[Samba] Samba and Kerberos
Rob Townley
rob.townley at gmail.com
Thu Apr 28 02:11:48 UTC 2022
Mark,
emphasizing that the formatting of these servicePrincipalNames may not be
syntactically correct at all. Many years since cli kerberos.
HOST/hostname.domain.tld$
HOST/hostname$
HOST/ipAddress$ //totally guessing on if ipAddress$ is allowed. Hope it
is.
The syntax may be off. If you connect with just the hostname, make sure
the host name is there. If you use the FQDN, then make sure the FQDN is
in that list as well. Computers$ are basically users but with a '$'
character at the end. They inherit from the same base class. Verify
your users as well.
Not sure in all cases, but in many cases, when IP Addresses are used
instead of servicePrincipalNames, it drops down to some version of NTLM
authentication, not Kerberos.
Totally guessing here, but MAC and TrueNAS are both BSD based. Wonder if
the service on the client is running as root and that is why you see
root. Wait for someone more knowledgeable to respond. Are you sudo'ing
up to root by chance?
On Wed, Apr 27, 2022 at 5:04 PM Mark Cogan <arcturus1966 at gmail.com> wrote:
> Well, not exactly. I'm running as a Kerberos users from a Mac client.
> smb://thig.<redacted> from Finder.
> This is the output on the server side as I am trying to connect.
> So why would the Samba client be trying to say that's root trying to
> connect?
>
> - M
>
> On Wed, Apr 27, 2022 at 5:57 PM Rob Townley <rob.townley at gmail.com> wrote:
>
>> A couple things stood out to me, but I am going completely from memory
>> and do not have much recent experience in SaMBa kerberos:
>>
>> 1.) Kerberos generally requires IP Names. IP Addresses _might_ work
>> if registered under servicePrincipalNames `HOST/thig$`
>> `HOST/thigsIPaddress$` ?
>> `samba-tool spn list`
>> output might help. In short, when you try to authenticate, use a
>> servicePrincipalName HOST entry.
>>
>> 2.) Looks like you are trying as the root user which may have been
>> disabled by default for security reasons recently. For instance, TrueNAS
>> core no longer allows the root user to use the smb share. Must create
>> another user. Make sure that user actually has userPrincipalName or upn in
>> kerberos.
>>
>> `[2022/04/27 14:15:01.089431, 5, pid=17085, effective(0, 0), real(0, 0)]
>> ../../source3/auth/token_util.c:874(debug_unix_user_token)
>>
>> UNIX token of user 0
>>
>> Primary group is 0 and contains 0 supplementary groups`
>>
>> On Wed, Apr 27, 2022 at 1:21 PM Mark Cogan via samba <
>> samba at lists.samba.org> wrote:
>>
>>> And from the IP log trying to inbound:
>>>
>>> [2022/04/27 14:15:01.088980, 10, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/lib/util_event.c:43(smbd_idle_event_handler)
>>>
>>> smbd_idle_event_handler: idle_evt(deadtime) (nil) called
>>>
>>> [2022/04/27 14:15:01.089072, 2, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/process.c:2926(deadtime_fn)
>>>
>>> Closing idle connection
>>>
>>> [2022/04/27 14:15:01.089095, 10, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/lib/util_event.c:47(smbd_idle_event_handler)
>>>
>>> smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped
>>>
>>> [2022/04/27 14:15:01.089115, 3, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/server.c:162(msg_exit_server)
>>>
>>> got a SHUTDOWN message
>>>
>>> [2022/04/27 14:15:01.089142, 4, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>>>
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>>
