leon.roy at gmail.com
2009-Aug-15 23:14 UTC
[Samba] Peculiar difference between two Samba servers
I have two Samba servers acting with Server role: ROLE_DOMAIN_MEMBER running Samba 3.2.5. Both have shares in their smb.conf, both are joined to Active Directory, and are using pam, nis, etc. so that users can authenticate against them (without having to re enter their passwords for each share) and see all permitted files. Clients are a mixture Macs running OS X 10.5 and Windows clients. Windows clients authenticate fine, Macs however display a curious problem: When I access the first server via Finder I am automatically granted a kerberos ticket and can see all permitted shares. However if I access the second server via Finder I get a Connection Failed error and have to manually enter my details, after which the kerberos ticket is granted. I'm puzzled as to why the first server grants the ticket automatically, whereas the second server doesn't. Looking at the two with log level set to 4 I see: Server 1: [2009/08/16 00:58:17, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 51 (0 toread) [2009/08/16 00:58:17, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 4445) conn 0x0 [2009/08/16 00:58:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/08/16 00:58:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2009/08/16 00:58:17, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2009/08/16 00:58:17, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2009/08/16 00:58:17, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 1358 (0 toread) [2009/08/16 00:58:17, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 4445) conn 0x0 [2009/08/16 00:58:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Server 2: [2009/08/16 00:58:42, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 51 (0 toread) [2009/08/16 00:58:42, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 6636) conn 0x0 [2009/08/16 00:58:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/08/16 00:58:42, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2009/08/16 00:58:42, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2009/08/16 00:58:42, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2009/08/16 00:58:42, 3] smbd/process.c:smbd_process(2035) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/08/16 00:58:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 To further troubleshoot I upped the log level to 10 and see no difference in the logs between the two servers until we get to: Server 1: [2009/08/16 00:43:37, 10] lib/util.c:dump_data(2223) [000] 6D 65 72 63 75 72 79 00 00 00 00 00 00 00 00 00 mercury. ........ [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 24 `\..+... ...R0P.$ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [040] 37 02 02 0A A3 28 30 26 A0 24 1B 22 63 69 66 73 7....(0& .$."cifs [050] 2F 6D 65 72 63 75 72 79 2E 62 6F 78 70 65 67 2E /mercury .london. [060] 6E 65 74 40 42 4F 58 50 45 47 2E 4E 45 54 prv at LOND ON.PRV [2009/08/16 00:43:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 1354 [2009/08/16 00:43:37, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x54a Server 2: [2009/08/16 00:42:45, 10] lib/util.c:dump_data(2223) [000] 6A 75 70 69 74 65 72 00 00 00 00 00 00 00 00 00 jupiter. ........ [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 24 `\..+... ...R0P.$ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [040] 37 02 02 0A A3 28 30 26 A0 24 1B 22 63 69 66 73 7....(0& .$."cifs [050] 2F 6A 75 70 69 74 65 72 2E 62 6F 78 70 65 67 2E /jupiter .london. [060] 6E 65 74 40 42 4F 58 50 45 47 2E 4E 45 54 prv at LOND ON.PRV [2009/08/16 00:42:45, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2009/08/16 00:42:45, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE I'm flummoxed as to what the problem might be, any ideas?
leon.roy at gmail.com
2009-Aug-17 13:39 UTC
[Samba] Peculiar difference between two Samba servers
Solved my own problem no thanks to y'all! ;) There was a difference between the two servers after all, Server 1 had one network interface, Server 2 had two. Set the following option in smb.conf on Server 2: socket address = LISTENING_ADDRESS And the problem went away, I'm curious though why auto authentication via kerberos didn't work unless I manually entered the username and password... best, -Leon ----- Original Message ----- From: "leon roy" <leon.roy at gmail.com> To: samba at lists.samba.org Sent: Sunday, 16 August, 2009 00:14:48 GMT +00:00 GMT Britain, Ireland, Portugal Subject: [Samba] Peculiar difference between two Samba servers I have two Samba servers acting with Server role: ROLE_DOMAIN_MEMBER running Samba 3.2.5. Both have shares in their smb.conf, both are joined to Active Directory, and are using pam, nis, etc. so that users can authenticate against them (without having to re enter their passwords for each share) and see all permitted files. Clients are a mixture Macs running OS X 10.5 and Windows clients. Windows clients authenticate fine, Macs however display a curious problem: When I access the first server via Finder I am automatically granted a kerberos ticket and can see all permitted shares. However if I access the second server via Finder I get a Connection Failed error and have to manually enter my details, after which the kerberos ticket is granted. I'm puzzled as to why the first server grants the ticket automatically, whereas the second server doesn't. Looking at the two with log level set to 4 I see: Server 1: [2009/08/16 00:58:17, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 51 (0 toread) [2009/08/16 00:58:17, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 4445) conn 0x0 [2009/08/16 00:58:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/08/16 00:58:17, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2009/08/16 00:58:17, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2009/08/16 00:58:17, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2009/08/16 00:58:17, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 1358 (0 toread) [2009/08/16 00:58:17, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 4445) conn 0x0 [2009/08/16 00:58:17, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Server 2: [2009/08/16 00:58:42, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 51 (0 toread) [2009/08/16 00:58:42, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 6636) conn 0x0 [2009/08/16 00:58:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/08/16 00:58:42, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2009/08/16 00:58:42, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2009/08/16 00:58:42, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2009/08/16 00:58:42, 3] smbd/process.c:smbd_process(2035) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/08/16 00:58:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 To further troubleshoot I upped the log level to 10 and see no difference in the logs between the two servers until we get to: Server 1: [2009/08/16 00:43:37, 10] lib/util.c:dump_data(2223) [000] 6D 65 72 63 75 72 79 00 00 00 00 00 00 00 00 00 mercury. ........ [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 24 `\..+... ...R0P.$ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [040] 37 02 02 0A A3 28 30 26 A0 24 1B 22 63 69 66 73 7....(0& .$."cifs [050] 2F 6D 65 72 63 75 72 79 2E 62 6F 78 70 65 67 2E /mercury .london. [060] 6E 65 74 40 42 4F 58 50 45 47 2E 4E 45 54 prv at LOND ON.PRV [2009/08/16 00:43:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 1354 [2009/08/16 00:43:37, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x54a Server 2: [2009/08/16 00:42:45, 10] lib/util.c:dump_data(2223) [000] 6A 75 70 69 74 65 72 00 00 00 00 00 00 00 00 00 jupiter. ........ [010] 60 5C 06 06 2B 06 01 05 05 02 A0 52 30 50 A0 24 `\..+... ...R0P.$ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [040] 37 02 02 0A A3 28 30 26 A0 24 1B 22 63 69 66 73 7....(0& .$."cifs [050] 2F 6A 75 70 69 74 65 72 2E 62 6F 78 70 65 67 2E /jupiter .london. [060] 6E 65 74 40 42 4F 58 50 45 47 2E 4E 45 54 prv at LOND ON.PRV [2009/08/16 00:42:45, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2009/08/16 00:42:45, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE I'm flummoxed as to what the problem might be, any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Maybe Matching Threads
- How to get users from a second AD domain recognized by samba?
- Windows 7 only connects if joined to the domain
- The user name could not be found when joining a samba domain
- Can't add machines to domain after Debian-Update
- Samba and NetAPP filers, the PDC problem...