[Samba] RPC Authentication Error
Anantha Raghava
raghav at exzatechconsulting.com
Wed Jun 13 11:07:22 UTC 2018
Hi,
Some time back I had written to the list about integrating Cisco ISE and
facing errors with RPC login. When we actually integrated using ISE
2.4.0357 we noticed that Kerberos authentication is working like a
charm. But MS-RPC authentication throws error.
From the samba logs, we noticed that ISE workstation is able to
negotiate the RPC ports switch to higher Dynamic RPC ports,
authentication is working fine. However, the very next step, the
connerction gets terminated and ISE looses connection with AD Domain
Controller. Samba log showing the error is shown below. My smb.conf is
also shown.
Any specific setting we need to do in Samba to get this working?
My Samba version is 4.7.3
_*My smb.conf:
*_# Global parameters
[global]
netbios name = DC1
realm = EXAMPLE.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = EXAMPLE
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = No
# Logs and events
eventlog list = Security
log level = 3
log file = /var/log/samba/dc1.%T.log
max log size = 1000000
[netlogon]
path = /usr/local/samba/var/locks/sysvol/exza.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
_*Samba Logs (Log level set to 3)
*__[2018/06/13 16:11:57.262264, 2]
../source4/dsdb/repl/replicated_objects.c:1020(dsdb_replicated_objects_commit)
Replicated 0 objects (0 linked attributes) for DC=example,DC=com
[2018/06/13 16:12:14.433654, 2]
../source4/dsdb/kcc/kcc_periodic.c:710(kccsrv_samba_kcc)
Calling samba_kcc script
[2018/06/13 16:12:14.706632, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
/usr/local/samba/sbin/samba_kcc: ldb_wrap open of secrets.ldb
[2018/06/13 16:12:15.171836, 3]
../lib/util/util_runcmd.c:291(samba_runcmd_io_handler)
samba_runcmd_io_handler: Child /usr/local/samba/sbin/samba_kcc exited 0
[2018/06/13 16:12:15.171946, 3]
../source4/dsdb/kcc/kcc_periodic.c:695(samba_kcc_done)
Completed samba_kcc OK
[2018/06/13 16:12:58.219597, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() -
NT_STATUS_LOCAL_DISCONNECT'
[2018/06/13 16:12:58.219997, 2]
../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[ldapsrv_call_wait_done: call->wait_recv()
- NT_STATUS_LOCAL_DISCONNECT]
[2018/06/13 16:12:58.233556, 2]
../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 12918 () exited with status 0
[2018/06/13 16:12:58.238059, 3]
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2018/06/13 16:12:58.458247, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ ISEAPPL$@EXAMPLE.COM from
iEXAMPLEpv4:192.168.100.40:40583 for cifs/pdc.EXAMPLE.com at EXAMPLE.COM
[canonicalize, renewable, forwardable]
[2018/06/13 16:12:58.467845, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ authtime: 2018-06-13T16:10:17 starttime:
2018-06-13T16:12:58 endtime: 2018-06-14T02:10:17 renew till:
2018-06-20T16:10:17
[2018/06/13 16:12:58.516514, 3]
../libcli/auth/schannel_state_tdb.c:360(schannel_store_challenge_tdb)
schannel_store_challenge_tdb: stored challenge info for 'ISEAPPL'
with key CHALLENGE/cc
[2018/06/13 16:12:58.521086, 3]
../libcli/auth/schannel_state_tdb.c:121(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/ISEAPPL
[2018/06/13 16:12:58.521235, 3]
../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [NETLOGON,ServerAuthenticate] user [EXAMPLE]\[ISEAPPL$] at [Wed,
13 Jun 2018 16:12:58.521173 IST] with [HMAC-MD5] status [NT_STATUS_OK]
workstation [(null)] remote host [ipv4:192.168.100.40:62133] became
[EXAMPLE]\[ISEAPPL$] [S-1-5-21-3209396036-1574839989-2322605064-1124].
local host [ipv4:192.168.100.26:445] NETLOGON computer [ISEAPPL] trust
account [ISEAPPL$]
[2018/06/13 16:12:58.524348, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: dcesrv_fault_disconnect'
[2018/06/13 16:12:58.524484, 2]
../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[dcesrv: dcesrv_fault_disconnect]
[2018/06/13 16:12:58.542045, 2]
../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 12955 () exited with status 0
[2018/06/13 16:12:58.562075, 3]
../libcli/auth/schannel_state_tdb.c:360(schannel_store_challenge_tdb)
schannel_store_challenge_tdb: stored challenge info for 'ISEAPPL'
with key CHALLENGE/cc
[2018/06/13 16:12:58.584001, 3]
../libcli/auth/schannel_state_tdb.c:121(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/ISEAPPL
[2018/06/13 16:12:58.584165, 3]
../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [NETLOGON,ServerAuthenticate] user [EXAMPLE]\[ISEAPPL$] at [Wed,
13 Jun 2018 16:12:58.584107 IST] with [HMAC-MD5] status [NT_STATUS_OK]
workstation [(null)] remote host [ipv4:192.168.100.40:62133] became
[EXAMPLE]\[ISEAPPL$] [S-1-5-21-3209396036-1574839989-2322605064-1124].
