[Samba] upgrade from samba 4.13 to 4.16 broke CIFS Server Authentication

William Kirstaedter kirstaedter at fhi-berlin.mpg.de
Tue Aug 30 15:12:04 UTC 2022 

Hello,

I'm running a samba AD server in the form of a univention appliance ...

with their latest release upgrade from UCS-5.0-1 to UCS-5.0-2 the samba 
version bumped from 4.13 to 4.16.

furthermore, I'm running commercial NetApp Storage Systems, providing a 
CIFS Server (joined my UCS Domain)

since the upgrade, I have the following problem:

while domain-joined windows clients still can connect to the shares 
provided by the NetApp, non-domain windows clients cant anymore.

they always produce the following error message in the netapps event log 
and report that the domain isnt available right now.

8/30/2022 16:06:21  napV-02 ERROR         secd.cifsAuth.problem: vserver 
(napV2) General CIFS authentication pr
oblem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 192.168.6.129
   [  0 ms] Login attempt by domain user 'FHI\cliff' using NTLMv2 style 
security
   [     0] No servers available for MS_NETLOGON, vserver: 4, domain: 
fhi.mpg.de.
   [    11] Hostname found in Name Service Cache
   [    11] Successfully connected to ip 192.168.6.100, port 445 using TCP
   [    31] Encountered NT error (NT_STATUS_INVALID_PARAMETER) for SMB 
command SessionSetup
   [    34] Unable to connect to NetLogon service on wayland.fhi.mpg.de 
(Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABL
E)
   [    34] No servers available for MS_NETLOGON, vserver: 4, domain: 
fhi.mpg.de.
**[    34] FAILURE: Unable to make a connection (NetLogon:FHI.MPG.DE), 
result: 6940
   [    34] CIFS authentication failed
8/30/2022 16:06:01  napV-02          ERROR Nblade.CifsOperationTimedOut: 
Detected a timed out CIFS operation. SM
B command for this operation: SMB2_COM_SESSION_SETUP, Number of times 
this command was suspended: 1186, Number of times
this command was restarted: 0, Last CSM error during this operation: 
CSM_OK, Remote blade UUID: 00000000-0000-0000-0000-
000000000000, Is QoS enabled: QoS_disabled, Last SpinNp error during 
this operation: SPINNP_NO_FO_ERROR, Client IP addre
ss: 192.168.6.129, Local IP address: 192.168.6.12, Target Vserver ID: 4, 
Target disk's DSID: 0

while my log.smbd file reports

[2022/08/30 17:11:39.808445,  1, pid=8018] 
../../auth/gensec/spnego.c:1341(gensec_spnego_server_negTokenInit_step)
   gensec_spnego_server_negTokenInit_step: Could not find a suitable 
mechtype in NEG_TOKEN_INIT

I'm now asking here because neither Univention nor Netapp seem to want 
to help since they both say that combination is not supported / 
recommended. no reasons given.

I was hoping to get a new idea here...

thanks in advance,

-- 

William Kirstaedter (PP&B) 	Fritz-Haber-Institut der MPG
Faradayweg 4-6 	14195 Berlin
Tel: 030 8413 5405 	Mail: kirstaedter at fhi-berlin.mpg.de

More information about the samba mailing list