[Freeipa-users] cannot access to freeipa client's linux share from windows
Fujisan
fujisan43 at gmail.com
Thu Dec 1 14:12:26 UTC 2016
Hello,
I have upgraded a client and a freeipa server from Fedora 24 to 25 recently.
And I *cannot* access linux shares located on the F25 freeipa client from a
windows desktop.
But I can access linux shares located on the F25 freeipa server from that
windows desktop.
And I can access linux shares located on the F24 freeipa client from that
windows desktop.
To be clear, I have:
A/ 1 F25 freeipa server
B/ 1 F25 freeipa client
C/ 1 F24 freeipa client
D/ 1 windows desktop
I can access linux shares of A from D.
I can access linux shares of C from D.
I *cannot* access linux shares of B from D.
I get these messages on B in /var/log/samba/log.10.0.21.247 :
[2016/12/01 11:42:19.218759, 1] ../source3/librpc/crypto/gse_
krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key
table name malformed)
[2016/12/01 11:42:19.218800, 1] ../source3/librpc/crypto/gse_
krb5.c:627(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab
- -1765328205
[2016/12/01 11:42:19.218823, 1] ../auth/gensec/gensec_start.c:
698(gensec_start_mech)
Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR
[2016/12/01 11:42:19.261611, 1] ../source3/librpc/crypto/gse_
krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key
table name malformed)
[2016/12/01 11:42:19.261638, 1] ../source3/librpc/crypto/gse_
krb5.c:627(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab
- -1765328205
[2016/12/01 11:42:19.261653, 1] ../auth/gensec/gensec_start.c:
698(gensec_start_mech)
Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR
[2016/12/01 11:42:19.263330, 2] ../source3/auth/auth.c:315(
auth_check_ntlm_password)
check_ntlm_password: Authentication for user [smith] -> [smith] FAILED
with error NT_STATUS_NO_SUCH_USER
[2016/12/01 11:42:19.263380, 2] ../auth/gensec/spnego.c:720(
gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2016/12/01 11:42:19.270531, 1] ../source3/librpc/crypto/gse_
krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key
table name malformed)
[2016/12/01 11:42:19.270562, 1] ../source3/librpc/crypto/gse_
krb5.c:627(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab
- -1765328205
[2016/12/01 11:42:19.270586, 1] ../auth/gensec/gensec_start.c:
698(gensec_start_mech)
Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR
[2016/12/01 11:42:19.313479, 1] ../source3/librpc/crypto/gse_
krb5.c:534(fill_mem_keytab_from_dedicated_keytab)
../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key
table name malformed)
[2016/12/01 11:42:19.313506, 1] ../source3/librpc/crypto/gse_
krb5.c:627(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem keytab
- -1765328205
[2016/12/01 11:42:19.313523, 1] ../auth/gensec/gensec_start.c:
698(gensec_start_mech)
Failed to start GENSEC server mech gse_krb5: NT_STATUS_INTERNAL_ERROR
[2016/12/01 11:42:19.315256, 2] ../source3/auth/auth.c:315(
auth_check_ntlm_password)
check_ntlm_password: Authentication for user [smith] -> [smith] FAILED
with error NT_STATUS_NO_SUCH_USER
[2016/12/01 11:42:19.315291, 2] ../auth/gensec/spnego.c:720(
gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_SUCH_USER
Also from the F25 server, I have the following when I run smbclient
f25server # smbclient -k -L f25desktop.mydomain
lp_load_ex: changing to config backend registry
session setup failed: NT_STATUS_LOGON_FAILURE
But if i run it with a F24 desktop, it works:
f25server # smbclient -k -L f24desktop.mydomain
lp_load_ex: changing to config backend registry
Domain=[MYDOMAIN] OS=[Windows 6.1] Server=[Samba 4.4.7]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.4.7)
data Disk /data on f24desktop
data2 Disk /data2 on f24desktop
data3 Disk /data3 on f24desktop
backup Disk /backup on f24desktop
[...]
net conf list on the f25desktop gives:
f25desktop # net conf list
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN
netbios name = F25SERVER
server string = Samba Server Version %v
kerberos method = dedicated keytab
dedicated keytab file = FILE:/etc/samba/samba.keytab
log file = /var/log/samba/log.%m
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
security = user
map untrusted to domain = Yes
smb ports = 139 445
log level = 2
[data]
comment = /data on f25desktop
path = /data
create mask = 0644
read only = no
[data2]
comment = /data2 on f25desktop
path = /data2
create mask = 0644
read only = no
[data3]
comment = /data3 on f25desktop
path = /data3
create mask = 0644
read only = no
[backup]
comment = /backup on f25desktop
path = /backup
read only = no
net conf list on the f25server gives:
f25server # net conf list
[global]
workgroup = MYDOMAIN
netbios name = F25SERVER
realm = MYDOMAIN
kerberos method = dedicated keytab
dedicated keytab file = FILE:/etc/samba/samba.keytab
create krb5 conf = no
domain master = yes
domain logons = yes
max log size = 10000
log file = /var/log/samba/log.%m
passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN.socket
disable spoolss = yes
ldapsam:trusted = yes
ldap ssl = off
ldap suffix = dc=mydomain
ldap user suffix = cn=users,cn=accounts
ldap group suffix = cn=groups,cn=accounts
ldap machine suffix = cn=computers,cn=accounts
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
security = user
enable core files = no
log level = 2
[homes]
comment = Home Directories
read only = no
browseable = yes
create mask = 0664
directory mask = 0775
on the F25 server and desktop, i have the following packages installed:
samba-4.5.1-1.fc25.x86_64
samba-client-4.5.1-1.fc25.x86_64
samba-client-libs-4.5.1-1.fc25.x86_64
samba-common-4.5.1-1.fc25.noarch
samba-common-libs-4.5.1-1.fc25.x86_64
samba-common-tools-4.5.1-1.fc25.x86_64
samba-libs-4.5.1-1.fc25.x86_64
samba-python-4.5.1-1.fc25.x86_64
samba-test-4.5.1-1.fc25.x86_64
samba-test-libs-4.5.1-1.fc25.x86_64
samba-winbind-4.5.1-1.fc25.x86_64
samba-winbind-clients-4.5.1-1.fc25.x86_64
samba-winbind-krb5-locator-4.5.1-1.fc25.x86_64
samba-winbind-modules-4.5.1-1.fc25.x86_64
system-config-samba-1.2.100-5.fc24.noarch
system-config-samba-docs-1.0.9-9.fc24.noarch
Any idea what is wrong?
Regards,
Fuji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161201/ef57a833/attachment.htm>
More information about the Freeipa-users
mailing list