[Samba] Error in samba-4.13.17

深圳_极速e栈 2728481257 at qq.com
Sat Sep 10 08:43:22 UTC 2022 

Hello,
Compile and install samba-4.13.17 from source. After the installation and configuration are completed, the winbind startup status shows an error, and the ntlm_auth authentication fails.
Looking forward to your professional guidance.



[e_zhangiso at myradius ~]$ su
Password: 
[root at myradius e_zhangiso]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root at myradius e_zhangiso]# /usr/local/samba/sbin/smbd -V
Version 4.13.17
[root at myradius e_zhangiso]# cat /etc/selinux/config


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 




[root at myradius e_zhangiso]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#	nisplus			Use NIS+ (NIS version 3)
#	nis			Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	sss			Use sssd (System Security Services Daemon)
#	[NOTFOUND=return]	Stop searching if not found so far
#
# WARNING: Running nscd with a secondary caching service like sssd may lead to
# 	   unexpected behaviour, especially with how long entries are cached.


# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis


passwd:     files winbind
shadow:     files sss
group:      files winbind
#initgroups: files sss


#hosts:     db files nisplus nis dns
hosts:      files dns myhostname


# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     


bootparams: nisplus [NOTFOUND=return] files


ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss


netgroup:   nisplus sss


publickey:  nisplus


automount:  files nisplus sss
aliases:    files nisplus


[root at myradius e_zhangiso]# cat /usr/local/samba/etc/smb.conf
[global]
        workgroup = TESTENTERPRISE
        realm = TESTENTERPRISE.NET
        preferred master = no
        server string = centOS FreeRADIUS Test Machine
        security = ADS
        passdb backend = tdbsam
       # Default ID mapping configuration using the autorid
       # idmap backend. This will work out of the box for simple setups
       # as well as complex setups with trusted domains.
        idmap config * : backend = autorid
        idmap config * : range = 100000-19999999
        idmap config * : rangesize = 1000000
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = false
        winbind nested groups = Yes
        log file = /var/log/samba/%m.log
        max log size = 50
        log level = 1
        ntlm auth = mschapv2-and-ntlmv2-only
        printcap name = /etc/cups
        load printers = yes
        cups options = raw


[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes


[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No


[print$]
        comment = Printer Drivers
        path = /usr/local/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775
[root at myradius e_zhangiso]# systemctl status samba -l
● samba.service - Samba Domain Member
   Loaded: loaded (/usr/lib/systemd/system/samba.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-09-10 16:24:59 CST; 7min ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 1633 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 4
   CGroup: /system.slice/samba.service
           ├─1633 /usr/local/samba/sbin/smbd --foreground --no-process-group
           ├─1683 /usr/local/samba/sbin/smbd --foreground --no-process-group
           ├─1685 /usr/local/samba/sbin/smbd --foreground --no-process-group
           └─2109 /usr/local/samba/sbin/smbd --foreground --no-process-group


Sep 10 16:24:59 myradius.com systemd[1]: Starting Samba Domain Member...
Sep 10 16:24:59 myradius.com systemd[1]: Started Samba Domain Member.
Sep 10 16:24:59 myradius.com smbd[1633]: [2022/09/10 16:24:59.500378,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
Sep 10 16:24:59 myradius.com smbd[1633]:   daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
[root at myradius e_zhangiso]# systemctl status nmb -l
● nmb.service - Samba NMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-09-10 16:24:59 CST; 7min ago
     Docs: man:nmbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 1457 (nmbd)
   Status: "nmbd: ready to serve connections..."
    Tasks: 1
   CGroup: /system.slice/nmb.service
           └─1457 /usr/local/samba/sbin/nmbd --foreground --no-process-group


Sep 10 16:25:31 myradius.com nmbd[1457]: 
Sep 10 16:25:31 myradius.com nmbd[1457]:   Samba name server MYRADIUS is now a local master browser for workgroup TESTENTERPRISE on subnet 10.0.8.27
Sep 10 16:25:31 myradius.com nmbd[1457]: 
Sep 10 16:25:31 myradius.com nmbd[1457]:   *****
Sep 10 16:30:37 myradius.com nmbd[1457]: [2022/09/10 16:30:37.768145,  0] ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Sep 10 16:30:37 myradius.com nmbd[1457]:   *****
Sep 10 16:30:37 myradius.com nmbd[1457]: 
Sep 10 16:30:37 myradius.com nmbd[1457]:   Samba name server MYRADIUS is now a local master browser for workgroup TESTENTERPRISE on subnet 192.168.122.1
Sep 10 16:30:37 myradius.com nmbd[1457]: 
Sep 10 16:30:37 myradius.com nmbd[1457]:   *****
[root at myradius e_zhangiso]# systemctl status winbind -l
● winbind.service - Samba Winbind Daemon
   Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-09-10 16:24:59 CST; 7min ago
     Docs: man:winbindd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 1594 (winbindd)
   Status: "winbindd: ready to serve connections..."
    Tasks: 4
   CGroup: /system.slice/winbind.service
           ├─1594 /usr/local/samba/sbin/winbindd --foreground --no-process-group
           ├─1634 /usr/local/samba/sbin/winbindd --foreground --no-process-group
           ├─1639 /usr/local/samba/sbin/winbindd --foreground --no-process-group
           └─1658 /usr/local/samba/sbin/winbindd --foreground --no-process-group


Sep 10 16:24:59 myradius.com systemd[1]: Starting Samba Winbind Daemon...
Sep 10 16:24:59 myradius.com winbindd[1594]: [2022/09/10 16:24:59.376235,  0] ../../source3/winbindd/winbindd_cache.c:3205(initialize_winbindd_cache)
Sep 10 16:24:59 myradius.com winbindd[1594]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Sep 10 16:24:59 myradius.com systemd[1]: Started Samba Winbind Daemon.
Sep 10 16:24:59 myradius.com winbindd[1594]: [2022/09/10 16:24:59.385569,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
Sep 10 16:24:59 myradius.com winbindd[1594]:   daemon_ready: daemon 'winbindd' finished starting up and ready to serve connections
Sep 10 16:24:59 myradius.com winbindd[1634]: [2022/09/10 16:24:59.396456,  0] ../../source3/winbindd/winbindd_cm.c:1874(wb_open_internal_pipe)
Sep 10 16:24:59 myradius.com winbindd[1634]:   open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND
Sep 10 16:24:59 myradius.com winbindd[1634]: [2022/09/10 16:24:59.399195,  0] ../../source3/rpc_server/rpc_ncacn_np.c:457(rpcint_dispatch)
Sep 10 16:24:59 myradius.com winbindd[1634]:   rpcint_dispatch: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR
[root at myradius e_zhangiso]# wbinfo -t
checking the trust secret for domain TESTENTERPRISE via RPC calls succeeded
[root at myradius e_zhangiso]# wbinfo -a vtest1%Zsl123789
plaintext password authentication failed
Could not authenticate user vtest1%Zsl123789 with plaintext password
challenge/response password authentication succeeded
[root at myradius e_zhangiso]# ntlm_auth --request-nt-key --domain = TESTENTERPRISE.NET --username = vtest1 --password = Zsl123789
NT_STATUS_NO_SUCH_USER: The specified account does not exist. (0xc0000064)
[root at myradius e_zhangiso]# 

More information about the samba mailing list