[Samba] mount.cifs STATUS_NO_LOGON_SERVERS

L.P.H. van Belle belle at bazuin.nl
Thu Aug 12 08:54:25 UTC 2021


Do all server the spn : cifs/hostname.fqdn.tld registered in the AD and in the local /etc/krb5.keytab ? 
Offcourse the stand alone does not have it, but can add it manualy in AD and keytab file on that server.
Make sure all your server using CIFS have A and PTR records, (even your standalone).

Then thats done, make sure all formats are like this. 
Workgroup = ADDOM_IN_CAPS
Check smb.conf  and krb5.conf 
As far i could tell this looked good. 

When above is in place, and your leting the users automount these folder. 
Did you set : allow delegate for kerberous services for the servers that do automounting? 

samba-tool user 
  sensitive        - Set/unset or show UF_NOT_DELEGATED for an account.

If not set it. 

Last, the server with samba 4.9.5, upgrade it to at least samba 4.13/14 

And now, if you sure all is using kerberos auth, it should work now. 

Im using the same here, CIFS and NFS4 kerberized mounts and automounting. 
This is how i setup the automouting with systemd on my debian servers. 


See how far you get, i'll keep an eye on the list today.



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark 
> Amundsen via samba
> Verzonden: donderdag 12 augustus 2021 9:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] mount.cifs STATUS_NO_LOGON_SERVERS
> Thanks for your time
> > OK, the two machines running 4.14.6 use SMBv2 as a minimum, your
> > standalone server uses SMBv1 as a minimum, so you may have to add
> > 'vers=2' to your mount command.
> I've tried vers=2.0 3.0 and even 2.1 (simply vers=2 gives an 
> invalid argument error), same as before:
> CIFS VFS: Send error in SessSetup = -5
> CIFS VFS: cifs_mount failed w/return code = -5
> Status code returned 0xc000005e STATUS_NO_LOGON_SERVERS
> If I try vers=1.0 it simply says:
> CIFS VFS: cifs_mount failed w/return code = -95
> (also: mount.cifs says: Default has changed to a more secure 
> dialect, SMB2.1 or later)
> I created a share on one of the domain-joined windows 
> machines and I can connect to that in the same manner as I 
> used to connect to the samba fileserver, which leads me to 
> belive that something has changed in the fileserver.
> Have I disabled the authentication method that mount.cifs is using?
> Mark
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list