[Samba] upgrade from samba 4.13 to 4.16 broke CIFS Server Authentication
William Kirstaedter
kirstaedter at fhi-berlin.mpg.de
Tue Aug 30 15:12:04 UTC 2022
Hello,
I'm running a samba AD server in the form of a univention appliance ...
with their latest release upgrade from UCS-5.0-1 to UCS-5.0-2 the samba
version bumped from 4.13 to 4.16.
furthermore, I'm running commercial NetApp Storage Systems, providing a
CIFS Server (joined my UCS Domain)
since the upgrade, I have the following problem:
while domain-joined windows clients still can connect to the shares
provided by the NetApp, non-domain windows clients cant anymore.
they always produce the following error message in the netapps event log
and report that the domain isnt available right now.
8/30/2022 16:06:21 napV-02 ERROR secd.cifsAuth.problem: vserver
(napV2) General CIFS authentication pr
oblem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 192.168.6.129
[ 0 ms] Login attempt by domain user 'FHI\cliff' using NTLMv2 style
security
[ 0] No servers available for MS_NETLOGON, vserver: 4, domain:
fhi.mpg.de.
[ 11] Hostname found in Name Service Cache
[ 11] Successfully connected to ip 192.168.6.100, port 445 using TCP
[ 31] Encountered NT error (NT_STATUS_INVALID_PARAMETER) for SMB
command SessionSetup
[ 34] Unable to connect to NetLogon service on wayland.fhi.mpg.de
(Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABL
E)
[ 34] No servers available for MS_NETLOGON, vserver: 4, domain:
fhi.mpg.de.
**[ 34] FAILURE: Unable to make a connection (NetLogon:FHI.MPG.DE),
result: 6940
[ 34] CIFS authentication failed
8/30/2022 16:06:01 napV-02 ERROR Nblade.CifsOperationTimedOut:
Detected a timed out CIFS operation. SM
B command for this operation: SMB2_COM_SESSION_SETUP, Number of times
this command was suspended: 1186, Number of times
this command was restarted: 0, Last CSM error during this operation:
CSM_OK, Remote blade UUID: 00000000-0000-0000-0000-
000000000000, Is QoS enabled: QoS_disabled, Last SpinNp error during
this operation: SPINNP_NO_FO_ERROR, Client IP addre
ss: 192.168.6.129, Local IP address: 192.168.6.12, Target Vserver ID: 4,
Target disk's DSID: 0
while my log.smbd file reports
[2022/08/30 17:11:39.808445, 1, pid=8018]
../../auth/gensec/spnego.c:1341(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: Could not find a suitable
mechtype in NEG_TOKEN_INIT
I'm now asking here because neither Univention nor Netapp seem to want
to help since they both say that combination is not supported /
recommended. no reasons given.
I was hoping to get a new idea here...
thanks in advance,
--
William Kirstaedter (PP&B) Fritz-Haber-Institut der MPG
Faradayweg 4-6 14195 Berlin
Tel: 030 8413 5405 Mail: kirstaedter at fhi-berlin.mpg.de
More information about the samba
mailing list