jacek burghardt
2023-Dec-12 02:07 UTC
[Samba] samba fails to connect to windows file share joined to domain
After running hardening scripts samba cant mount windows shares. I get error trying to mount share [72860.509128] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed [72860.509137] CIFS: VFS: \\winnas Send error in SessSetup = -126 [72860.509158] CIFS: VFS: cifs_mount failed w/return code = -126 [72860.509128] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed [72860.509137] CIFS: VFS: \\winnas Send error in SessSetup = -126 I get following errors: [root at radiorec admin]# smbclient -k -L winnas WARNING: The option -k|--kerberos is deprecated! lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in NEG_TOKEN_INIT session setup failed: NT_STATUS_INVALID_PARAMETER [root at radiorec admin]# smbclient -L winnas lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated Password for [HEBE\root]: [root at radiorec admin]# smbclient -L winnas -U jacek lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated Password for [HEBE\jacek]: session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE Is there gpo I need to disable or I can change config in samba to get shares to mount? I see domain relationship failure but wbinfo works
Rowland Penny
2023-Dec-12 08:25 UTC
[Samba] samba fails to connect to windows file share joined to domain
On Mon, 11 Dec 2023 19:07:47 -0700 jacek burghardt via samba <samba at lists.samba.org> wrote:> After running hardening scripts samba cant mount windows shares.What 'hardening scripts', what did they do ? Samba doesn't mount anything, it provides the shares to mount.> I get error trying to mount share > > [72860.509128] CIFS: VFS: Verify user has a krb5 ticket and keyutils > is installed > [72860.509137] CIFS: VFS: \\winnas Send error in SessSetup = -126 > [72860.509158] CIFS: VFS: cifs_mount failed w/return code = -126 > [72860.509128] CIFS: VFS: Verify user has a krb5 ticket and keyutils > is installed > [72860.509137] CIFS: VFS: \\winnas Send error in SessSetup = -126 >That is actually coming from mount.cifs and '-126' is 'Required key not available', so does the user that is doing the mount have a kerberos ticket ?> I get following errors: > > [root at radiorec admin]# smbclient -k -L winnas > WARNING: The option -k|--kerberos is deprecated! > lpcfg_do_global_parameter: WARNING: The "lanman auth" option is > deprecated > gensec_spnego_client_negTokenInit_step: Could not find a suitable > mechtype in NEG_TOKEN_INIT > session setup failed: NT_STATUS_INVALID_PARAMETER > > [root at radiorec admin]# smbclient -L winnas > lpcfg_do_global_parameter: WARNING: The "lanman auth" option is > deprecated > Password for [HEBE\root]: > > [root at radiorec admin]# smbclient -L winnas -U jacek > lpcfg_do_global_parameter: WARNING: The "lanman auth" option is > deprecated > Password for [HEBE\jacek]: > session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE > > Is there gpo I need to disable or I can change config in samba to get > shares to mount? > > I see domain relationship failure but wbinfo worksI think you need to give us more information: What OS ? What version of Samba ? The contents of your smb.conf The mount command you are using Rowland