[Samba] smbclient oddness
Grant Petersen
grant.petersen at genericproducts.net
Wed May 20 02:35:57 UTC 2020
Client side:
----------------------Good one ------------------------------
[grant.petersen at orgonon ~]$ smbclient -L gnabregib -d9 -U
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
smb2: 9
smb2_credits: 9
dsdb_audit: 9
dsdb_json_audit: 9
dsdb_password_audit: 9
dsdb_password_json_audit: 9
dsdb_transaction_audit: 9
dsdb_transaction_json_audit: 9
dsdb_group_audit: 9
dsdb_group_json_audit: 9
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
smb2: 9
smb2_credits: 9
dsdb_audit: 9
dsdb_json_audit: 9
dsdb_password_audit: 9
dsdb_password_json_audit: 9
dsdb_transaction_audit: 9
dsdb_transaction_json_audit: 9
dsdb_group_audit: 9
dsdb_group_json_audit: 9
Processing section "[global]"
doing parameter workgroup = genericproducts
doing parameter security = user
doing parameter passdb backend = tdbsam
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255
netmask=255.255.255.0
added interface enp2s0 ip=192.168.168.13 bcast=192.168.168.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="ORGONON"
Client started (version 4.12.2).
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: No stored sitename for realm ''
name gnabregib#20 found.
Connecting to 192.168.168.125 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB3_11] against server[gnabregib]
Enter GENERICPRODUCTS\grant.petersen's password:
cli_session_setup_spnego_send: Connect to gnabregib as
grant.petersen at GENERICPRODUCTS using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
smb_gss_krb5_import_cred ccache[KEYRING:persistent:1000:1000] failed
with [Unspecified GSS failure. Minor code may provide more
information: No credentials cache found] -the caller may retry after a
kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_SERVER
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
short string '', sent with NULL termination despite NOTERM flag in IDL
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
session setup ok
signed SMB2 message
tconx ok
Sharename Type Comment
--------- ---- -------
Bind RPC Pipe: host gnabregib auth_type 0, auth_level 1
rpc_api_pipe: host gnabregib
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host gnabregib
rpc_read_send: data_to_read: 524
tmp Disk Temporary file space
media Disk Media server file space
apps Disk
backups Disk
www Disk
IPC$ IPC IPC Service (Genericproducts samba
server)
SMB1 disabled -- no workgroup available
-----------------------bad one ------------------------------
[grant.petersen at orgonon ~]$ smbclient -L gnabregib -d9 -
Ugrant.petersen
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
smb2: 9
smb2_credits: 9
dsdb_audit: 9
dsdb_json_audit: 9
dsdb_password_audit: 9
dsdb_password_json_audit: 9
dsdb_transaction_audit: 9
dsdb_transaction_json_audit: 9
dsdb_group_audit: 9
dsdb_group_json_audit: 9
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
smb2: 9
smb2_credits: 9
dsdb_audit: 9
dsdb_json_audit: 9
dsdb_password_audit: 9
dsdb_password_json_audit: 9
dsdb_transaction_audit: 9
dsdb_transaction_json_audit: 9
dsdb_group_audit: 9
dsdb_group_json_audit: 9
Processing section "[global]"
doing parameter workgroup = genericproducts
doing parameter security = user
doing parameter passdb backend = tdbsam
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255
netmask=255.255.255.0
added interface enp2s0 ip=192.168.168.13 bcast=192.168.168.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="ORGONON"
Client started (version 4.12.2).
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: No stored sitename for realm ''
name gnabregib#20 found.
Connecting to 192.168.168.125 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB3_11] against server[gnabregib]
Enter GENERICPRODUCTS\grant.petersen's password:
cli_session_creds_prepare_krb5: Doing kinit for
grant.petersen at GENERICPRODUCTS to access gnabregib
Kinit for grant.petersen at GENERICPRODUCTS to access gnabregib failed:
Cannot find KDC for requested realm
cli_session_setup_spnego_send: Connect to gnabregib as
grant.petersen at GENERICPRODUCTS using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
smb_gss_krb5_import_cred ccache[MEMORY:cliconnect] failed with
[Unspecified GSS failure. Minor code may provide more information: No
credentials cache found] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
Starting GENSEC submechanism ntlmssp
SPNEGO login failed: The transport connection is now disconnected.
