Hi, Our samba server is running Red Hat Enterprise Linux ES release 4 (Nahant Update 4) with samba version: samba-3.0.33-0.17.el4. We like to authenticate all the users with our Primary Domain Controller wnidows 2008. Some users keep getting asked to enter username and password. Even with the correct password, still can't access the drive. The strange thing is that some users are successful. These users all have valid accounts on windows. In this case user "jrau" is a valid user and "JRAUXP" is the PC name from which he is accessing the samba share. Wbinfo -u displays his username: STEC-INC=jrau But not the computer name, which makes me think that might be the problem. Also we are not using LDAP, just winbind. Here is some my config files and error logs: /var/log/samba/<userlog>: [2009/10/12 07:28:56, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client xxxx.xxx.xx.xx. Error = Connection reset by peer [2009/10/12 07:28:56, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/10/12 07:28:56, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/12 07:47:19, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xx.xx.xx. Error Connection reset by peer [2009/10/12 07:47:19, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/12 08:37:16, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xx.xx.xx. Error Connection reset by peer [2009/10/12 08:37:16, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/12 12:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! <------------- [2009/10/12 12:11:02, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client xxx.x.xxx.xx. Error = Connection reset by peer [2009/10/13 10:26:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(439) Username STEC-INC=jrau is invalid on this system [2009/10/13 10:26:30, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xxx.xxx.xx. Error Connection reset by peer [2009/10/13 10:26:30, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/13 16:16:45, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client xxx.xxx.xx.xx. Error = Connection reset by peer [2009/10/13 16:16:46, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xx.xx.xx. Error Connection reset by peer [2009/10/13 16:16:46, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/13 16:51:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(439) Username STEC-INC=JRAUXP$ is invalid on this system <-- . Thank you for your help. Kathy PROPRIETARY-CONFIDENTIAL INFORMATION INCLUDED This electronic transmission, and any documents attached hereto, may contain confidential, proprietary and/or legally privileged information. The information is intended only for use by the recipient named above. If you received this electronic message in error, please notify the sender and delete the electronic message. Any disclosure, copying, distribution, or use of the contents of information received in error is strictly prohibited, and violators will be pursued legally.
I just fixed that same issue (CentOS 5) updating to Samba 3.4.2 linked against Kerberos 1.7 - we were working against 2008R2, specifically referring to this part of the log: [2009/10/12 12:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! <------------- I don't know if the newest Samba is necessary, but I do know the Kerberos 1.7 is. You'll want to rejoin the domain after updating. Mark Bober Manager of Computational Services Engineering IT - School of Engineering Washington University in St. Louis bober at wustl.edu 314-935-5095 -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Kathy Khagani Sent: Thursday, October 15, 2009 11:44 AM To: 'samba at lists.samba.org' Subject: [Samba] can not access samba drive on Redhat ES 4 Hi, Our samba server is running Red Hat Enterprise Linux ES release 4 (Nahant Update 4) with samba version: samba-3.0.33-0.17.el4. We like to authenticate all the users with our Primary Domain Controller wnidows 2008. Some users keep getting asked to enter username and password. Even with the correct password, still can't access the drive. The strange thing is that some users are successful. These users all have valid accounts on windows. In this case user "jrau" is a valid user and "JRAUXP" is the PC name from which he is accessing the samba share. Wbinfo -u displays his username: STEC-INC=jrau But not the computer name, which makes me think that might be the problem. Also we are not using LDAP, just winbind. Here is some my config files and error logs: /var/log/samba/<userlog>: [2009/10/12 07:28:56, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client xxxx.xxx.xx.xx. Error Connection reset by peer [2009/10/12 07:28:56, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2009/10/12 07:28:56, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/12 07:47:19, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xx.xx.xx. Error Connection reset by peer [2009/10/12 07:47:19, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/12 08:37:16, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xx.xx.xx. Error Connection reset by peer [2009/10/12 08:37:16, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/12 12:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! <------------- [2009/10/12 12:11:02, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client xxx.x.xxx.xx. Error Connection reset by peer [2009/10/13 10:26:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(439) Username STEC-INC=jrau is invalid on this system [2009/10/13 10:26:30, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xxx.xxx.xx. Error Connection reset by peer [2009/10/13 10:26:30, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/13 16:16:45, 0] lib/util_sock.c:read_data(534) read_data: read failure for 4 bytes to client xxx.xxx.xx.xx. Error Connection reset by peer [2009/10/13 16:16:46, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client xxx.xx.xx.xx. Error Connection reset by peer [2009/10/13 16:16:46, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2009/10/13 16:51:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(439) Username STEC-INC=JRAUXP$ is invalid on this system <-- . Thank you for your help. Kathy PROPRIETARY-CONFIDENTIAL INFORMATION INCLUDED This electronic transmission, and any documents attached hereto, may contain confidential, proprietary and/or legally privileged information. The information is intended only for use by the recipient named above. If you received this electronic message in error, please notify the sender and delete the electronic message. Any disclosure, copying, distribution, or use of the contents of information received in error is strictly prohibited, and violators will be pursued legally. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
I ended up compiling from source on both, so as not to interfere with
the rest of the system. Best not to chance it, especially with that big
of a jump on Kerberos. (I may be overly paranoid) I've only got 4
systems I need to modify though, and they're all the same, arch and
os-wise.
