
> dns: 6
> ldb: 6
> tevent: 6
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows
> limit (16384)
> INFO: Current debug levels:
> all: 6
> tdb: 6
> printdrivers: 6
> lanman: 6
> smb: 6
> rpc_parse: 6
> rpc_srv: 6
> rpc_cli: 6
> passdb: 6
> sam: 6
> auth: 6
> winbind: 6
> vfs: 6
> idmap: 6
> quota: 6
> acls: 6
> locking: 6
> msdfs: 6
> dmapi: 6
> registry: 6
> scavenger: 6
> dns: 6
> ldb: 6
> tevent: 6
> Processing section "[global]"
> doing parameter netbios name = MX01
> doing parameter realm = RABADANTEN.DE
> doing parameter workgroup = RABADANTEN
> doing parameter dns forwarder = 8.8.8.8
> doing parameter server role = active directory domain controller
> pm_process() returned Yes
> added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
> netmask=255.255.255.255
> Netbios name list:-
> my_netbios_names[0]="MX01"
> Client started (version 4.5.8-Debian).
> Opening cache file at /var/cache/samba/gencache.tdb Opening
> cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: No stored sitename for realm 'RABADANTEN.DE'
> name mx01#20 found.
> Connecting to 127.0.1.1 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 2626560
> SO_RCVBUF = 1061808
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> session request ok
> Doing spnego session setup (blob length=96) got
> OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got
> OID=1.3.6.1.4.1.311.2.2.10 got
> principal=not_defined_in_RFC4178 at please_ignore
> cli_session_setup_spnego: using target hostname not SPNEGO principal
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
> FILE:/tmp/krb5cc_0
> cli_session_setup_spnego: guessed server
> principal=cifs/mx01 at RABADANTEN.DE GENSEC backend 'gssapi_spnego'
> registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend
> 'spnego' registered GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered GENSEC backend
> 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp'
> registered GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered GENSEC backend
> 'http_ntlm' registered GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC
> mechanism spnego Starting GENSEC submechanism gse_krb5
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
> FILE:/tmp/krb5cc_0
> SPNEGO login failed: An internal error occurred.
> session setup failed: NT_STATUS_INTERNAL_ERROR </stop>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list