>>> [2022/04/27 14:15:01.089153, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../libcli/security/security_token.c:47(security_token_debug)
>>>
>>> Security token: (NULL)
>>>
>>> [2022/04/27 14:15:01.089162, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/auth/token_util.c:874(debug_unix_user_token)
>>>
>>> UNIX token of user 0
>>>
>>> Primary group is 0 and contains 0 supplementary groups
>>>
>>> [2022/04/27 14:15:01.089194, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
>>>
>>> change_to_root_user: now uid=(0,0) gid=(0,0)
>>>
>>> [2022/04/27 14:15:01.089275, 4, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>>>
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>>
>>> [2022/04/27 14:15:01.089288, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../libcli/security/security_token.c:47(security_token_debug)
>>>
>>> Security token: (NULL)
>>>
>>> [2022/04/27 14:15:01.089296, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/auth/token_util.c:874(debug_unix_user_token)
>>>
>>> UNIX token of user 0
>>>
>>> Primary group is 0 and contains 0 supplementary groups
>>>
>>> [2022/04/27 14:15:01.089312, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
>>>
>>> change_to_root_user: now uid=(0,0) gid=(0,0)
>>>
>>> [2022/04/27 14:15:01.089322, 4, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>>>
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>>
>>> [2022/04/27 14:15:01.089331, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../libcli/security/security_token.c:47(security_token_debug)
>>>
>>> Security token: (NULL)
>>>
>>> [2022/04/27 14:15:01.089339, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/auth/token_util.c:874(debug_unix_user_token)
>>>
>>> UNIX token of user 0
>>>
>>> Primary group is 0 and contains 0 supplementary groups
>>>
>>> [2022/04/27 14:15:01.089358, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
>>>
>>> change_to_root_user: now uid=(0,0) gid=(0,0)
>>>
>>> [2022/04/27 14:15:01.089370, 4, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>>>
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>>
>>> [2022/04/27 14:15:01.089379, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../libcli/security/security_token.c:47(security_token_debug)
>>>
>>> Security token: (NULL)
>>>
>>> [2022/04/27 14:15:01.089387, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/auth/token_util.c:874(debug_unix_user_token)
>>>
>>> UNIX token of user 0
>>>
>>> Primary group is 0 and contains 0 supplementary groups
>>>
>>> [2022/04/27 14:15:01.089401, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
>>>
>>> change_to_root_user: now uid=(0,0) gid=(0,0)
>>>
>>> [2022/04/27 14:15:01.089414, 4, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
>>>
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>>
>>> [2022/04/27 14:15:01.089422, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../libcli/security/security_token.c:47(security_token_debug)
>>>
>>> Security token: (NULL)
>>>
>>> [2022/04/27 14:15:01.089431, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/auth/token_util.c:874(debug_unix_user_token)
>>>
>>> UNIX token of user 0
>>>
>>> Primary group is 0 and contains 0 supplementary groups
>>>
>>> [2022/04/27 14:15:01.089444, 5, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
>>>
>>> change_to_root_user: now uid=(0,0) gid=(0,0)
>>>
>>> [2022/04/27 14:15:01.089493, 10, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../lib/messaging/messages_dgm_ref.c:163(msg_dgm_ref_destructor)
