[Samba] Samba share not working: getpwuid(1000) failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFUL
Christopher Cox
chriscox at endlessnow.com
Tue Nov 26 23:16:43 UTC 2019
On 11/26/19 4:54 PM, jillelaine via samba wrote:
> I have a small home network with server and 5 clients all on an internal
> LAN with private IPs.
>
> Samba, Version 4.7.6-Ubuntu, file sharing is not working on the server
> for any of the 5 clients. I have tried both mount.cifs and smbclient.
> The same errors are thrown in the server's samba logs for all connection
> attempts, regardless of how the client tries to connect: getpwuid(1000)
> failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFUL
I reported a cifs bug for CentOs https://bugs.centos.org/view.php?id=16552
For CentOs, a kernel that came in 7.5 or thereabout broke cifs for doing
cifs mounts). I had to roll the kernel back. It was still broken last
time I tried to do an update.
>
> Below is some data. Please tell me what else is needed to help diagnose
> this problem. Thank you for your help.
> ---------------------------
> SERVER - jazz
> Kubuntu VERSION="18.04.3 LTS (Bionic Beaver)"
> Samba, Version 4.7.6-Ubuntu
>
> Shared directory 'samba' and permissions
> drwxr-xr-x 4 root sambashare 4096 Nov 25 16:04 samba
> --------------------------
> Contents of 'samba' directory
> drwxr-xr-x 4 root sambashare 4096 Nov 25 16:04 .
> drwxr-xr-x 25 root root 4096 Nov 25 15:57 ..
> drwxrws--- 2 root sambashare 4096 Nov 25 16:04 users
> ---------------------------
> smb.conf
> [global]
> workgroup = WORKGROUP
> server string = %h server (Samba, Ubuntu)
> dns proxy = no
> root directory = /samba
> log file = /var/log/samba/log.%m
> max log size = 1000
> log level = 3
> panic action = /usr/share/samba/panic-action %d
> server role = standalone server
> passdb backend = tdbsam
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> map to guest = bad user
> usershare allow guests = yes
> guest account = jj
>
> [users]
> comment = Our Jazz Files
> path = /samba/users
> browseable = yes
> read only = no
> create mask = 0775
> directory mask = 0775
> guest ok = yes
>
> ---------------------------
> testparm -s
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[users]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
>
> # Global parameters
> [global]
> dns proxy = No
> guest account = jj
> log file = /var/log/samba/log.%m
> map to guest = Bad User
> max log size = 1000
> obey pam restrictions = Yes
> pam password change = Yes
> panic action = /usr/share/samba/panic-action %d
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd program = /usr/bin/passwd %u
> root directory = /samba
> server role = standalone server
> server string = %h server (Samba, Ubuntu)
> unix password sync = Yes
> usershare allow guests = Yes
> idmap config * : backend = tdb
>
> [users]
> comment = Our Jazz Files
> create mask = 0775
> directory mask = 0775
> guest ok = Yes
> path = /samba/users
> read only = No
>
> ---------------------------
> FIVE CLIENTS
> clients 1 & 2:
> Kubuntu - upgraded from Kubuntu 16.04 to 18.04
>
> client 3:
> Kubuntu - fresh install of 18.04
>
> client 4:
> Windows 7
>
> client 5:
> Android tablet
> ---------------------------
>
> Example from CLIENT 1:
> frazz at frazzle3:~$ sudo mount -t cifs //jazz/users /mnt/jazz --verbose -o
> user=jj,pass=******
> mount.cifs kernel mount options:
> ip=192.168.1.30,unc=\\jazz\users,user=jj,pass=********
> mount error(5): Input/output error
>
> or
>
> frazz at frazzle3:~$ smbclient -L jazz -U jj
> WARNING: The "syslog" option is deprecated
> Enter WORKGROUP\jj's password:
> session setup failed: NT_STATUS_UNSUCCESSFUL
>
> ---and in the server log for the failed connection----
>
> [2019/11/26 22:41:31.809461, 1]
> ../source3/smbd/process.c:4045(smbd_process)
> smbd_process: Changed root to /samba
> [2019/11/26 22:41:31.809601, 3]
> ../source3/smbd/oplock.c:1340(init_oplocks)
> init_oplocks: initializing messages.
