Gerben Roest
2016-Apr-20 21:24 UTC
[Samba] Samba 4.4.2 as AD server: clients OK but server fails "wbinfo -K"
I have set up a samba 4.4.2 AD server, and it works fine for its Windows and Linux clients. Only the server itself behaves peculiar: Linux accounts show up as DOMAIN\username (in prompt and with whoami), on all Linux clients the user accounts are normal (just their username), and only on the server "wbinfo -K username" fails. On the clients it works. The server complains about that: 22:59:54 root at sambaserver:samba# wbinfo --verbose -K john Enter john's password: plaintext kerberos password authentication for [john] failed (requesting cctype: FILE) wbcLogonUser(john): error code was NT_STATUS_CONNECTION_DISCONNECTED (0xc000020c) error message was: The transport connection is now disconnected. Could not authenticate user [john] with Kerberos (ccache: FILE) The error in /usr/local/samba-4-4/var/log.wb-DOMAIN is: [2016/04/20 23:00:04.704273, 1] ../source3/librpc/crypto/gse_krb5.c:416(fill_mem_keytab_from_system_keytab) ../source3/librpc/crypto/gse_krb5.c:416: krb5_kt_start_seq_get failed (No such file or directory) [2016/04/20 23:00:04.704321, 0] ../lib/util/fault.c:78(fault_report) ==============================================================[2016/04/20 23:00:04.704369, 0] ../lib/util/fault.c:79(fault_report) INTERNAL ERROR: Signal 11 in pid 8564 (4.4.2) Please read the Trouble-Shooting section of the Samba HOWTO [2016/04/20 23:00:04.704427, 0] ../lib/util/fault.c:81(fault_report) ==============================================================[2016/04/20 23:00:04.704476, 0] ../source3/lib/util.c:791(smb_panic_s3) PANIC (pid 8564): internal error Any ideas? thanks Gerben
Rowland penny
2016-Apr-21 07:33 UTC
[Samba] Samba 4.4.2 as AD server: clients OK but server fails "wbinfo -K"
On 20/04/16 22:24, Gerben Roest wrote:> I have set up a samba 4.4.2 AD server, and it works fine for its Windows > and Linux clients. Only the server itself behaves peculiar: > > Linux accounts show up as DOMAIN\username (in prompt and with whoami), > on all Linux clients the user accounts are normal (just their username), > > and only on the server "wbinfo -K username" fails. On the clients it > works. The server complains about that: > > 22:59:54 root at sambaserver:samba# wbinfo --verbose -K john > Enter john's password: > plaintext kerberos password authentication for [john] failed (requesting > cctype: FILE) > wbcLogonUser(john): error code was NT_STATUS_CONNECTION_DISCONNECTED > (0xc000020c) > error message was: The transport connection is now disconnected. > Could not authenticate user [john] with Kerberos (ccache: FILE) > > The error in /usr/local/samba-4-4/var/log.wb-DOMAIN is: > > [2016/04/20 23:00:04.704273, 1] > ../source3/librpc/crypto/gse_krb5.c:416(fill_mem_keytab_from_system_keytab) > ../source3/librpc/crypto/gse_krb5.c:416: krb5_kt_start_seq_get failed > (No such file or directory) > [2016/04/20 23:00:04.704321, 0] ../lib/util/fault.c:78(fault_report) > ==============================================================> [2016/04/20 23:00:04.704369, 0] ../lib/util/fault.c:79(fault_report) > INTERNAL ERROR: Signal 11 in pid 8564 (4.4.2) > Please read the Trouble-Shooting section of the Samba HOWTO > [2016/04/20 23:00:04.704427, 0] ../lib/util/fault.c:81(fault_report) > ==============================================================> [2016/04/20 23:00:04.704476, 0] ../source3/lib/util.c:791(smb_panic_s3) > PANIC (pid 8564): internal error > > > Any ideas? > > thanks > > Gerben >Works for me, can you post your smb.conf from the DC Rowland
Gerben Roest
2016-Apr-21 08:50 UTC
