[Samba] unable to mount nfs4v over krb5 after samba upgrade.

L.P.H. van Belle belle at bazuin.nl
Mon Dec 17 15:51:05 UTC 2018


Hai, 

I think the following.. 
Somewhere a password has expired of something is going to a guest account... 

map to guest= Bad User      << remove it, and and restart samba/winbind .

That does man smb.conf say about this setting and helpdesks ...  ;-) 
Can you tell why this is in you member server's config? So we understand you setup more. 

And your config is missing the refress tickets so i might be that a keytab pasword has expired. 
winbind refresh tickets = yes

Last, check for the nfs/SPN in the keytab file on the member server and in the AD. 
How depends a bit on your setup. 

If you did an OS upgrade also, then OS and from/to versions. 



Greetz, 

Louis

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> VigneshDhanraj G via samba
> Verzonden: maandag 17 december 2018 8:53
> Aan: Rowland penny
> CC: Samba Listing
> Onderwerp: Re: [Samba] unable to mount nfs4v over krb5 after 
> samba upgrade.
> 
> Hi Rowland,
> 
> Still issue persists, i have removed passdb backend option from my smb
> config. i haven't found any passdb.tdb file in private 
> folder. i only see
> smbpasswd file. whether passwd.tdb file will create automatically?
> 
> I have created one more setup with samba 4.7 installed to 
> check there is
> issue in my environment, everything works fine there.
> 
> Whats the change causing this problem, i guess definitely 
> samba upgrade
> causing issue, not my environment.
> 
> Please help me out.
> 
> Regards,
> VigneshDhanraj G
> 
> On Fri, Dec 14, 2018 at 7:51 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Fri, 14 Dec 2018 19:14:28 +0530
> > VigneshDhanraj G via samba <samba at lists.samba.org> wrote:
> >
> > > Hi Team,
> > >
> > > Upgraded samba from 4.7. to 4.9.3. After upgrade unable 
> to mount nfsv4
> > > through krb5 security.
> > >
> > > smb.conf:
> > >
> > > [Global]
> > > available= yes
> > > restrict anonymous= 0
> > > Workgroup= VIKY
> > > netbios name= viky
> > > realm= VIKY.LOCAL
> > > password server= 192.168.1.10, *
> > > idmap backend= tdb
> > > idmap uid= 5000-9999999
> > > idmap gid= 5000-9999999
> > > idmap config *: backend= rid
> > > idmap config *: range= 10000000-19999999
> > > security= ADS
> > > name resolve order= wins host bcast lmhosts
> > > client use spnego= yes
> > > dns proxy= no
> > > winbind use default domain= no
> > > winbind nested groups= yes
> > > inherit acls= yes
> > > winbind enum users= yes
> > > winbind enum groups= yes
> > > winbind separator= \\
> > > winbind cache time= 300
> > > winbind offline logon= true
> > > template shell= /bin/sh
> > > kerberos method= secrets and keytab
> > > map to guest= Bad User
> > > host msdfs= yes
> > > strict allocate= no
> > > encrypt passwords= yes
> > > passdb backend= smbpasswd
> > > printcap name= lpstat
> > > printable= no
> > > load printers= yes
> > > max smbd processes= 500
> > > getwd cache= yes
> > > syslog= 0
> > > use sendfile= yes
> > > log level= 0
> > > max log size= 50
> > > unix extensions= no
> > > dos charset= ascii
> > > state directory= /mnt/system/samba/system
> > > cache directory= /tmp/samba/
> > > ntlm auth= Yes
> > > winbind expand groups= 1
> > >
> > > Thanks,
> >
> > Several things, read 'man smb.conf' and:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >
> > Remove 'passdb backend= smbpasswd', you will then be using 
> the default
> > 'tdbsam' passdb backend.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 




More information about the samba mailing list