> [2019/11/26 22:41:31.809792, 3]
> ../source3/smbd/process.c:1959(process_smb)
> Transaction 0 of length 110 (0 toread)
> [2019/11/26 22:41:31.810629, 0]
> ../lib/util/debug.c:1053(reopen_logs_internfrazz at frazzle3:~$ smbclient
> -L jazz -U jj
> WARNING: The "syslog" option is deprecated
> Enter WORKGROUP\jj's password:
> session setup failed: NT_STATUS_UNSUCCESSFUL
> al)
> Unable to open new log file '/var/log/samba/log.192.168.1.127': No
> such file or directory
> [2019/11/26 22:41:31.810833, 3]
> ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
> Selected protocol SMB3_02
> [2019/11/26 22:41:31.813294, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name jazz
> (flags 34) [System error]
> [2019/11/26 22:41:31.813394, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
> [2019/11/26 22:41:31.813611, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name jazz
> (flags 34) [System error]
> [2019/11/26 22:41:31.813682, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
> [2019/11/26 22:41:31.813824, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_spnego' registered
> [2019/11/26 22:41:31.813893, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5' registered
> [2019/11/26 22:41:31.813962, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5_sasl' registered
> [2019/11/26 22:41:31.814028, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'spnego' registered
> [2019/11/26 22:41:31.814093, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'schannel' registered
> [2019/11/26 22:41:31.814157, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'naclrpc_as_system' registered
> [2019/11/26 22:41:31.814222, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'sasl-EXTERNAL' registered
> [2019/11/26 22:41:31.814343, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp' registered
> [2019/11/26 22:41:31.814409, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp_resume_ccache' registered
> [2019/11/26 22:41:31.814464, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_basic' registered
> [2019/11/26 22:41:31.814519, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_ntlm' registered
> [2019/11/26 22:41:31.815812, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name jazz
> (flags 34) [System error]
> [2019/11/26 22:41:31.815891, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
> [2019/11/26 22:41:31.816098, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name jazz
> (flags 34) [System error]
> [2019/11/26 22:41:31.816163, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
> [2019/11/26 22:41:31.816488, 3]
> ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
> Got NTLMSSP neg_flags=0xe0080225
> [2019/11/26 22:41:31.817488, 3]
> ../auth/ntlmssp/ntlmssp_server.c:454(ntlmssp_server_preauth)
> Got user=[jj] domain=[] workstationfrazz at frazzle3:~$ smbclient -L
> jazz -U jj
> WARNING: The "syslog" option is deprecated
> Enter WORKGROUP\jj's password:
> session setup failed: NT_STATUS_UNSUCCESSFUL
> =[] len1=0 len2=96
> [2019/11/26 22:41:31.817594, 3]
> ../source3/param/loadparm.c:3860(lp_load_ex)
> lp_load_ex: refreshing parameters
> [2019/11/26 22:41:31.817759, 3]
> ../source3/param/loadparm.c:549(init_globals)
> Initialising global parameters
> [2019/11/26 22:41:31.817998, 3]
> ../source3/param/loadparm.c:1609(lp_add_ipc)
> adding IPC service
> [2019/11/26 22:41:31.818088, 3]
> ../source3/auth/auth.c:189(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user []\[jj]@[]
> with the new password interface
> [2019/11/26 22:41:31.818146, 3]
> ../source3/auth/auth.c:192(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: []\[jj]@[]
> [2019/11/26 22:41:31.818624, 3]
> ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
> Forcing Primary Group to 'Domain Users' for jj
> [2019/11/26 22:41:31.819171, 3]
> ../source3/auth/auth.c:256(auth_check_ntlm_password)
> auth_check_ntlm_password: sam_ignoredomain authentication for user
> [jj] succeeded
> [2019/11/26 22:41:31.819345, 3]
> ../auth/auth_log.c:760(log_authentication_event_human_readable)
> Auth: [SMB2,(null)] user []\[jj] at [Tue, 26 Nov 2019 22:41:31.819276
> UTC] with [NTLMv2] status [NT_STATUS_OK] workstation [] remote host
> [ipv4:192.168.1.127:60146] became [JAZZ]\[jj]
> [S-1-5-21-1867908843-1086420462-4022543744-1002]. local host
> [ipv4:192.168.1.30:445]
> [2019/11/26 22:41:31.819795, 3] ../auth/auth_log.c:220(log_json)
> JSON Authentication: {"timestamp": "2019-11-26T22:41:31.819531+0000",
> "type": "Authentication", "Authentication": {"version": {"major": 1,
> "minor": 0}, "status": "NT_STATUS_OK", "localAddress":
> "ipv4:192.168.1.30:445", "remoteAddress": "ipv4:192.168.1.127:60146",
> "serviceDescription": "SMB2", "authDescription": null, "clientDomain":
> "", "clientAccount": "jj", "workstation": "", "becameAccount": "jj",
> "becameDomain": "JAZZ", "becameSid":
> "S-1-5-21-1867908843-1086420462-4022543744-1002", "mappedAccount": "jj",
> "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount":
> null, "netlogonNegotiateFlags": "0x00000000",
> "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)",
> "passwordType": "NTLMv2"}}
> [2019/11/26 22:41:31.819889, 2]
> ../source3/auth/auth.c:314(auth_check_ntlm_password)
> check_ntlm_password: authentication for user [jj] -> [jj] -> [jj]
> succeeded
> [2019/11/26 22:41:31.820261, 1]
> ../source3/auth/token_util.c:442(add_local_groups)
> SID S-1-5-21-1867908843-1086420462-4022543744-1002 -> getpwuid(1000)
> failed
> [2019/11/26 22:41:31.820339, 3]
> ../source3/auth/token_util.c:328(create_local_nt_token_from_info3)
> Failed to finalize nt token
> [2019/11/26 22:41:31.820425, 3]
> ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_sesssetup.c:134
> [2019/11/26 22:41:31.956312, 3]
> ../source3/smbd/server_exit.c:244(exit_server_common)
> Server exit (NT_STATUS_END_OF_FILE)
>
>
>
>
>
More information about the samba
mailing list