samba - Apr 2015 - After Update Member Server not working

Hello all,

I got some updates for my centos 7 (core), but nothing for the
sernet-samba-packages.

But now, my (test) member server isn't accessable anymore. Its smb.conf:

[global]

    netbios name = SERVERNAME
    workgroup = DOMAIN
    security = ADS
    realm = DOMAIN.EXAMPLE.COM
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    log level = 10 winbind:2

     bind interfaces only = yes
    interfaces = lo enp0s25

    username map = /etc/samba/user.map

    idmap config *:backend = tdb
    idmap config *:range = 2000-8999
    idmap config DOMAIN:backend = ad
    idmap config DOMAIN:schema_mode = rfc2307
    idmap config DOMAIN:range = 10000-99999

    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes
    winbind refresh tickets = Yes
    winbind expand groups = 4
    winbind normalize names = Yes
    domain master = no
    local master = no

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

[share]
    path = /srv/share
    read only = no

The behaviour is the following: If I hit \\<IP adress>, I can/must
authenticate with administrator, normal domain users do not work anymore. When I
hit \\<Servername>, nothing is working. There is only a message, I am not
authorized to use the resource.


Here your are a log of smbd:
grep LOGON /var/log/samba/log.smbd
   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
   smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at
../source3/smbd/smb2_sesssetup.c:131
   smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] body[8]
dyn[yes:1] at ../source3/smbd/smb2_server.c:2646
   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
   smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at
../source3/smbd/smb2_sesssetup.c:131
   smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] body[8]
dyn[yes:1] at ../source3/smbd/smb2_server.c:2646
   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
   smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at
../source3/smbd/smb2_sesssetup.c:131
   smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] body[8]
dyn[yes:1] at ../source3/smbd/smb2_server.c:2646
   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
   smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at
../source3/smbd/smb2_sesssetup.c:131
   smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] body[8]
dyn[yes:1] at ../source3/smbd/smb2_server.c:2646
   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
   smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at
../source3/smbd/smb2_sesssetup.c:131
   smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] body[8]
dyn[yes:1] at ../source3/smbd/smb2_server.c:2646
   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
   smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at
../source3/smbd/smb2_sesssetup.c:131
   smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] body[8]
dyn[yes:1] at ../source3/smbd/smb2_server.c:2646

My krb5.conf
[libdefaults]
  dns_lookup_realm = true
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true
  rdns = false
  default_realm = Q007DPK2.Q007.INTERN
  dns_lookup_kdc = true

I would appreciate your help. Thanks in advance.

Regards
Tim

Did you reboot your server? 

I would start with check the time on the member and DC server.
make sure its withing 5 min. 

check the resolv.conf file.

check your keytab file rights

try to init. 
kinit administrator 
klist -e 

klist -k /etc/krb5.keytab -e 

and you can try to change: 
interfaces = lo enp0s25
to 
interfaces = lo ipnumber 

I stoppped using the interface name because of bug in detecting the names. (
ubuntu mostly )


Louis


>-----Oorspronkelijk bericht-----
>Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] Namens Tim
>Verzonden: donderdag 9 april 2015 14:10
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] After Update Member Server not working
>
>Hello all,
>
>I got some updates for my centos 7 (core), but nothing for the 
>sernet-samba-packages.
>
>But now, my (test) member server isn't accessable anymore. Its 
>smb.conf:
>
>[global]
>
>    netbios name = SERVERNAME
>    workgroup = DOMAIN
>    security = ADS
>    realm = DOMAIN.EXAMPLE.COM
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>    log level = 10 winbind:2
>
>     bind interfaces only = yes
>    interfaces = lo enp0s25
>
>    username map = /etc/samba/user.map
>
>    idmap config *:backend = tdb
>    idmap config *:range = 2000-8999
>    idmap config DOMAIN:backend = ad
>    idmap config DOMAIN:schema_mode = rfc2307
>    idmap config DOMAIN:range = 10000-99999
>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users  = yes
>    winbind enum groups = yes
>    winbind refresh tickets = Yes
>    winbind expand groups = 4
>    winbind normalize names = Yes
>    domain master = no
>    local master = no
>
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>
>[share]
>    path = /srv/share
>    read only = no
>
>The behaviour is the following: If I hit \\<IP adress>, I 
>can/must authenticate with administrator, normal domain users 
>do not work anymore. When I hit \\<Servername>, nothing is 
>working. There is only a message, I am not authorized to use 
>the resource.
>
>
>Here your are a log of smbd:
>grep LOGON /var/log/samba/log.smbd
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>   smbd_smb2_request_error_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] || at 
>../source3/smbd/smb2_sesssetup.c:131
>   smbd_smb2_request_done_ex: idx[1] 
>status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at 
>../source3/smbd/smb2_server.c:2646
>
>My krb5.conf
>[libdefaults]
>  dns_lookup_realm = true
>  ticket_lifetime = 24h
>  renew_lifetime = 7d
>  forwardable = true
>  rdns = false
>  default_realm = Q007DPK2.Q007.INTERN
>  dns_lookup_kdc = true
>
>I would appreciate your help. Thanks in advance.
>
>Regards
>Tim
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

