[Samba] R: join member failed

Rowland Penny rpenny at samba.org
Tue Dec 13 15:33:23 UTC 2022 


On 13/12/2022 15:22, Corrado Ravinetto via samba wrote:
> 
>> Your join looks successful to me. The dns update error isn't a major issue (which you've already resolved, you say). What do you mean by "can't access to my
> 
>> member anymore"? Can you be more specific about what is happening?
> 
> 
> With smbclient
> 
> [root at dm Cerruti]# smbclient -L dm
> Password for [Administrator at LXCERRUTI.COM]:
> gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932)
> gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> Anonymous login successful
> 
>          Sharename       Type      Comment
>          ---------       ----      -------
>          Vol1            Disk      Home Directory per ogni User
>          TexC            Disk      TexC per controlli finali
>          MagFil          Disk      Share per Magazzino Filati
>          LFC             Disk      Share per Outlet
>          McLFC           Disk      Share per gestione Outlet
>          Osra            Disk      Share per ufficio Paghe
>          IPC$            IPC       IPC Service (Samba Member - Versione 4.17.3)
> Reconnecting with SMB1 for workgroup listing.
> gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): TGT has been revoked (cifs/dm at LXCERRUTI.COM)](2529638932)
> gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dm failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> Anonymous login successful
> 
>          Server               Comment
>          ---------            -------
>          DM                   Samba Member - Versione 4.17.3
>          SRVPAGHE
> 
>          Workgroup            Master
>          ---------            -------
>          LXCERRUTI            SRVPAGHE
> 
> 
> This is my smb.conf
> 
> [global]
>          client min protocol = NT1
>          dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool
>          log file = /var/log/samba/message.log
>          log level = 1
>          max log size = 1000
>          ntlm auth = ntlmv1-permitted
>          os level = 250
>          realm = LXCERRUTI.COM
>          security = ADS
>          server min protocol = NT1
>          server role = member server
>          server string = Samba Member - Versione %v
>          username map = /usr/local/samba/etc/user.map

Why is your user.map in a place that suggest you compiled Samba 
yourself, but the logfile doesn't ?

>          winbind offline logon = Yes
>          winbind use default domain = Yes
>          workgroup = LXCERRUTI
>          idmap config * : range = 9000-17999
>          idmap config lxcerruti : backend = ad
>          idmap config lxcerruti : range = 500-7999
>          idmap config lxcerruti : schema_mode = rfc2307
>          idmap config lxcerruti : unix_nss_info = yes
>          idmap config lxcerruti : unix_primary_group = yes
>          acl allow execute always = Yes

Have you some reason for using SMBv1 ?
Also, why are you using such strange ranges for the idmap config lines ?

> 
> [Vol1]
>          admin users = @g_admin
>          comment = Home Directory per ogni User
>          create mask = 0777
>          directory mask = 0777
>          hide unreadable = Yes
>          path = /Cerruti
>          read only = No

Can I ask you to read 'man vfs_acl_xattr' and then set up your smb.conf 
correctly, you are still using the old way of doing things

Rowland

More information about the samba mailing list