[Samba] NT_STATUS_NETWORK_SESSION_EXPIRED

David Mace David.Mace at smartodds.co.uk
Mon Sep 7 09:50:33 UTC 2020 

Hi Thanks,

This is my /etc/krb5.conf from the client and the server (they are the
same).

[libdefaults]
default_realm = DOMAIN.CO.UK
clockskew = 300
default_ccache_name = FILE:/tmp/krb5cc_%{uid}

[realms]
DOMAIN.CO.UK = {
kdc = ad05.DOMAIN.co.uk
kdc = ad06.DOMAIN.co.uk
default_domain = DOMAIN.co.uk
admin_server = ad05.DOMAIN.co.uk
auth_to_local =
RULE:[1:$0#$1](^DOMAIN.CO.UK#.*)s/^.*#/DOMAIN\/
auth_to_local = DEFAULT
}

[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.DOMAIN.co.uk = DOMAIN.CO.UK
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
}

This is my /etc/samba/smb.conf from client and server (the same apart
from the "Group" share defined on the server

[global]
workgroup = DOMAIN
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
idmap config * : backend = tdb
idmap config * : range = 5000-9999
idmap config SMARTODDS : backend = rid
idmap config SMARTODDS : range = 10000-999999
idmap config SMARTBAPPS : backend = rid
idmap config SMARTBAPPS : range = 1000000-9999999
template shell = /bin/bash
template homedir = /home/%D/%U
kerberos method = secrets and keytab
realm = DOMAIN.CO.UK
security = ADS
template shell = /bin/bash
usershare max shares = 100
winbind offline logon = yes
winbind refresh tickets = yes
rpc_daemon:fssd = fork
registry shares = yes
include = registry
load printers = no
disable spoolss = yes
map acl inherit = yes
store dos attributes = yes
deadtime = 15
bind interfaces only = yes
interfaces = eth0
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[Group]
comment = Group Drive
path = /data/Group
read only = no
browseable = yes
inherit owner = unix only
inherit acls = yes
dos filemode = yes
acl group control = yes
acl_xattr:ignore system acls = yes
vfs objects = acl_xattr btrfs snapper


This is my /etc/security/pam_winbind.conf (the same on client and
server)

[global]
cached_login = yes
krb5_auth = yes
krb5_ccache_type = FILE
require_membership_of = S-1-5-21-1634878560-3557012951-
3523748453-17244
# omit pam conversations
silent = yes

Thanks

David



-----Original Message-----
From: Rowland penny via samba <samba at lists.samba.org>
Reply-To: Rowland penny <rpenny at samba.org>
To: samba at lists.samba.org
Subject: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED
Date: Mon, 07 Sep 2020 10:41:55 +0100

On 07/09/2020 09:51, David Mace via samba wrote:
> Hi,
>
> Looking for some help with this issue, been struggling for a few
> weeks
>
> We run a file server using Samba 4.9.5 (openSUSE Leap 15.2
> 4.9.5+git.343.4bc358522a9-lp151.2.27.1).
>
> Active Directory using Windows Server 2016. The Samba server is a
> member of the domain. Windows 10 desktops and Linux desktops are also
> domain members.
>
> Windows 10 desktops map network drives to the Samba server, no issues
> seen. Everything appears to be working.
>
> Linux desktops map shares using GVFS `gio mount` command and
> authenticate with user's kerberos ticket.
>
> After 10 hours or so, the gio mounts become inaccessible. GNOME
> Nautilus gives error "invalid argument".
>
> GVFS debug log shows
>
> smbc_stat(smb://fileserver.domain.co.uk/share)
> SMBC_getatr: sending qpathinfo
> map_errno_from_nt_status: 32 bit codes: code=c000035c
> smbc errno NT_STATUS_NETWORK_SESSION_EXPIRED -> 22
> smb: send_reply(0x7fb930002840), failed=1 (Invalid argument)
> smb: backend_dbus_handler org.gtk.vfs.Mount:QueryInfo (pid=24714)
> smb: Queued new job 0x7fb924007700 (GVfsJobQueryInfo)
>
>
> These Linux desktops also mount shares from a Windows Server 2012
> server, using gio mount, and do not experience the same issue. Only
> when Linux desktops map to the Samba server do we see this issue
>
> Thanks
> This e-mail and any files transmitted with it are confidential and
> may be legally privileged. If you receive it in error or are not the
> intended recipient you must not copy, distribute or take any action
> in reliance upon it. Instead, please notify us immediately by
> telephoning +44 (20) 7482 0077 and delete the material from your
> systems. Smartodds is a business carried on by Smartodds Limited, a
> company registered with the Registrar of Companies for England and
> Wales with number 05108548. Registered office: Unit 540 Highgate
> Studios, 53-79 Highgate Road, London NW5 1TL

Sounds like the ticket is expiring, can we see your smb.conf

Rowland




This e-mail and any files transmitted with it are confidential and may be legally privileged. If you receive it in error or are not the intended recipient you must not copy, distribute or take any action in reliance upon it. Instead, please notify us immediately by telephoning +44 (20) 7482 0077 and delete the material from your systems. Smartodds is a business carried on by Smartodds Limited, a company registered with the Registrar of Companies for England and Wales with number 05108548. Registered office: Unit 540 Highgate Studios, 53-79 Highgate Road, London NW5 1TL

More information about the samba mailing list