[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Michael Tokarev
mjt at tls.msk.ru
Thu Nov 24 11:14:17 UTC 2022
[Stefan, I was afk for quite some time, now back just briefly]
24.11.2022 12:32, Stefan G. Weichinger wrote:
> now the processes are there:
>
> # ps axf | egrep "winbindd"
> 6516 pts/0 S+ 0:00 | \_ grep -E winbindd
> 5960 ? S 0:00 | \_ samba: task[winbindd] pre-fork master
> 5967 ? Ss 0:03 | \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
> 5986 ? S 0:00 | \_ winbindd: domain child [ARBEITSGRUPPE]
> 6311 ? S 0:00 | \_ winbindd: domain child [BUILTIN]
> 6312 ? S 0:00 | \_ winbindd: idmap child
Okay, that looks good.
> # tail log.samba
> [2022/11/24 10:30:01.604138, 2] ../../source4/dns_server/dns_update.c:824(dns_server_process_update)
> Got a dns update request.
> [2022/11/24 10:30:01.604970, 2] ../../source4/dns_server/dns_update.c:781(dns_update_allowed)
> Update not allowed for unsigned packet.
> [2022/11/24 10:30:01.629463, 1] ../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
> GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256,
> key type aes256-cts-hmac-sha1-96
> [2022/11/24 10:30:01.629577, 1] ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_step)
> gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
> [2022/11/24 10:30:01.629641, 1] ../../source4/dns_server/dns_query.c:888(handle_tkey)
> GSS key negotiation returned NT_STATUS_LOGON_FAILURE
That *smalls* like a keytab issue, but I'm not sure yet.
..
> # wbinfo -t
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
Wow.
See lsof /run/samba/winbindd/pipe - this will show which
process is listening there.
See strace -e connect wbinfo -t - this will show what
wbinfo gets when trying to connect there.
See lsof -p for the winbindd processes above
(eg lsof -p 6312) for the files open by these processes.
It is some very basic stuff.. it's weird.
Has this been restarted after upgrade? (it should, but I
haven't looked at this part in the debian package yet).
Did you restart it manually before?
/mjt
More information about the samba
mailing list