Hey Louis,

it was the time. For some reason ntp did not work correctly anymore. Thank you
very much. It was 1 hour behind.

Regards
Tim




Am 09.04.2015 um 14:26 schrieb L.P.H. van Belle:
> Did you reboot your server?
>
> I would start with check the time on the member and DC server.
> make sure its withing 5 min.
>
> check the resolv.conf file.
>
> check your keytab file rights
>
> try to init.
> kinit administrator
> klist -e
>
> klist -k /etc/krb5.keytab -e
>
> and you can try to change:
> interfaces = lo enp0s25
> to
> interfaces = lo ipnumber
>
> I stoppped using the interface name because of bug in detecting the names.
( ubuntu mostly )
>
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] Namens
Tim
>> Verzonden: donderdag 9 april 2015 14:10
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] After Update Member Server not working
>>
>> Hello all,
>>
>> I got some updates for my centos 7 (core), but nothing for the
>> sernet-samba-packages.
>>
>> But now, my (test) member server isn't accessable anymore. Its
>> smb.conf:
>>
>> [global]
>>
>>     netbios name = SERVERNAME
>>     workgroup = DOMAIN
>>     security = ADS
>>     realm = DOMAIN.EXAMPLE.COM
>>     dedicated keytab file = /etc/krb5.keytab
>>     kerberos method = secrets and keytab
>>     log level = 10 winbind:2
>>
>>      bind interfaces only = yes
>>     interfaces = lo enp0s25
>>
>>     username map = /etc/samba/user.map
>>
>>     idmap config *:backend = tdb
>>     idmap config *:range = 2000-8999
>>     idmap config DOMAIN:backend = ad
>>     idmap config DOMAIN:schema_mode = rfc2307
>>     idmap config DOMAIN:range = 10000-99999
>>
>>     winbind nss info = rfc2307
>>     winbind trusted domains only = no
>>     winbind use default domain = yes
>>     winbind enum users  = yes
>>     winbind enum groups = yes
>>     winbind refresh tickets = Yes
>>     winbind expand groups = 4
>>     winbind normalize names = Yes
>>     domain master = no
>>     local master = no
>>
>>     vfs objects = acl_xattr
>>     map acl inherit = Yes
>>     store dos attributes = Yes
>>
>> [share]
>>     path = /srv/share
>>     read only = no
>>
>> The behaviour is the following: If I hit \\<IP adress>, I
>> can/must authenticate with administrator, normal domain users
>> do not work anymore. When I hit \\<Servername>, nothing is
>> working. There is only a message, I am not authorized to use
>> the resource.
>>
>>
>> Here your are a log of smbd:
>> grep LOGON /var/log/samba/log.smbd
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>    smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] || at
>> ../source3/smbd/smb2_sesssetup.c:131
>>    smbd_smb2_request_done_ex: idx[1]
>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>> ../source3/smbd/smb2_server.c:2646
>>
>> My krb5.conf
>> [libdefaults]
>>   dns_lookup_realm = true
>>   ticket_lifetime = 24h
>>   renew_lifetime = 7d
>>   forwardable = true
>>   rdns = false
>>   default_realm = Q007DPK2.Q007.INTERN
>>   dns_lookup_kdc = true
>>
>> I would appreciate your help. Thanks in advance.
>>
>> Regards
>> Tim
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

The bios of the server did not know about summer and winter time.. 