local host [ipv4:192.168.100.26:445] NETLOGON computer [ISEAPPL] trust
account [ISEAPPL$]
[2018/06/13 16:12:58.589893, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: dcesrv_fault_disconnect'
[2018/06/13 16:12:58.590071, 2]
../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[dcesrv: dcesrv_fault_disconnect]
[2018/06/13 16:12:58.609884, 2]
../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 12956 () exited with status 0
[2018/06/13 16:12:58.620708, 3]
../libcli/auth/schannel_state_tdb.c:360(schannel_store_challenge_tdb)
schannel_store_challenge_tdb: stored challenge info for 'ISEAPPL'
with key CHALLENGE/cc
[2018/06/13 16:12:58.625361, 3]
../libcli/auth/schannel_state_tdb.c:121(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/ISEAPPL
[2018/06/13 16:12:58.625485, 3]
../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [NETLOGON,ServerAuthenticate] user [EXAMPLE]\[ISEAPPL$] at [Wed,
13 Jun 2018 16:12:58.625439 IST] with [HMAC-MD5] status [NT_STATUS_OK]
workstation [(null)] remote host [ipv4:192.168.100.40:62133] became
[EXAMPLE]\[ISEAPPL$] [S-1-5-21-3209396036-1574839989-2322605064-1124].
local host [ipv4:192.168.100.26:445] NETLOGON computer [ISEAPPL] trust
account [ISEAPPL$]
[2018/06/13 16:12:58.628539, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: dcesrv_fault_disconnect'
[2018/06/13 16:12:58.628725, 2]
../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[dcesrv: dcesrv_fault_disconnect]
[2018/06/13 16:12:58.648041, 2]
../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 12957 () exited with status 0
[2018/06/13 16:13:11.409977, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on
DC=DomainDnsZones,DC=example,DC=com using filter (uSNChanged>=5275)
[2018/06/13 16:13:11.413251, 3]
../source4/rpc_server/drsuapi/getncchanges.c:2822(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for ebe5bcd2-1d05-493b-a482-00b5f91f0da1
[2018/06/13 16:13:11.414283, 2]
../source4/rpc_server/drsuapi/getncchanges.c:3006(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 5275 flags 0x80000074 on
<GUID=29d6d5f5-1e87-427b-8e84-e978c1725c5a>;DC=DomainDnsZones,DC=example,DC=com
gave 0 objects (done 0/0) 0 links (done 0/0 (as
S-1-5-21-3209396036-1574839989-2322605064-1104))
[2018/06/13 16:13:11.471996, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on
DC=ForestDnsZones,DC=example,DC=com using filter (uSNChanged>=5275)
[2018/06/13 16:13:11.474085, 3]
../source4/rpc_server/drsuapi/getncchanges.c:2822(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for ebe5bcd2-1d05-493b-a482-00b5f91f0da1
[2018/06/13 16:13:11.475036, 2]
../source4/rpc_server/drsuapi/getncchanges.c:3006(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 5275 flags 0x80000074 on
<GUID=c223adac-9a39-4be5-9ba1-6c8c09b13788>;DC=ForestDnsZones,DC=example,DC=com
gave 0 objects (done 0/0) 0 links (done 0/0 (as
S-1-5-21-3209396036-1574839989-2322605064-1104))
[2018/06/13 16:13:11.532511, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on
CN=Schema,CN=Configuration,DC=example,DC=com using filter (uSNChanged>=5275)
[2018/06/13 16:13:11.565453, 3]
../source4/rpc_server/drsuapi/getncchanges.c:2822(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for ebe5bcd2-1d05-493b-a482-00b5f91f0da1
[2018/06/13 16:13:11.566236, 2]
../source4/rpc_server/drsuapi/getncchanges.c:3006(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 5275 flags 0x80000074 on
<GUID=9917b04c-be53-4231-adb1-5a2e832ef106>;CN=Schema,CN=Configuration,DC=example,DC=com
gave 0 objects (done 0/0) 0 links (done 0/0 (as
S-1-5-21-3209396036-1574839989-2322605064-1104))
[2018/06/13 16:13:11.617249, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on
CN=Configuration,DC=example,DC=com using filter (uSNChanged>=5275)
[2018/06/13 16:13:11.641910, 3]
../source4/rpc_server/drsuapi/getncchanges.c:2822(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for ebe5bcd2-1d05-493b-a482-00b5f91f0da1
[2018/06/13 16:13:11.642523, 2]
../source4/rpc_server/drsuapi/getncchanges.c:3006(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 5275 flags 0x80000074 on
<GUID=acf4c22d-2a78-4abb-89be-cf26883fc442>;CN=Configuration,DC=example,DC=com
gave 0 objects (done 0/0) 0 links (done 0/0 (as
S-1-5-21-3209396036-1574839989-2322605064-1104))
[2018/06/13 16:13:11.693102, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on
DC=example,DC=com using filter (uSNChanged>=5275)
[2018/06/13 16:13:11.701136, 3]
../source4/rpc_server/drsuapi/getncchanges.c:2822(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for ebe5bcd2-1d05-493b-a482-00b5f91f0da1
[2018/06/13 16:13:11.701949, 2]
../source4/rpc_server/drsuapi/getncchanges.c:3006(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 5275 flags 0x80000074 on
<GUID=ea173018-cadb-4f3f-9502-20a48823f0d6>;<SID=S-1-5-21-3209396036-1574839989-2322605064>;DC=example,DC=com
gave 0 objects (done 0/0) 0 links (done 0/0 (as
S-1-5-21-3209396036-1574839989-2322605064-1104))
[2018/06/13 16:13:28.198184, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT'
[2018/06/13 16:13:28.198848, 2]
../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT]
[2018/06/13 16:13:28.207854, 2]
../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 12930 () exited with status 0
[2018/06/13 16:13:28.305493, 3]
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
ldb_wrap open of secrets.ldb__
**_**_**_
--
Thanks & Regards,
Anantha Raghava
Do not print this e-mail unless required. Save Paper & trees.
More information about the samba
mailing list