session setup failed: NT_STATUS_CONNECTION_DISCONNECTED
---------------------------end of bad one-----------------------------
Server side - Log level set to 5
--------------------------Good one--------------------------------
[2020/05/20 14:28:30.891734, 2]
../../source3/lib/tallocmsg.c:87(register_msg_pool_usage)
Registered MSG_REQ_POOL_USAGE
[2020/05/20 14:28:30.891902, 5]
../../source3/passdb/pdb_interface.c:155(make_pdb_method_name)
Attempting to find a passdb backend to match tdbsam (tdbsam)
[2020/05/20 14:28:30.891954, 5]
../../source3/passdb/pdb_interface.c:176(make_pdb_method_name)
Found pdb backend tdbsam
[2020/05/20 14:28:30.892092, 5]
../../source3/passdb/pdb_interface.c:187(make_pdb_method_name)
pdb backend tdbsam has a valid init
[2020/05/20 14:28:30.892282, 5]
../../lib/util/util_net.c:1055(print_socket_options)
Socket options:
SO_KEEPALIVE = 1
SO_REUSEADDR = 1
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 1
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
[2020/05/20 14:28:30.892612, 5]
../../lib/util/util_net.c:1055(print_socket_options)
Socket options:
SO_KEEPALIVE = 1
SO_REUSEADDR = 1
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 1
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
[2020/05/20 14:28:30.893042, 3]
../../lib/util/access.c:369(allow_access)
Allowed connection from 192.168.168.13 (192.168.168.13)
[2020/05/20 14:28:30.893164, 5]
../../lib/util/debug.c:808(debug_dump_status)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
---------------------Bad one------------------------------
[2020/05/20 14:31:19.628566, 2]
../../source3/lib/tallocmsg.c:87(register_msg_pool_usage)
Registered MSG_REQ_POOL_USAGE
[2020/05/20 14:31:19.628737, 5]
../../source3/passdb/pdb_interface.c:155(make_pdb_method_name)
Attempting to find a passdb backend to match tdbsam (tdbsam)
[2020/05/20 14:31:19.628789, 5]
../../source3/passdb/pdb_interface.c:176(make_pdb_method_name)
Found pdb backend tdbsam
[2020/05/20 14:31:19.628926, 5]
../../source3/passdb/pdb_interface.c:187(make_pdb_method_name)
pdb backend tdbsam has a valid init
[2020/05/20 14:31:19.629100, 5]
../../lib/util/util_net.c:1055(print_socket_options)
Socket options:
SO_KEEPALIVE = 1
SO_REUSEADDR = 1
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 1
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
[2020/05/20 14:31:19.629454, 5]
../../lib/util/util_net.c:1055(print_socket_options)
Socket options:
SO_KEEPALIVE = 1
SO_REUSEADDR = 1
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 1
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
[2020/05/20 14:31:19.629867, 3]
../../lib/util/access.c:369(allow_access)
Allowed connection from 192.168.168.13 (192.168.168.13)
[2020/05/20 14:31:19.629993, 5]
../../lib/util/debug.c:808(debug_dump_status)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
---------------------end of bad one---------------------
On Wed, 2020-05-20 at 14:12 +1200, Andrew Bartlett wrote:
> Are there any logs on the client or server at a higher log level?
>
> Andrew Bartlett
>
> On Wed, 2020-05-20 at 12:39 +1200, Grant Petersen via samba wrote:
> > I forgot to mention that using the smbclient option
> >
> > -A /etc/cred/authfile
> >
> > behaves the same way as attempting to manually enter the password
> > on
> > the command line; failing in 4.12.2 and working in 4.11.0
> >
> > Thanks, Grant.
> >
> > On Wed, 2020-05-20 at 12:00 +1200, Grant Petersen wrote:
> > > Hi all.
> > >
> > > I have had this apparently inconsistent behavior in smbclinet
> > > since, around 4.11.(6?). 4.11.0 seems fine.
> > > I am on fedora 31 so I have just been keeping smbclient at 4.11.0
> > > but
> > > that is not an option in stock fedora 32 which I would like to
> > > use
> > > now.
> > > My main problem with it is that it seems to be stopping automount
> > > working on samba shares of Fed32 clients.
> > >
> > > Any suggestions welcome...
> > >
> > >
> > > This works:
> > >
> > > [grant.petersen at orgonon ~]$ smbclient -L gnabregib -U
> > > Enter GENERICPRODUCTS\grant.petersen's password:
> > >
> > > Sharename Type Comment
> > > --------- ---- -------
> > > tmp Disk Temporary file space
> > > media Disk Media server file space
> > > apps Disk
> > > backups Disk
> > > www Disk
> > > IPC$ IPC IPC Service (Genericproducts
> > > samba
> > > server)
> > > SMB1 disabled -- no workgroup available
> > >
> > >
> > > This should work exactly the same? The password prompt seems
> > > exactly
> > > the same.
> > >
> > > [grant.petersen at orgonon ~]$ smbclient -L gnabregib -
> > > Ugrant.petersen
> > > Enter GENERICPRODUCTS\grant.petersen's password:
> > > session setup failed: NT_STATUS_CONNECTION_DISCONNECTED
> > >
> > > but times out after about 1 minute to give the above error.
> > >
> > > Confirming account name and version
> > >
> > > [grant.petersen at orgonon ~]$ whoami
> > > grant.petersen
> > > [grant.petersen at orgonon ~]$ smbclient -V
> > > Version 4.12.2
> > >
> > > Interestingly using the ip address of the server instead of the
> > > host
> > > name and providing the user name on the command line works.
> > >
> > > grant.petersen at orgonon ~]$ smbclient -L 192.168.XXX.YYY -
> > > Ugrant.petersen
> > > Enter GENERICPRODUCTS\grant.petersen's password:
> > >
> > > Sharename Type Comment
> > > --------- ---- -------
> > > tmp Disk Temporary file space
> > > media Disk Media server file space
> > > apps Disk
> > > backups Disk
> > > www Disk
> > > IPC$ IPC IPC Service (Genericproducts
> > > samba
> > > server)
> > > SMB1 disabled -- no workgroup available
> > >
> > >
> > > Server :
> > > [grant.petersen at gnabregib ~]$ smbd -V
> > > Version 4.12.2
> > > grant.petersen at gnabregib ~]$ cat /etc/samba/smb.conf
> > > [global]
> > > workgroup = genericproducts
> > > server string = Genericproducts samba server
> > > log file = /var/log/samba/%m.log
> > > max log size = 2000
> > > log level = 1
> > > server role = standalone
> > > security = user
> > > guest ok = yes
> > > guest account = xxxxxxxxx
> > > create mask = 0664
> > > directory mask = 0775
> > > force create mode = 0664
> > > force directory mode = 0775
> > > client min protocol = smb2_02
> > > server min protocol = smb2_02
> > >
> > >
> >
> > --
> > Grant Petersen
> > Email: grant.petersen at genericproducts.net
> >
> >
More information about the samba
mailing list