And your welkom ;-) if they were all this easy to fix  ;-))  


Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] Namens Tim
>Verzonden: donderdag 9 april 2015 16:19
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] After Update Member Server not working
>
>Hey Louis,
>
>it was the time. For some reason ntp did not work correctly 
>anymore. Thank you very much. It was 1 hour behind.
>
>Regards
>Tim
>
>
>
>
>Am 09.04.2015 um 14:26 schrieb L.P.H. van Belle:
>> Did you reboot your server?
>>
>> I would start with check the time on the member and DC server.
>> make sure its withing 5 min.
>>
>> check the resolv.conf file.
>>
>> check your keytab file rights
>>
>> try to init.
>> kinit administrator
>> klist -e
>>
>> klist -k /etc/krb5.keytab -e
>>
>> and you can try to change:
>> interfaces = lo enp0s25
>> to
>> interfaces = lo ipnumber
>>
>> I stoppped using the interface name because of bug in 
>detecting the names. ( ubuntu mostly )
>>
>>
>> Louis
>>
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] 
>Namens Tim
>>> Verzonden: donderdag 9 april 2015 14:10
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] After Update Member Server not working
>>>
>>> Hello all,
>>>
>>> I got some updates for my centos 7 (core), but nothing for the
>>> sernet-samba-packages.
>>>
>>> But now, my (test) member server isn't accessable anymore. Its
>>> smb.conf:
>>>
>>> [global]
>>>
>>>     netbios name = SERVERNAME
>>>     workgroup = DOMAIN
>>>     security = ADS
>>>     realm = DOMAIN.EXAMPLE.COM
>>>     dedicated keytab file = /etc/krb5.keytab
>>>     kerberos method = secrets and keytab
>>>     log level = 10 winbind:2
>>>
>>>      bind interfaces only = yes
>>>     interfaces = lo enp0s25
>>>
>>>     username map = /etc/samba/user.map
>>>
>>>     idmap config *:backend = tdb
>>>     idmap config *:range = 2000-8999
>>>     idmap config DOMAIN:backend = ad
>>>     idmap config DOMAIN:schema_mode = rfc2307
>>>     idmap config DOMAIN:range = 10000-99999
>>>
>>>     winbind nss info = rfc2307
>>>     winbind trusted domains only = no
>>>     winbind use default domain = yes
>>>     winbind enum users  = yes
>>>     winbind enum groups = yes
>>>     winbind refresh tickets = Yes
>>>     winbind expand groups = 4
>>>     winbind normalize names = Yes
>>>     domain master = no
>>>     local master = no
>>>
>>>     vfs objects = acl_xattr
>>>     map acl inherit = Yes
>>>     store dos attributes = Yes
>>>
>>> [share]
>>>     path = /srv/share
>>>     read only = no
>>>
>>> The behaviour is the following: If I hit \\<IP adress>, I
>>> can/must authenticate with administrator, normal domain users
>>> do not work anymore. When I hit \\<Servername>, nothing is
>>> working. There is only a message, I am not authorized to use
>>> the resource.
>>>
>>>
>>> Here your are a log of smbd:
>>> grep LOGON /var/log/samba/log.smbd
>>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>    smbd_smb2_request_error_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] || at
>>> ../source3/smbd/smb2_sesssetup.c:131
>>>    smbd_smb2_request_done_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>> ../source3/smbd/smb2_server.c:2646
>>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>    smbd_smb2_request_error_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] || at
>>> ../source3/smbd/smb2_sesssetup.c:131
>>>    smbd_smb2_request_done_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>> ../source3/smbd/smb2_server.c:2646
>>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>    smbd_smb2_request_error_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] || at
>>> ../source3/smbd/smb2_sesssetup.c:131
>>>    smbd_smb2_request_done_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>> ../source3/smbd/smb2_server.c:2646
>>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>    smbd_smb2_request_error_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] || at
>>> ../source3/smbd/smb2_sesssetup.c:131
>>>    smbd_smb2_request_done_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>> ../source3/smbd/smb2_server.c:2646
>>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>    smbd_smb2_request_error_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] || at
>>> ../source3/smbd/smb2_sesssetup.c:131
>>>    smbd_smb2_request_done_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>> ../source3/smbd/smb2_server.c:2646
>>>    SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>>>    SPNEGO login failed: NT_STATUS_LOGON_FAILURE
>>>    smbd_smb2_request_error_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] || at
>>> ../source3/smbd/smb2_sesssetup.c:131
>>>    smbd_smb2_request_done_ex: idx[1]
>>> status[NT_STATUS_LOGON_FAILURE] body[8] dyn[yes:1] at
>>> ../source3/smbd/smb2_server.c:2646
>>>
>>> My krb5.conf
>>> [libdefaults]
>>>   dns_lookup_realm = true
>>>   ticket_lifetime = 24h
>>>   renew_lifetime = 7d
>>>   forwardable = true
>>>   rdns = false
>>>   default_realm = Q007DPK2.Q007.INTERN
>>>   dns_lookup_kdc = true
>>>
>>> I would appreciate your help. Thanks in advance.
>>>
>>> Regards
>>> Tim
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>