[Samba] upgrade from samba 4.13 to 4.16 broke CIFS Server Authentication
Rowland Penny
rpenny at samba.org
Tue Aug 30 16:10:47 UTC 2022
On Tue, 2022-08-30 at 17:12 +0200, William Kirstaedter via samba wrote:
> Error verifying signature: parse error
> --------------ms090900020002010303020809
> Content-Type: text/plain; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: 8bit
>
> Hello,
>
> I'm running a samba AD server in the form of a univention appliance
> ...
>
> with their latest release upgrade from UCS-5.0-1 to UCS-5.0-2 the
> samba
> version bumped from 4.13 to 4.16.
>
> furthermore, I'm running commercial NetApp Storage Systems, providing
> a
> CIFS Server (joined my UCS Domain)
>
> since the upgrade, I have the following problem:
>
> while domain-joined windows clients still can connect to the shares
> provided by the NetApp, non-domain windows clients cant anymore.
>
> they always produce the following error message in the netapps event
> log
> and report that the domain isnt available right now.
>
> 8/30/2022 16:06:21 napV-02 ERROR secd.cifsAuth.problem:
> vserver
> (napV2) General CIFS authentication pr
> oblem. Error: User authentication procedure failed
> CIFS SMB2 Share mapping - Client Ip = 192.168.6.129
> [ 0 ms] Login attempt by domain user 'FHI\cliff' using NTLMv2
> style
> security
> [ 0] No servers available for MS_NETLOGON, vserver: 4,
> domain:
> fhi.mpg.de.
> [ 11] Hostname found in Name Service Cache
> [ 11] Successfully connected to ip 192.168.6.100, port 445
> using TCP
> [ 31] Encountered NT error (NT_STATUS_INVALID_PARAMETER) for
> SMB
> command SessionSetup
> [ 34] Unable to connect to NetLogon service on
> wayland.fhi.mpg.de
> (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABL
> E)
> [ 34] No servers available for MS_NETLOGON, vserver: 4,
> domain:
> fhi.mpg.de.
> **[ 34] FAILURE: Unable to make a connection
> (NetLogon:FHI.MPG.DE),
> result: 6940
> [ 34] CIFS authentication failed
> 8/30/2022 16:06:01 napV-02 ERROR
> Nblade.CifsOperationTimedOut:
> Detected a timed out CIFS operation. SM
> B command for this operation: SMB2_COM_SESSION_SETUP, Number of
> times
> this command was suspended: 1186, Number of times
> this command was restarted: 0, Last CSM error during this operation:
> CSM_OK, Remote blade UUID: 00000000-0000-0000-0000-
> 000000000000, Is QoS enabled: QoS_disabled, Last SpinNp error during
> this operation: SPINNP_NO_FO_ERROR, Client IP addre
> ss: 192.168.6.129, Local IP address: 192.168.6.12, Target Vserver ID:
> 4,
> Target disk's DSID: 0
>
> while my log.smbd file reports
>
> [2022/08/30 17:11:39.808445, 1, pid=8018]
> ../../auth/gensec/spnego.c:1341(gensec_spnego_server_negTokenInit_ste
> p)
> gensec_spnego_server_negTokenInit_step: Could not find a suitable
> mechtype in NEG_TOKEN_INIT
>
> I'm now asking here because neither Univention nor Netapp seem to
> want
> to help since they both say that combination is not supported /
> recommended. no reasons given.
Netapp uses their own proprietary operating system, so could this be
another 'Sonos' like problem ? i.e. It only uses SMBv1
Does the Netapp device have a smb.conf ?
Do you have a contract with either Univention or Netapp ? If so, they
should explain why it isn't supported.
Rowland
More information about the samba
mailing list