[Samba] AD integration issues
Jagga Soorma
jagga13 at gmail.com
Fri Sep 14 21:58:20 UTC 2018
Hello,
I have a CentOS 7 system configured as a samba server using ADS
security. I am able to get users to login from PC's that are part of
the AD domain but users coming from systems that are not part of the
AD domain are not able to access the smb shares. Here is more
information about the enviornment and issue:
--
# rpm -qa | grep -i samba
samba-client-4.6.2-12.el7_4.x86_64
samba-4.6.2-12.el7_4.x86_64
samba-common-libs-4.6.2-12.el7_4.x86_64
samba-winbind-4.6.2-12.el7_4.x86_64
samba-winbind-modules-4.6.2-12.el7_4.x86_64
samba-libs-4.6.2-12.el7_4.x86_64
samba-common-4.6.2-12.el7_4.noarch
samba-common-tools-4.6.2-12.el7_4.x86_64
samba-client-libs-4.6.2-12.el7_4.x86_64
[global]
security = ADS
realm = DOMAIN_FQDN
workgroup = DOMAINX
netbios name = systemx
auth methods = guest, sam, winbind, ntdomain
machine password timeout = 0
passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb
kerberos method = secrets and keytab
map untrusted to domain = Yes
server signing = auto
client ntlmv2 auth = yes
client use spnego = yes
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
idmap cache time = 0
idmap config * : backend = tdb
idmap config * : range = 1000 - 200000000
idmap config * : base_tdb = 0
enable core files = false
syslog = 0
log file = /var/log/samba/log.%m
log level = 3
max log size = 50
[data]
comment = Local data
path = /opt/test/data/
valid users = userx
public = no
writeable = yes
browseable = yes
smb error:
[2018/09/14 10:42:45.698030, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62888215
[2018/09/14 10:42:45.722429, 3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
Got user=[user1] domain=[DOMAIN] workstation=[USER1-2VFVH5-2] len1=24 len2=238
[2018/09/14 10:42:45.722532, 3] ../source3/param/loadparm.c:3823(lp_load_ex)
lp_load_ex: refreshing parameters
[2018/09/14 10:42:45.722647, 3] ../source3/param/loadparm.c:542(init_globals)
Initialising global parameters
[2018/09/14 10:42:45.722800, 3] ../source3/param/loadparm.c:2752(lp_do_section)
Processing section "[global]"
[2018/09/14 10:42:45.723210, 1]
../lib/param/loadparm.c:1770(lpcfg_do_global_parameter)
WARNING: The "syslog" option is deprecated
[2018/09/14 10:42:45.723258, 2] ../source3/param/loadparm.c:2769(lp_do_section)
Processing section "[topspin-data]"
[2018/09/14 10:42:45.723438, 3] ../source3/param/loadparm.c:1592(lp_add_ipc)
adding IPC service
[2018/09/14 10:42:45.724249, 3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[DOMAIN]\[user1]@[USER1-2VFVH5-2] with the new password interface
[2018/09/14 10:42:45.724310, 3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [DOMAIN]\[user1]@[USER1-2VFVH5-2]
[2018/09/14 10:42:45.725035, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2018/09/14 10:42:50.743503, 3] ../source3/libads/ldap.c:618(ads_connect)
Successfully contacted LDAP server 10.36.241.108
[2018/09/14 10:42:50.743611, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2018/09/14 10:42:50.750094, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2018/09/14 10:42:50.759071, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name
sys3.domain.xx.com (flags 0) [Name or service not known]
[2018/09/14 10:42:50.762487, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name
sys1.domain.xx.com (flags 0) [Name or service not known]
[2018/09/14 10:42:50.769100, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name
sys2.domain.xx.com (flags 0) [Name or service not known]
[2018/09/14 10:42:50.774346, 3]
../source3/lib/util_sock.c:515(open_socket_out_send)
Connecting to 10.36.241.108 at port 445
[2018/09/14 10:42:50.782810, 3]
../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
[2018/09/14 10:42:50.790827, 3]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
Got challenge flags:
[2018/09/14 10:42:50.790878, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2018/09/14 10:42:50.790959, 3]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2018/09/14 10:42:50.790984, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.791018, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2018/09/14 10:42:50.791042, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.793014, 3]
../source3/libsmb/cliconnect.c:1670(cli_session_setup_creds_done_spnego)
SPNEGO login failed: The request is not supported.
[2018/09/14 10:42:50.793741, 3]
../source3/lib/util_sock.c:515(open_socket_out_send)
Connecting to 10.36.241.108 at port 445
[2018/09/14 10:42:50.799803, 3]
../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
[2018/09/14 10:42:50.802540, 3]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
Got challenge flags:
[2018/09/14 10:42:50.802591, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2018/09/14 10:42:50.802657, 3]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2018/09/14 10:42:50.802680, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.802765, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2018/09/14 10:42:50.802825, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.805115, 3]
../source3/libsmb/cliconnect.c:1670(cli_session_setup_creds_done_spnego)
SPNEGO login failed: The request is not supported.
[2018/09/14 10:42:50.805771, 3]
../source3/lib/util_sock.c:515(open_socket_out_send)
Connecting to 10.36.241.108 at port 445
[2018/09/14 10:42:50.818209, 3]
../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
[2018/09/14 10:42:50.821149, 3]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
Got challenge flags:
[2018/09/14 10:42:50.821200, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2018/09/14 10:42:50.821251, 3]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2018/09/14 10:42:50.821271, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.821289, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2018/09/14 10:42:50.821331, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.823274, 3]
../source3/libsmb/cliconnect.c:1670(cli_session_setup_creds_done_spnego)
SPNEGO login failed: The request is not supported.
