Hello all I have a Samba AD DC and a Samba Fileserver. Shares on the latter is mainly served to W10 clients (they are also members of the samba-domain). All this works. Then there is a linux box that mounts a few shares on the fileserver with mount.cifs, this used to work for several years but stopped working a few days back (most likely after an apt upgrade but unfortunately I didn?t notice it break at the moment). I have the credentials in a file (/etc/cifs-utils/cifspasswd): username=me at domain.example.com password=thesecret mount -t cifs -o credentials=/etc/cifs-utils/cifspasswd //fileserver/data /mnt/samba returns Status code returned 0xc000005e STATUS_NO_LOGON_SERVERS However, this works: smbclient -A /etc/cifs-utils/cifspasswd //fileserver/data I?ve tried to change the credential-file to username=me password=thesecret domain=domain.example.com but then smbclient says: gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/sneezy failed (next[(null)]): NT_STATUS_NO_MEMORY and mount.cifs STATUS_NO_LOGON_SERVERS as before If I type an invalid password smbclient also says NT_STATUS_NO_LOGON_SERVERS I am aware that this might not be an issue with samba, I just hope that some kind soul will kick me out in the right direction :) Any hints on how to troubleshoot this would be much appreciated! Samba version is 4.14.6 mount.cifs is 6.8 (debian) smbclient is 4.9.5-Debian os on all three is debian 10.10 with Linux 4.19.0-17-amd64 Cheers, Mark
On Wed, 2021-08-11 at 15:01 +0200, Mark Amundsen via samba wrote:> Hello all > > I have a Samba AD DC and a Samba Fileserver. Shares on the latter is > mainly served to W10 clients (they are also members of the samba- > domain). All this works. > > Then there is a linux box that mounts a few shares on the fileserver > with mount.cifs, this used to work for several years but stopped > working a few days back (most likely after an apt upgrade but > unfortunately I didn?t notice it break at the moment).Is the 'linux box' joined to the domain ? If not, why not ?> > I have the credentials in a file (/etc/cifs-utils/cifspasswd): > username=me at domain.example.com > password=thesecret > > mount -t cifs -o credentials=/etc/cifs-utils/cifspasswd > //fileserver/data /mnt/samba > returns Status code returned 0xc000005e STATUS_NO_LOGON_SERVERS > > However, this works: > smbclient -A /etc/cifs-utils/cifspasswd //fileserver/data > > I?ve tried to change the credential-file to > username=me > password=thesecret > domain=domain.example.com > > but then smbclient says: gensec_spnego_client_negTokenInit_step: > gse_krb5: creating NEG_TOKEN_INIT for cifs/sneezy failed > (next[(null)]): NT_STATUS_NO_MEMORYAnything with 'krb5' in it, means kerberos> and mount.cifs STATUS_NO_LOGON_SERVERS as beforeIt is probably looking for a KDC> > If I type an invalid password smbclient also says > NT_STATUS_NO_LOGON_SERVERS > > I am aware that this might not be an issue with samba, I just hope > that some kind soul will kick me out in the right direction :) > > Any hints on how to troubleshoot this would be much appreciated! > Samba version is 4.14.6 > mount.cifs is 6.8 (debian) > smbclient is 4.9.5-Debian > os on all three is debian 10.10 with Linux 4.19.0-17-amd64 >Lets start by you posting the smb.conf from all three machines (hint: post the output from 'samba-tool testparm --suppress-prompt' on the DC and 'testparm -s' on the others) Rowland
On Wed, 2021-08-11 at 15:01 +0200, Mark Amundsen via samba wrote:> Hello all > > I have a Samba AD DC and a Samba Fileserver. Shares on the latter is > mainly served to W10 clients (they are also members of the samba- > domain). All this works. > > Then there is a linux box that mounts a few shares on the fileserver > with mount.cifs, this used to work for several years but stopped > working a few days back (most likely after an apt upgrade but > unfortunately I didn?t notice it break at the moment). > > I have the credentials in a file (/etc/cifs-utils/cifspasswd): > username=me at domain.example.com > password=thesecret > > mount -t cifs -o credentials=/etc/cifs-utils/cifspasswd > //fileserver/data /mnt/samba > returns Status code returned 0xc000005e STATUS_NO_LOGON_SERVERS > > However, this works: > smbclient -A /etc/cifs-utils/cifspasswd //fileserver/data > > I?ve tried to change the credential-file to > username=me > password=thesecret > domain=domain.example.com > > but then smbclient says: gensec_spnego_client_negTokenInit_step: > gse_krb5: creating NEG_TOKEN_INIT for cifs/sneezy failed > (next[(null)]): NT_STATUS_NO_MEMORY > and mount.cifs STATUS_NO_LOGON_SERVERS as before > > If I type an invalid password smbclient also says > NT_STATUS_NO_LOGON_SERVERS > > I am aware that this might not be an issue with samba, I just hope > that some kind soul will kick me out in the right direction :) > > Any hints on how to troubleshoot this would be much appreciated! > > Samba version is 4.14.6 > mount.cifs is 6.8 (debian) > smbclient is 4.9.5-Debian > os on all three is debian 10.10 with Linux 4.19.0-17-amd64 > > > Cheers, > Mark >Not sure if this will help, I had this exact same problem myself yesterday after a power outage killed all the servers. Even after the DCs were back on, I had to restart the samba-ad-dc process on each of the DCs to resolve this error. All best, Geoff