[Samba] smbclient oddness
Grant Petersen
grant.petersen at genericproducts.net
Wed May 20 03:04:52 UTC 2020
Hi,
these are from the logfile on the server and were in the log file named
192.168.168.13.log
192.168.168.13 is the IP address of the test client orgonon that I have
set up for this.
I have cut two sections from the log and the start at the same point
and seem to be the same until line 162;
I have attached them to this email - hope that sort of this is Ok to
do.
good one
[2020/05/20 14:28:36.463095, 4]
../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal)
bad one
[2020/05/20 14:32:19.689211, 2]
../../source3/smbd/process.c:2888(deadtime_fn)
but that looks like after the timeout so I am still puzzled.
On Wed, 2020-05-20 at 14:12 +1200, Andrew Bartlett wrote:
> Are there any logs on the client or server at a higher log level?
>
> Andrew Bartlett
>
> On Wed, 2020-05-20 at 12:39 +1200, Grant Petersen via samba wrote:
> > I forgot to mention that using the smbclient option
> >
> > -A /etc/cred/authfile
> >
> > behaves the same way as attempting to manually enter the password
> > on
> > the command line; failing in 4.12.2 and working in 4.11.0
> >
> > Thanks, Grant.
> >
> > On Wed, 2020-05-20 at 12:00 +1200, Grant Petersen wrote:
> > > Hi all.
> > >
> > > I have had this apparently inconsistent behavior in smbclinet
> > > since, around 4.11.(6?). 4.11.0 seems fine.
> > > I am on fedora 31 so I have just been keeping smbclient at 4.11.0
> > > but
> > > that is not an option in stock fedora 32 which I would like to
> > > use
> > > now.
> > > My main problem with it is that it seems to be stopping automount
> > > working on samba shares of Fed32 clients.
> > >
> > > Any suggestions welcome...
> > >
> > >
> > > This works:
> > >
> > > [grant.petersen at orgonon ~]$ smbclient -L gnabregib -U
> > > Enter GENERICPRODUCTS\grant.petersen's password:
> > >
> > > Sharename Type Comment
> > > --------- ---- -------
> > > tmp Disk Temporary file space
> > > media Disk Media server file space
> > > apps Disk
> > > backups Disk
> > > www Disk
> > > IPC$ IPC IPC Service (Genericproducts
> > > samba
> > > server)
> > > SMB1 disabled -- no workgroup available
> > >
> > >
> > > This should work exactly the same? The password prompt seems
> > > exactly
> > > the same.
> > >
> > > [grant.petersen at orgonon ~]$ smbclient -L gnabregib -
> > > Ugrant.petersen
> > > Enter GENERICPRODUCTS\grant.petersen's password:
> > > session setup failed: NT_STATUS_CONNECTION_DISCONNECTED
> > >
> > > but times out after about 1 minute to give the above error.
> > >
> > > Confirming account name and version
> > >
> > > [grant.petersen at orgonon ~]$ whoami
> > > grant.petersen
> > > [grant.petersen at orgonon ~]$ smbclient -V
> > > Version 4.12.2
> > >
> > > Interestingly using the ip address of the server instead of the
> > > host
> > > name and providing the user name on the command line works.
> > >
> > > grant.petersen at orgonon ~]$ smbclient -L 192.168.XXX.YYY -
> > > Ugrant.petersen
> > > Enter GENERICPRODUCTS\grant.petersen's password:
> > >
> > > Sharename Type Comment
> > > --------- ---- -------
> > > tmp Disk Temporary file space
> > > media Disk Media server file space
> > > apps Disk
> > > backups Disk
> > > www Disk
> > > IPC$ IPC IPC Service (Genericproducts
> > > samba
> > > server)
> > > SMB1 disabled -- no workgroup available
> > >
> > >
> > > Server :
> > > [grant.petersen at gnabregib ~]$ smbd -V
> > > Version 4.12.2
> > > grant.petersen at gnabregib ~]$ cat /etc/samba/smb.conf
> > > [global]
> > > workgroup = genericproducts
> > > server string = Genericproducts samba server
> > > log file = /var/log/samba/%m.log
> > > max log size = 2000
> > > log level = 1
> > > server role = standalone
> > > security = user
> > > guest ok = yes
> > > guest account = xxxxxxxxx
> > > create mask = 0664
> > > directory mask = 0775
> > > force create mode = 0664
> > > force directory mode = 0775
> > > client min protocol = smb2_02
> > > server min protocol = smb2_02
> > >
> > >
> >
> > --
> > Grant Petersen
> > Email: grant.petersen at genericproducts.net
> >
> >
--
Grant Petersen
Phone: +64 (7) 856 3399
Cell: 022 043 0351
Email: grant.petersen at genericproducts.net
-------------- next part --------------
[grant.petersen at orgonon ~]$ smbclient -L gnabregib -d6 -Ugrant.petersen
INFO: Current debug levels:
all: 6
tdb: 6
printdrivers: 6
lanman: 6
smb: 6
rpc_parse: 6
rpc_srv: 6
rpc_cli: 6
passdb: 6
sam: 6
auth: 6
winbind: 6
vfs: 6
idmap: 6
quota: 6
acls: 6
locking: 6
msdfs: 6
dmapi: 6
registry: 6
scavenger: 6
dns: 6
ldb: 6
tevent: 6
auth_audit: 6
auth_json_audit: 6
kerberos: 6
drs_repl: 6
smb2: 6
smb2_credits: 6
dsdb_audit: 6
dsdb_json_audit: 6
dsdb_password_audit: 6
dsdb_password_json_audit: 6
dsdb_transaction_audit: 6
dsdb_transaction_json_audit: 6
dsdb_group_audit: 6
dsdb_group_json_audit: 6
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 6
tdb: 6
printdrivers: 6
lanman: 6
smb: 6
rpc_parse: 6
rpc_srv: 6
rpc_cli: 6
passdb: 6
sam: 6
auth: 6
winbind: 6
vfs: 6
idmap: 6
quota: 6
acls: 6
locking: 6
msdfs: 6
dmapi: 6
registry: 6
scavenger: 6
dns: 6
ldb: 6
tevent: 6
auth_audit: 6
auth_json_audit: 6
kerberos: 6
drs_repl: 6
smb2: 6
smb2_credits: 6
dsdb_audit: 6
dsdb_json_audit: 6
dsdb_password_audit: 6
dsdb_password_json_audit: 6
dsdb_transaction_audit: 6
dsdb_transaction_json_audit: 6
dsdb_group_audit: 6
dsdb_group_json_audit: 6
Processing section "[global]"
doing parameter workgroup = genericproducts
doing parameter security = user
doing parameter passdb backend = tdbsam
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255 netmask=255.255.255.0
added interface enp2s0 ip=192.168.168.13 bcast=192.168.168.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="ORGONON"
Client started (version 4.12.2).