[2018/09/14 10:42:50.823505, 0]
../source3/auth/auth_domain.c:185(domain_client_validate)
domain_client_validate: Domain password server not available.
[2018/09/14 10:42:50.823540, 2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [user1] -> [user1]
FAILED with error NT_STATUS_NOT_SUPPORTED
[2018/09/14 10:42:50.823584, 2]
../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NOT_SUPPORTED
[2018/09/14 10:42:50.823705,
3]../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NOT_SUPPORTED] || at
../source3/smbd/smb2_sesssetup.c:134
[2018/09/14 10:42:50.861167, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62888215
[2018/09/14 10:42:50.885503, 3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
Got user=[user1] domain=[DOMAIN] workstation=[USER1-2VFVH5-2] len1=24 len2=238
[2018/09/14 10:42:50.885583, 3] ../source3/param/loadparm.c:3823(lp_load_ex)
lp_load_ex: refreshing parameters
[2018/09/14 10:42:50.885702, 3] ../source3/param/loadparm.c:542(init_globals)
Initialising global parameters
[2018/09/14 10:42:50.885879, 3] ../source3/param/loadparm.c:2752(lp_do_section)
Processing section "[global]"
[2018/09/14 10:42:50.886268, 1]
../lib/param/loadparm.c:1770(lpcfg_do_global_parameter)
WARNING: The "syslog" option is deprecated
[2018/09/14 10:42:50.886336, 2] ../source3/param/loadparm.c:2769(lp_do_section)
Processing section "[topspin-data]"
[2018/09/14 10:42:50.886510, 3] ../source3/param/loadparm.c:1592(lp_add_ipc)
adding IPC service
[2018/09/14 10:42:50.886815, 3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[DOMAIN]\[user1]@[USER1-2VFVH5-2] with the new password interface
[2018/09/14 10:42:50.886848, 3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [DOMAIN]\[user1]@[USER1-2VFVH5-2]
[2018/09/14 10:42:50.887490, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2018/09/14 10:42:50.889618, 3] ../source3/libads/ldap.c:618(ads_connect)
Successfully contacted LDAP server 10.36.241.108
[2018/09/14 10:42:50.889708, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2018/09/14 10:42:50.896439, 3] ../source3/libsmb/namequery.c:3160(get_dc_list)
get_dc_list: preferred server list: ", *"
[2018/09/14 10:42:50.909971, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name
sys1.domain.xx.com (flags 0) [Name or service not known]
[2018/09/14 10:42:50.913371, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name
sys2.domain.xx.com (flags 0) [Name or service not known]
[2018/09/14 10:42:50.914733, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name
sys3.domain.xx.com (flags 0) [Name or service not known]
[2018/09/14 10:42:50.919404, 3]
../source3/lib/util_sock.c:515(open_socket_out_send)
Connecting to 10.36.241.108 at port 445
[2018/09/14 10:42:50.925657, 3]
../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
[2018/09/14 10:42:50.928222, 3]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
Got challenge flags:
[2018/09/14 10:42:50.928275, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2018/09/14 10:42:50.928395, 3]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2018/09/14 10:42:50.928427, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.928448, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2018/09/14 10:42:50.928468, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.930364, 3]
../source3/libsmb/cliconnect.c:1670(cli_session_setup_creds_done_spnego)
SPNEGO login failed: The request is not supported.
[2018/09/14 10:42:50.930986, 3]
../source3/lib/util_sock.c:515(open_socket_out_send)
Connecting to 10.36.241.108 at port 445
[2018/09/14 10:42:50.936178, 3]
../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
[2018/09/14 10:42:50.938455, 3]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
Got challenge flags:
[2018/09/14 10:42:50.938501, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2018/09/14 10:42:50.938546, 3]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2018/09/14 10:42:50.938563, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.938579, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2018/09/14 10:42:50.938652, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.940613, 3]
../source3/libsmb/cliconnect.c:1670(cli_session_setup_creds_done_spnego)
SPNEGO login failed: The request is not supported.
[2018/09/14 10:42:50.941187, 3]
../source3/lib/util_sock.c:515(open_socket_out_send)
Connecting to 10.36.241.108 at port 445
[2018/09/14 10:42:50.946423, 3]
../source3/libsmb/cliconnect.c:271(cli_session_creds_prepare_krb5)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
[2018/09/14 10:42:50.949509, 3]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
Got challenge flags:
[2018/09/14 10:42:50.949562, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62898215
[2018/09/14 10:42:50.949613, 3]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
NTLMSSP: Set final flags:
[2018/09/14 10:42:50.949633, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.949651, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2018/09/14 10:42:50.949671, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62008a15
[2018/09/14 10:42:50.951526, 3]
../source3/libsmb/cliconnect.c:1670(cli_session_setup_creds_done_spnego)
SPNEGO login failed: The request is not supported.
[2018/09/14 10:42:50.951723, 0]
../source3/auth/auth_domain.c:185(domain_client_validate)
domain_client_validate: Domain password server not available.
[2018/09/14 10:42:50.951757, 2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [user1] -> [user1]
FAILED with error NT_STATUS_NOT_SUPPORTED
[2018/09/14 10:42:50.951786, 2]
../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NOT_SUPPORTED
[2018/09/14 10:42:50.951864, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NOT_SUPPORTED] || at
../source3/smbd/smb2_sesssetup.c:134
--
Any help with this would be greatly appreciated!
Thanks
More information about the samba
mailing list