[Samba] SPNEGO login failed: An internal error occurred

Mon Sep 4 13:02:56 UTC 2017

What happens if you use : 

smbclient -L $(hostname -f) -UAdministrator -d3 -m smb2
This works on samba 4.6.7, if it still does not work for you, you did hit one of the smbclient bugs related to smb1 protocol.

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Gregor Burck via samba
> Verzonden: maandag 4 september 2017 14:35
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] SPNEGO login failed: An internal error occurred
> 
> Hi,
> 
> I setup a test envirement on a dedicatet server.
> 
> OS: debian stretch
> samba: 4.5.8
> smbclient: 4.5.8
> 
> I set it up as DC, the provision work well, yes I've delete 
> the smb.conf in advance.
> When I test kinit I got an kerberos ticket, but I've problems 
> with smbclient either I use kerberos or password auth.
> 
> Myabee someone could help me?
> 
> my smb.conf:
> 
> # Global parameters
> [global]
>   netbios name = MX01
>   realm = RABADANTEN.DE
>   workgroup = RABADANTEN
>   dns forwarder = 8.8.8.8
>   server role = active directory domain controller
> 
> [netlogon]
>   path = /var/lib/samba/sysvol/rabadanten.de/scripts
>   read only = No
> 
> [sysvol]
>   path = /var/lib/samba/sysvol
>   read only = No
> 
> my krb5.conf:
> 
> [libdefaults]
>   default_realm = RABADANTEN.DE
>   dns_lookup_realm = false
>   dns_lookup_kdc = true
> 
> when I try with 'smbclient -L localhost -UAdministrator -d3' :
> <start>
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows 
> limit (16384) Processing section "[global]"
> added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
> netmask=255.255.255.255
> Client started (version 4.5.8-Debian).
> Enter Administrator's password:
> resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
> resolve_wins: WINS server resolution selected and no WINS 
> servers listed.
> resolve_hosts: Attempting host lookup for name 
> localhost<0x20> Connecting to ::1 at port 445 Doing spnego 
> session setup (blob length=96) got OID=1.2.840.48018.1.2.2 
> got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 
> got principal=not_defined_in_RFC4178 at please_ignore GENSEC 
> backend 'gssapi_spnego' registered GENSEC backend 
> 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' 
> registered GENSEC backend 'spnego' registered GENSEC backend 
> 'schannel' registered GENSEC backend 'naclrpc_as_system' 
> registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC 
> backend 'ntlmssp' registered GENSEC backend 
> 'ntlmssp_resume_ccache' registered GENSEC backend 
> 'http_basic' registered GENSEC backend 'http_ntlm' registered 
> GENSEC backend 'krb5' registered GENSEC backend 
> 'fake_gssapi_krb5' registered Got challenge flags:
> Got NTLMSSP neg_flags=0x62898215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088215
> SPNEGO login failed: An internal error occurred.
> session setup failed: NT_STATUS_INTERNAL_ERROR </stop>
> 
> with 'smbclient -L //mx01 -k -d6':
> 
> <start>
> INFO: Current debug levels:
>   all: 6
>   tdb: 6
>   printdrivers: 6
>   lanman: 6
>   smb: 6
>   rpc_parse: 6
>   rpc_srv: 6
>   rpc_cli: 6
>   passdb: 6
>   sam: 6
>   auth: 6
>   winbind: 6
>   vfs: 6
>   idmap: 6
>   quota: 6
>   acls: 6
>   locking: 6
>   msdfs: 6
>   dmapi: 6
>   registry: 6
>   scavenger: 6
>   dns: 6
>   ldb: 6
>   tevent: 6
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows 
> limit (16384)
> INFO: Current debug levels:
>   all: 6
>   tdb: 6
>   printdrivers: 6
>   lanman: 6
>   smb: 6
>   rpc_parse: 6
>   rpc_srv: 6
>   rpc_cli: 6
>   passdb: 6
>   sam: 6
>   auth: 6
>   winbind: 6
>   vfs: 6
>   idmap: 6
>   quota: 6
>   acls: 6
>   locking: 6
>   msdfs: 6
>   dmapi: 6
>   registry: 6
>   scavenger: 6
>   dns: 6
>   ldb: 6
>   tevent: 6
> Processing section "[global]"
> doing parameter netbios name = MX01
> doing parameter realm = RABADANTEN.DE
> doing parameter workgroup = RABADANTEN
> doing parameter dns forwarder = 8.8.8.8
> doing parameter server role = active directory domain controller
> pm_process() returned Yes
> added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=195.62.123.31 bcast=195.62.123.31
> netmask=255.255.255.255
> Netbios name list:-
> my_netbios_names[0]="MX01"
> Client started (version 4.5.8-Debian).
> Opening cache file at /var/cache/samba/gencache.tdb Opening 
> cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: No stored sitename for realm 'RABADANTEN.DE'
> name mx01#20 found.
> Connecting to 127.0.1.1 at port 445
> Socket options:
>   SO_KEEPALIVE = 0
>   SO_REUSEADDR = 0
>   SO_BROADCAST = 0
>   TCP_NODELAY = 1
>   TCP_KEEPCNT = 9
>   TCP_KEEPIDLE = 7200
>   TCP_KEEPINTVL = 75
>   IPTOS_LOWDELAY = 0
>   IPTOS_THROUGHPUT = 0
>   SO_REUSEPORT = 0
>   SO_SNDBUF = 2626560
>   SO_RCVBUF = 1061808
>   SO_SNDLOWAT = 1
>   SO_RCVLOWAT = 1
>   SO_SNDTIMEO = 0
>   SO_RCVTIMEO = 0
>   TCP_QUICKACK = 1
>   TCP_DEFER_ACCEPT = 0
>   session request ok
> Doing spnego session setup (blob length=96) got 
> OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got 
> OID=1.3.6.1.4.1.311.2.2.10 got 
> principal=not_defined_in_RFC4178 at please_ignore
> cli_session_setup_spnego: using target hostname not SPNEGO principal
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:  
> FILE:/tmp/krb5cc_0
> cli_session_setup_spnego: guessed server 
> principal=cifs/mx01 at RABADANTEN.DE GENSEC backend 'gssapi_spnego'  
> registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 
> 'spnego' registered GENSEC backend 'schannel' registered 
> GENSEC backend 'naclrpc_as_system' registered GENSEC backend 
> 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' 
> registered GENSEC backend 'ntlmssp_resume_ccache' registered 
> GENSEC backend 'http_basic' registered GENSEC backend 
> 'http_ntlm' registered GENSEC backend 'krb5' registered 
> GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC 
> mechanism spnego Starting GENSEC submechanism gse_krb5
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:  
> FILE:/tmp/krb5cc_0
> SPNEGO login failed: An internal error occurred.
> session setup failed: NT_STATUS_INTERNAL_ERROR </stop>
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 