>>>
>>> msg_dgm_ref_destructor: refs=(nil)
>>>
>>> [2022/04/27 14:15:01.089783, 3, pid=17085, effective(0, 0), real(0, 0)]
>>> ../../source3/smbd/server_exit.c:240(exit_server_common)
>>>
>>> Server exit (normal exit)
>>>
>>> On Wed, Apr 27, 2022 at 2:16 PM Mark Cogan <arcturus1966 at gmail.com>
>>> wrote:
>>>
>>> > [2022/04/27 14:14:00.895242, 10, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm_ref.c:163(msg_dgm_ref_destructor)
>>> >
>>> > msg_dgm_ref_destructor: refs=(nil)
>>> >
>>> > [2022/04/27 14:14:00.896142, 10, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm_ref.c:80(messaging_dgm_ref)
>>> >
>>> > messaging_dgm_ref: messaging_dgm_init returned Success
>>> >
>>> > [2022/04/27 14:14:00.896171, 10, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm_ref.c:109(messaging_dgm_ref)
>>> >
>>> > messaging_dgm_ref: unique = 16432613736172089981
>>> >
>>> > [2022/04/27 14:14:00.896185, 2, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
>>> >
>>> > Registered MSG_REQ_POOL_USAGE
>>> >
>>> > [2022/04/27 14:14:00.896201, 5, pid=17084, effective(0, 0), real(0,
>>> 0),
>>> > class=passdb]
>>> ../../source3/passdb/pdb_interface.c:157(make_pdb_method_name)
>>> >
>>> > Attempting to find a passdb backend to match tdbsam (tdbsam)
>>> >
>>> > [2022/04/27 14:14:00.896212, 5, pid=17084, effective(0, 0), real(0,
>>> 0),
>>> > class=passdb]
>>> ../../source3/passdb/pdb_interface.c:178(make_pdb_method_name)
>>> >
>>> > Found pdb backend tdbsam
>>> >
>>> > [2022/04/27 14:14:00.896240, 5, pid=17084, effective(0, 0), real(0,
>>> 0),
>>> > class=passdb]
>>> ../../source3/passdb/pdb_interface.c:189(make_pdb_method_name)
>>> >
>>> > pdb backend tdbsam has a valid init
>>> >
>>> > [2022/04/27 14:14:00.896260, 10, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/smbXsrv_client.c:548(smbXsrv_client_create)
>>> >
>>> > [2022/04/27 14:14:00.896270, 10, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/smbXsrv_client.c:556(smbXsrv_client_create)
>>> >
>>> > smbXsrv_client_create:
>>> > client_guid[00000000-0000-0000-0000-000000000000] created
>>> >
>>> > [2022/04/27 14:14:00.896288, 1, pid=17084, effective(0, 0), real(0,
>>> 0),
>>> > class=rpc_parse] ../../librpc/ndr/ndr.c:429(ndr_print_debug)
>>> >
>>> > &client_blob: struct smbXsrv_clientB
>>> >
>>> > version : SMBXSRV_VERSION_0 (0)
>>> >
>>> > reserved : 0x00000000 (0)
>>> >
>>> > info : union smbXsrv_clientU(case 0)
>>> >
>>> > info0 : *
>>> >
>>> > info0: struct smbXsrv_client
>>> >
>>> > table : *
>>> >
>>> > raw_ev_ctx : *
>>> >
>>> > msg_ctx : *
>>> >
>>> > global : *
>>> >
>>> > global: struct smbXsrv_client_global0
>>> >
>>> > db_rec : NULL
>>> >
>>> > server_id: struct server_id
>>> >
>>> > pid :
>>> > 0x00000000000042bc (17084)
>>> >
>>> > task_id : 0x00000000 (0)
>>> >
>>> > vnn : 0xffffffff
>>> > (4294967295)
>>> >
>>> > unique_id :
>>> > 0xe40c5f211bbdf27d (-2014130337537461635)
>>> >
>>> > local_address : NULL
>>> >
>>> > remote_address : NULL
>>> >
>>> > remote_name : NULL
>>> >
>>> > initial_connect_time : Wed Apr 27
>>> 02:14:01
>>> > PM 2022 EDT
>>> >
>>> > client_guid :
>>> > 00000000-0000-0000-0000-000000000000
>>> >
>>> > stored : 0x00 (0)
>>> >
>>> > sconn : NULL
>>> >
>>> > session_table : NULL
>>> >
>>> > tcon_table : NULL
>>> >
>>> > open_table : NULL
>>> >
>>> > connections : NULL
>>> >
>>> > server_multi_channel_enabled: 0x00 (0)
>>> >
>>> > next_channel_id : 0x0000000000000000 (0)
>>> >
>>> > connection_pass_subreq : NULL