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: No stored sitename for realm ''
name gnabregib#20 found.
Connecting to 192.168.168.125 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB3_11] against server[gnabregib]
Enter GENERICPRODUCTS\grant.petersen's password:
cli_session_creds_prepare_krb5: Doing kinit for grant.petersen at GENERICPRODUCTS to access gnabregib
Kinit for grant.petersen at GENERICPRODUCTS to access gnabregib failed: Cannot find KDC for requested realm
cli_session_setup_spnego_send: Connect to gnabregib as grant.petersen at GENERICPRODUCTS using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
smb_gss_krb5_import_cred ccache[MEMORY:cliconnect] failed with [Unspecified GSS failure. Minor code may provide more information: No credentials cache found] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
Starting GENSEC submechanism ntlmssp
SPNEGO login failed: The transport connection is now disconnected.
session setup failed: NT_STATUS_CONNECTION_DISCONNECTED
-------------- next part --------------
[grant.petersen at orgonon ~]$ smbclient -L gnabregib -d6 -U
INFO: Current debug levels:
all: 6
tdb: 6
printdrivers: 6
lanman: 6
smb: 6
rpc_parse: 6
rpc_srv: 6
rpc_cli: 6
passdb: 6
sam: 6
auth: 6
winbind: 6
vfs: 6
idmap: 6
quota: 6
acls: 6
locking: 6
msdfs: 6
dmapi: 6
registry: 6
scavenger: 6
dns: 6
ldb: 6
tevent: 6
auth_audit: 6
auth_json_audit: 6
kerberos: 6
drs_repl: 6
smb2: 6
smb2_credits: 6
dsdb_audit: 6
dsdb_json_audit: 6
dsdb_password_audit: 6
dsdb_password_json_audit: 6
dsdb_transaction_audit: 6
dsdb_transaction_json_audit: 6
dsdb_group_audit: 6
dsdb_group_json_audit: 6
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 6
tdb: 6
printdrivers: 6
lanman: 6
smb: 6
rpc_parse: 6
rpc_srv: 6
rpc_cli: 6
passdb: 6
sam: 6
auth: 6
winbind: 6
vfs: 6
idmap: 6
quota: 6
acls: 6
locking: 6
msdfs: 6
dmapi: 6
registry: 6
scavenger: 6
dns: 6
ldb: 6
tevent: 6
auth_audit: 6
auth_json_audit: 6
kerberos: 6
drs_repl: 6
smb2: 6
smb2_credits: 6
dsdb_audit: 6
dsdb_json_audit: 6
dsdb_password_audit: 6
dsdb_password_json_audit: 6
dsdb_transaction_audit: 6
dsdb_transaction_json_audit: 6
dsdb_group_audit: 6
dsdb_group_json_audit: 6
Processing section "[global]"
doing parameter workgroup = genericproducts
doing parameter security = user
doing parameter passdb backend = tdbsam
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255 netmask=255.255.255.0
added interface enp2s0 ip=192.168.168.13 bcast=192.168.168.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="ORGONON"
Client started (version 4.12.2).
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: No stored sitename for realm ''
name gnabregib#20 found.
Connecting to 192.168.168.125 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 131072
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB3_11] against server[gnabregib]
Enter GENERICPRODUCTS\grant.petersen's password:
cli_session_setup_spnego_send: Connect to gnabregib as grant.petersen at GENERICPRODUCTS using SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
smb_gss_krb5_import_cred ccache[KEYRING:persistent:1000:1000] failed with [Unspecified GSS failure. Minor code may provide more information: No credentials cache found] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_SERVER
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
short string '', sent with NULL termination despite NOTERM flag in IDL
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
session setup ok
signed SMB2 message
tconx ok
Sharename Type Comment
--------- ---- -------
Bind RPC Pipe: host gnabregib auth_type 0, auth_level 1
rpc_api_pipe: host gnabregib
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host gnabregib
rpc_read_send: data_to_read: 524
tmp Disk Temporary file space
media Disk Media server file space
apps Disk
backups Disk
www Disk
IPC$ IPC IPC Service (Genericproducts samba server)
SMB1 disabled -- no workgroup available
More information about the samba
mailing list