[Samba] upgrade from samba 4.13 to 4.16 broke CIFS Server Authentication

Rowland Penny rpenny at samba.org
Tue Aug 30 16:10:47 UTC 2022 

On Tue, 2022-08-30 at 17:12 +0200, William Kirstaedter via samba wrote:
> 	Error verifying signature: parse error
> --------------ms090900020002010303020809
> Content-Type: text/plain; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: 8bit
> 
> Hello,
> 
> I'm running a samba AD server in the form of a univention appliance
> ...
> 
> with their latest release upgrade from UCS-5.0-1 to UCS-5.0-2 the
> samba 
> version bumped from 4.13 to 4.16.
> 
> furthermore, I'm running commercial NetApp Storage Systems, providing
> a 
> CIFS Server (joined my UCS Domain)
> 
> since the upgrade, I have the following problem:
> 
> while domain-joined windows clients still can connect to the shares 
> provided by the NetApp, non-domain windows clients cant anymore.
> 
> they always produce the following error message in the netapps event
> log 
> and report that the domain isnt available right now.
> 
> 8/30/2022 16:06:21  napV-02 ERROR         secd.cifsAuth.problem:
> vserver 
> (napV2) General CIFS authentication pr
> oblem. Error: User authentication procedure failed
> CIFS SMB2 Share mapping - Client Ip = 192.168.6.129
>    [  0 ms] Login attempt by domain user 'FHI\cliff' using NTLMv2
> style 
> security
>    [     0] No servers available for MS_NETLOGON, vserver: 4,
> domain: 
> fhi.mpg.de.
>    [    11] Hostname found in Name Service Cache
>    [    11] Successfully connected to ip 192.168.6.100, port 445
> using TCP
>    [    31] Encountered NT error (NT_STATUS_INVALID_PARAMETER) for
> SMB 
> command SessionSetup
>    [    34] Unable to connect to NetLogon service on
> wayland.fhi.mpg.de 
> (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABL
> E)
>    [    34] No servers available for MS_NETLOGON, vserver: 4,
> domain: 
> fhi.mpg.de.
> **[    34] FAILURE: Unable to make a connection
> (NetLogon:FHI.MPG.DE), 
> result: 6940
>    [    34] CIFS authentication failed
> 8/30/2022 16:06:01  napV-02          ERROR
> Nblade.CifsOperationTimedOut: 
> Detected a timed out CIFS operation. SM
> B command for this operation: SMB2_COM_SESSION_SETUP, Number of
> times 
> this command was suspended: 1186, Number of times
> this command was restarted: 0, Last CSM error during this operation: 
> CSM_OK, Remote blade UUID: 00000000-0000-0000-0000-
> 000000000000, Is QoS enabled: QoS_disabled, Last SpinNp error during 
> this operation: SPINNP_NO_FO_ERROR, Client IP addre
> ss: 192.168.6.129, Local IP address: 192.168.6.12, Target Vserver ID:
> 4, 
> Target disk's DSID: 0
> 
> while my log.smbd file reports
> 
> [2022/08/30 17:11:39.808445,  1, pid=8018] 
> ../../auth/gensec/spnego.c:1341(gensec_spnego_server_negTokenInit_ste
> p)
>    gensec_spnego_server_negTokenInit_step: Could not find a suitable 
> mechtype in NEG_TOKEN_INIT
> 
> I'm now asking here because neither Univention nor Netapp seem to
> want 
> to help since they both say that combination is not supported / 
> recommended. no reasons given.

Netapp uses their own proprietary operating system, so could this be
another 'Sonos' like problem ? i.e. It only uses SMBv1

Does the Netapp device have a smb.conf ?

Do you have a contract with either Univention or Netapp ? If so, they
should explain why it isn't supported.

Rowland

More information about the samba mailing list