>>> >
>>> > pending_breaks : NULL
>>> >
>>> > [2022/04/27 14:14:00.896439, 5, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/util_net.c:990(print_socket_options)
>>> >
>>> > Socket options:
>>> >
>>> > SO_KEEPALIVE = 1
>>> >
>>> > SO_REUSEADDR = 1
>>> >
>>> > SO_BROADCAST = 0
>>> >
>>> > TCP_NODELAY = 1
>>> >
>>> > TCP_KEEPCNT = 9
>>> >
>>> > TCP_KEEPIDLE = 7200
>>> >
>>> > TCP_KEEPINTVL = 75
>>> >
>>> > IPTOS_LOWDELAY = 0
>>> >
>>> > IPTOS_THROUGHPUT = 0
>>> >
>>> > SO_REUSEPORT = 1
>>> >
>>> > SO_SNDBUF = 87040
>>> >
>>> > SO_RCVBUF = 369280
>>> >
>>> > SO_SNDLOWAT = 1
>>> >
>>> > SO_RCVLOWAT = 1
>>> >
>>> > SO_SNDTIMEO = 0
>>> >
>>> > SO_RCVTIMEO = 0
>>> >
>>> > TCP_QUICKACK = 1
>>> >
>>> > TCP_DEFER_ACCEPT = 0
>>> >
>>> > TCP_USER_TIMEOUT = 0
>>> >
>>> > [2022/04/27 14:14:00.896491, 5, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/util_net.c:990(print_socket_options)
>>> >
>>> > Socket options:
>>> >
>>> > SO_KEEPALIVE = 1
>>> >
>>> > SO_REUSEADDR = 1
>>> >
>>> > SO_BROADCAST = 0
>>> >
>>> > TCP_NODELAY = 1
>>> >
>>> > TCP_KEEPCNT = 9
>>> >
>>> > TCP_KEEPIDLE = 7200
>>> >
>>> > TCP_KEEPINTVL = 75
>>> >
>>> > IPTOS_LOWDELAY = 0
>>> >
>>> > IPTOS_THROUGHPUT = 0
>>> >
>>> > SO_REUSEPORT = 1
>>> >
>>> > SO_SNDBUF = 87040
>>> >
>>> > SO_RCVBUF = 369280
>>> >
>>> > SO_SNDLOWAT = 1
>>> >
>>> > SO_RCVLOWAT = 1
>>> >
>>> > SO_SNDTIMEO = 0
>>> >
>>> > SO_RCVTIMEO = 0
>>> >
>>> > TCP_QUICKACK = 1
>>> >
>>> > TCP_DEFER_ACCEPT = 0
>>> >
>>> > TCP_USER_TIMEOUT = 0
>>> >
>>> > [2022/04/27 14:14:00.896557, 3, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/access.c:372(allow_access)
>>> >
>>> > Allowed connection from 132.250.114.93 (132.250.114.93)
>>> >
>>> > [2022/04/27 14:14:00.896564, 10, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/process.c:3919(smbd_add_connection)
>>> >
>>> > Connection allowed from ipv4:132.250.114.93:50258 to ipv4:
>>> > 132.250.115.34:445
>>> >
>>> > [2022/04/27 14:14:00.896599, 5, pid=17084, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/debug.c:811(debug_dump_status)
>>> >
>>> > INFO: Current debug levels:
>>> >
>>> > all: 10
>>> >
>>> > tdb: 10
>>> >
>>> > printdrivers: 10
>>> >
>>> > lanman: 10
>>> >
>>> > smb: 10
>>> >
>>> > rpc_parse: 10
>>> >
>>> > rpc_srv: 10
>>> >
>>> > rpc_cli: 10
>>> >
>>> > passdb: 10
>>> >
>>> > sam: 10
>>> >
>>> > auth: 10
>>> >
>>> > winbind: 10
>>> >
>>> > vfs: 10
>>> >
>>> > idmap: 10
>>> >
>>> > quota: 10
>>> >
>>> > acls: 10
>>> >
>>> > locking: 10
>>> >
>>> > msdfs: 10
>>> >
>>> > dmapi: 10
>>> >
>>> > registry: 10
>>> >
>>> > scavenger: 10
>>> >
>>> > dns: 10
>>> >
>>> > ldb: 10
>>> >
>>> > tevent: 10
>>> >
>>> > auth_audit: 10
>>> >
>>> > auth_json_audit: 10
>>> >
>>> > kerberos: 10
>>> >
>>> > drs_repl: 10
>>> >
>>> > smb2: 10
>>> >
>>> > smb2_credits: 10
>>> >
>>> > dsdb_audit: 10
>>> >
>>> > dsdb_json_audit: 10
>>> >
>>> > dsdb_password_audit: 10
>>> >
>>> > dsdb_password_json_audit: 10
>>> >
>>> > dsdb_transaction_audit: 10
>>> >
>>> > dsdb_transaction_json_audit: 10
>>> >
>>> > dsdb_group_audit: 10
>>> >
>>> > dsdb_group_json_audit: 10
>>> >
>>> > [2022/04/27 14:14:01.049640, 10, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm_ref.c:163(msg_dgm_ref_destructor)
>>> >
>>> > msg_dgm_ref_destructor: refs=(nil)
>>> >
>>> > [2022/04/27 14:14:01.049743, 10, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm_ref.c:80(messaging_dgm_ref)
>>> >
>>> > messaging_dgm_ref: messaging_dgm_init returned Success
>>> >