My configure lines were:
Samba:
$ ./configure --prefix=/usr/local/samba --with-ads --with-ldap
--with-krb5 --with-setproctitle --with-cifsupcall --with-mmap
--with-quotas
Kerberos:
$ ./configure --prefix=/usr/local/samba --enable-dns-for-realm
I put them in the same prefix, so that in the /etc/init.d/smb, I added
the line:
LD_LIBRARY_PATH=/usr/local/samba/lib
export LD_LIBRARY_PATH
right before the "start{} {" line in the script. The daemon will see
the
new libs first. Some modifications are needed to the smb.conf file, I
got away with just this:
#use kerberos keytab = true
kerberos method = system keytab
It'll complain about others if you have them.
Mark
-----Original Message-----
From: Kathy Khagani [mailto:kkhagani at stec-inc.com]
Sent: Thursday, October 15, 2009 12:24 PM
To: Bober, Mark
Subject: RE: [Samba] can not access samba drive on Redhat ES 4
For Redhat ES 4 the available samba is 3.0.33 and Kerberos is 1.3.4, on
the Redhat site. I guess I can download from other sites. If anyone
knows of any incompatibility please let me know.
-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Bober, Mark
Sent: Thursday, October 15, 2009 10:05 AM
To: samba at lists.samba.org
Subject: Re: [Samba] can not access samba drive on Redhat ES 4
I just fixed that same issue (CentOS 5) updating to Samba 3.4.2 linked
against Kerberos 1.7 - we were working against 2008R2, specifically
referring to this part of the log:
[2009/10/12 12:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
<-------------
I don't know if the newest Samba is necessary, but I do know the
Kerberos 1.7 is. You'll want to rejoin the domain after updating.
Mark Bober
Manager of Computational Services
Engineering IT - School of Engineering
Washington University in St. Louis
bober at wustl.edu
314-935-5095
-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Kathy Khagani
Sent: Thursday, October 15, 2009 11:44 AM
To: 'samba at lists.samba.org'
Subject: [Samba] can not access samba drive on Redhat ES 4
Hi,
Our samba server is running Red Hat Enterprise Linux ES release 4
(Nahant Update 4) with samba version: samba-3.0.33-0.17.el4. We like to
authenticate all the users with our Primary Domain Controller wnidows
2008. Some users keep getting asked to enter username and password.
Even with the correct password, still can't access the drive. The
strange thing is that some users are successful.
These users all have valid accounts on windows.
In this case user "jrau" is a valid user and "JRAUXP" is the
PC name
from which he is accessing the samba share.
Wbinfo -u displays his username:
STEC-INC=jrau
But not the computer name, which makes me think that might be the
problem.
Also we are not using LDAP, just winbind.
Here is some my config files and error logs:
/var/log/samba/<userlog>:
[2009/10/12 07:28:56, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client xxxx.xxx.xx.xx. Error Connection
reset by peer
[2009/10/12 07:28:56, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2009/10/12 07:28:56, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/12 07:47:19, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client xxx.xx.xx.xx. Error
Connection reset by peer
[2009/10/12 07:47:19, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/12 08:37:16, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client xxx.xx.xx.xx. Error
Connection reset by peer
[2009/10/12 08:37:16, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/12 12:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
<-------------
[2009/10/12 12:11:02, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client xxx.x.xxx.xx. Error Connection
reset by peer
[2009/10/13 10:26:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
Username STEC-INC=jrau is invalid on this system
[2009/10/13 10:26:30, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client xxx.xxx.xxx.xx. Error
Connection reset by peer
[2009/10/13 10:26:30, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/13 16:16:45, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client xxx.xxx.xx.xx. Error Connection
reset by peer
[2009/10/13 16:16:46, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client xxx.xx.xx.xx. Error
Connection reset by peer
[2009/10/13 16:16:46, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/10/13 16:51:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
Username STEC-INC=JRAUXP$ is invalid on this system
<--
.
Thank you for your help.
Kathy
PROPRIETARY-CONFIDENTIAL INFORMATION INCLUDED
This electronic transmission, and any documents attached hereto, may
contain confidential, proprietary and/or legally privileged information.
The information is intended only for use by the recipient named above.
If you received this electronic message in error, please notify the
sender and delete the electronic message. Any disclosure, copying,
distribution, or use of the contents of information received in error is
strictly prohibited, and violators will be pursued legally.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
PROPRIETARY-CONFIDENTIAL INFORMATION INCLUDED
This electronic transmission, and any documents attached hereto, may
contain confidential, proprietary and/or legally privileged information.
The information is intended only for use by the recipient named above.
If you received this electronic message in error, please notify the
sender and delete the electronic message. Any disclosure, copying,
distribution, or use of the contents of information received in error is
strictly prohibited, and violators will be pursued legally.