[Samba] Samba 4.4.2 as AD server: clients OK but server fails "wbinfo -K"
On 21-04-16 09:33, Rowland penny wrote:> On 20/04/16 22:24, Gerben Roest wrote: >> I have set up a samba 4.4.2 AD server, and it works fine for its Windows >> and Linux clients. Only the server itself behaves peculiar: >> >> Linux accounts show up as DOMAIN\username (in prompt and with whoami), >> on all Linux clients the user accounts are normal (just their username), >> >> and only on the server "wbinfo -K username" fails. On the clients it >> works. The server complains about that: >> >> 22:59:54 root at sambaserver:samba# wbinfo --verbose -K john >> Enter john's password: >> plaintext kerberos password authentication for [john] failed (requesting >> cctype: FILE) >> wbcLogonUser(john): error code was NT_STATUS_CONNECTION_DISCONNECTED >> (0xc000020c) >> error message was: The transport connection is now disconnected. >> Could not authenticate user [john] with Kerberos (ccache: FILE) >> >> The error in /usr/local/samba-4-4/var/log.wb-DOMAIN is: >> >> [2016/04/20 23:00:04.704273, 1] >> ../source3/librpc/crypto/gse_krb5.c:416(fill_mem_keytab_from_system_keytab) >> >> ../source3/librpc/crypto/gse_krb5.c:416: krb5_kt_start_seq_get failed >> (No such file or directory) >> [2016/04/20 23:00:04.704321, 0] ../lib/util/fault.c:78(fault_report) >> ==============================================================>> [2016/04/20 23:00:04.704369, 0] ../lib/util/fault.c:79(fault_report) >> INTERNAL ERROR: Signal 11 in pid 8564 (4.4.2) >> Please read the Trouble-Shooting section of the Samba HOWTO >> [2016/04/20 23:00:04.704427, 0] ../lib/util/fault.c:81(fault_report) >> ==============================================================>> [2016/04/20 23:00:04.704476, 0] ../source3/lib/util.c:791(smb_panic_s3) >> PANIC (pid 8564): internal error >> >> >> Any ideas? >> >> thanks >> >> Gerben >> > > Works for me, can you post your smb.conf from the DCYes, here it is: [global] netbios name = SAMBASERVER realm = AD.DOMAIN.NL workgroup = DOMAIN server role = active directory domain controller idmap_ldb:use rfc2307 = yes template shell = /bin/bash template homedir = /home/%U dns forwarder = 8.8.8.8 kerberos method = secrets and keytab dedicated keytab file = /usr/local/samba-4.4/private/secrets.keytab log level = 1 follow symlinks = true wide links = yes unix extensions = no winbind use default domain = yes logon script = netlogon.bat vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes The clients have this: [global] workgroup = DOMAIN security = ADS realm = AD.DOMAIN.NL idmap config *: backend = tdb idmap config *: range = 100000-200000 idmap config DOMAIN : backend = ad idmap config DOMAIN : range = 500-30000 idmap config DOMAIN : default = yes idmap config DOMAIN : schema mode = rfc2307 winbind nss info = rfc2307 allow trusted domains = no kerberos method = secrets and keytab winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes template shell = /bin/bash template homedir = /home/%U password server = 192.168.10.36 client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes restrict anonymous = 2 domain master = no local master = no preferred master = no os level = 0 I have added the 7 lines from the client from idmap config until winbind nss to the server's smb.conf, but that didn't help. thanks, best regards Gerben
Reasonably Related Threads
- Samba 4.4.2 as AD server: clients OK but server fails "wbinfo -K"
- winbind pam trouble
- primary group gets set to 100 on Samba AD server after a while
- primary group gets set to 100 on Samba AD server after a while
- primary group gets set to 100 on Samba AD server after a while [SOLVED]