>>> > [2022/04/27 14:14:01.049763, 10, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm_ref.c:109(messaging_dgm_ref)
>>> >
>>> > messaging_dgm_ref: unique = 16628607021123654522
>>> >
>>> > [2022/04/27 14:14:01.049773, 2, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
>>> >
>>> > Registered MSG_REQ_POOL_USAGE
>>> >
>>> > [2022/04/27 14:14:01.049784, 5, pid=17085, effective(0, 0), real(0,
>>> 0),
>>> > class=passdb]
>>> ../../source3/passdb/pdb_interface.c:157(make_pdb_method_name)
>>> >
>>> > Attempting to find a passdb backend to match tdbsam (tdbsam)
>>> >
>>> > [2022/04/27 14:14:01.049791, 5, pid=17085, effective(0, 0), real(0,
>>> 0),
>>> > class=passdb]
>>> ../../source3/passdb/pdb_interface.c:178(make_pdb_method_name)
>>> >
>>> > Found pdb backend tdbsam
>>> >
>>> > [2022/04/27 14:14:01.049806, 5, pid=17085, effective(0, 0), real(0,
>>> 0),
>>> > class=passdb]
>>> ../../source3/passdb/pdb_interface.c:189(make_pdb_method_name)
>>> >
>>> > pdb backend tdbsam has a valid init
>>> >
>>> > [2022/04/27 14:14:01.049818, 10, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/smbXsrv_client.c:548(smbXsrv_client_create)
>>> >
>>> > [2022/04/27 14:14:01.049825, 10, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/smbXsrv_client.c:556(smbXsrv_client_create)
>>> >
>>> > smbXsrv_client_create:
>>> > client_guid[00000000-0000-0000-0000-000000000000] created
>>> >
>>> > [2022/04/27 14:14:01.049841, 1, pid=17085, effective(0, 0), real(0,
>>> 0),
>>> > class=rpc_parse] ../../librpc/ndr/ndr.c:429(ndr_print_debug)
>>> >
>>> > &client_blob: struct smbXsrv_clientB
>>> >
>>> > version : SMBXSRV_VERSION_0 (0)
>>> >
>>> > reserved : 0x00000000 (0)
>>> >
>>> > info : union smbXsrv_clientU(case 0)
>>> >
>>> > info0 : *
>>> >
>>> > info0: struct smbXsrv_client
>>> >
>>> > table : *
>>> >
>>> > raw_ev_ctx : *
>>> >
>>> > msg_ctx : *
>>> >
>>> > global : *
>>> >
>>> > global: struct smbXsrv_client_global0
>>> >
>>> > db_rec : NULL
>>> >
>>> > server_id: struct server_id
>>> >
>>> > pid :
>>> > 0x00000000000042bd (17085)
>>> >
>>> > task_id : 0x00000000 (0)
>>> >
>>> > vnn : 0xffffffff
>>> > (4294967295)
>>> >
>>> > unique_id :
>>> > 0xe6c4adfbcba4537a (-1818137052585897094)
>>> >
>>> > local_address : NULL
>>> >
>>> > remote_address : NULL
>>> >
>>> > remote_name : NULL
>>> >
>>> > initial_connect_time : Wed Apr 27
>>> 02:14:01
>>> > PM 2022 EDT
>>> >
>>> > client_guid :
>>> > 00000000-0000-0000-0000-000000000000
>>> >
>>> > stored : 0x00 (0)
>>> >
>>> > sconn : NULL
>>> >
>>> > session_table : NULL
>>> >
>>> > tcon_table : NULL
>>> >
>>> > open_table : NULL
>>> >
>>> > connections : NULL
>>> >
>>> > server_multi_channel_enabled: 0x00 (0)
>>> >
>>> > next_channel_id : 0x0000000000000000 (0)
>>> >
>>> > connection_pass_subreq : NULL
>>> >
>>> > pending_breaks : NULL
>>> >
>>> > [2022/04/27 14:14:01.049956, 5, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/util_net.c:990(print_socket_options)
>>> >
>>> > Socket options:
>>> >
>>> > SO_KEEPALIVE = 1
>>> >
>>> > SO_REUSEADDR = 1
>>> >
>>> > SO_BROADCAST = 0
>>> >
>>> > TCP_NODELAY = 1
>>> >
>>> > TCP_KEEPCNT = 9
>>> >
>>> > TCP_KEEPIDLE = 7200
>>> >
>>> > TCP_KEEPINTVL = 75
>>> >
>>> > IPTOS_LOWDELAY = 0
>>> >
>>> > IPTOS_THROUGHPUT = 0
>>> >
>>> > SO_REUSEPORT = 1
>>> >
>>> > SO_SNDBUF = 87040
>>> >
>>> > SO_RCVBUF = 369280
>>> >
>>> > SO_SNDLOWAT = 1
>>> >
>>> > SO_RCVLOWAT = 1
>>> >
>>> > SO_SNDTIMEO = 0
>>> >
>>> > SO_RCVTIMEO = 0
>>> >
>>> > TCP_QUICKACK = 1
>>> >
>>> > TCP_DEFER_ACCEPT = 0
>>> >
>>> > TCP_USER_TIMEOUT = 0
>>> >
>>> > [2022/04/27 14:14:01.049994, 5, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/util_net.c:990(print_socket_options)
>>> >
>>> > Socket options:
>>> >
>>> > SO_KEEPALIVE = 1
>>> >
>>> > SO_REUSEADDR = 1
>>> >
>>> > SO_BROADCAST = 0
>>> >
>>> > TCP_NODELAY = 1
>>> >
>>> > TCP_KEEPCNT = 9
>>> >
>>> > TCP_KEEPIDLE = 7200
>>> >
>>> > TCP_KEEPINTVL = 75
>>> >
>>> > IPTOS_LOWDELAY = 0
>>> >
>>> > IPTOS_THROUGHPUT = 0
>>> >
>>> > SO_REUSEPORT = 1
>>> >
>>> > SO_SNDBUF = 87040
>>> >
>>> > SO_RCVBUF = 369280
>>> >
>>> > SO_SNDLOWAT = 1
>>> >
>>> > SO_RCVLOWAT = 1
>>> >
>>> > SO_SNDTIMEO = 0
>>> >
>>> > SO_RCVTIMEO = 0
>>> >
>>> > TCP_QUICKACK = 1
>>> >
>>> > TCP_DEFER_ACCEPT = 0
>>> >
>>> > TCP_USER_TIMEOUT = 0
>>> >
>>> > [2022/04/27 14:14:01.050034, 3, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/access.c:372(allow_access)
>>> >
>>> > Allowed connection from 132.250.114.93 (132.250.114.93)
>>> >
>>> > [2022/04/27 14:14:01.050041, 10, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/process.c:3919(smbd_add_connection)
>>> >
>>> > Connection allowed from ipv4:132.250.114.93:50260 to ipv4:
>>> > 132.250.115.34:445
>>> >
>>> > [2022/04/27 14:14:01.050064, 5, pid=17085, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/util/debug.c:811(debug_dump_status)
>>> >
>>> > INFO: Current debug levels:
>>> >
>>> > all: 10
>>> >
>>> > tdb: 10
>>> >
>>> > [2022/04/27 14:14:01.050579, 10, pid=17031, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm.c:1445(messaging_dgm_send)
>>> >
>>> > messaging_dgm_send: Sending message to 17034
>>> >
>>> > [2022/04/27 14:14:01.050691, 10, pid=17034, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/lib/messages.c:428(messaging_recv_cb)
>>> >
>>> > messaging_recv_cb: Received message 0x314 len 0 (num_fds:0) from
>>> 17031
>>> >
>>> > [2022/04/27 14:14:01.050954, 10, pid=17034, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/smbd_cleanupd.c:173(smbd_cleanupd_process_exited)
>>> >
>>> > smbd_cleanupd_process_exited: cleaned up pid 17084
>>> >
>>> > [2022/04/27 14:15:01.091584, 10, pid=17031, effective(0, 0), real(0,
>>> 0)]
>>> > ../../lib/messaging/messages_dgm.c:1445(messaging_dgm_send)
>>> >
>>> > messaging_dgm_send: Sending message to 17034
>>> >
>>> > [2022/04/27 14:15:01.091685, 10, pid=17034, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/lib/messages.c:428(messaging_recv_cb)
>>> >
>>> > messaging_recv_cb: Received message 0x314 len 0 (num_fds:0) from
>>> 17031
>>> >
>>> > [2022/04/27 14:15:01.091873, 10, pid=17034, effective(0, 0), real(0,
>>> 0)]
>>> > ../../source3/smbd/smbd_cleanupd.c:173(smbd_cleanupd_process_exited)
>>> >
>>> > smbd_cleanupd_process_exited: cleaned up pid 17085
>>> >
>>> > On Wed, Apr 27, 2022 at 2:06 PM Jeremy Allison <jra at samba.org> wrote:
>>> >
>>> >> On Wed, Apr 27, 2022 at 02:02:39PM -0400, Mark Cogan via samba wrote:
>>> >> >Output from command line trying to connect:
>>> >> >
>>> >> >thig% smbclient -k -L //thig.<redacted>/
>>> >> >
>>> >> >session setup failed: NT_STATUS_ACCESS_DENIED
>>> >> >
>>> >> >
>>> >> >So it looks like it's just rejecting the Kerberos authentication,
>>> which
>>> >> is
>>> >> >why it would drop back down to asking for password (which doesn't
>>> work).
>>> >>
>>> >> Use a debug level 10 to get more details.
>>> >>
>>> >
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
More information about the samba
mailing list