Oliver Werner
2016-Sep-22 16:14 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Hi,
After some hours (maybe 8-12h) i can’t connect to my Samba Member (SMB://).
After restarting winbind works fine again.
We using 4.5.0 right now.
I hope the following informations will be enough at this moment
In samba log on DC i got the following Error:
[2016/09/22 08:58:56.925190, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [dfs_samba4]
[2016/09/22 08:58:56.925235, 2]
../source3/modules/vfs_acl_xattr.c:201(connect_acl_xattr)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service IPC$
[2016/09/22 08:58:56.928361, 3]
../source3/smbd/service.c:907(make_connection_snum)
192.168.111.159 (ipv4:192.168.111.159:45070) connect to service IPC$ initially
as user HQKONTRAST\pl0024$ (uid=3000085, gid=3000015) (pid 3755)
[2016/09/22 17:21:05.879733, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at
../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.880494, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at
../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.881399, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at
../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.881874, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at
../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.882713, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at
../source3/smbd/smb2_server.c:2415
[2016/09/22 17:21:05.883692, 3] ../source3/smbd/service.c:1183(close_cnum)
192.168.111.159 (ipv4:192.168.111.159:45070) closed connection to service IPC$
[2016/09/22 17:21:05.889500, 3]
../source3/smbd/server_exit.c:246(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
[2016/09/22 17:21:05.920155, 3] ../source3/smbd/oplock.c:1322(init_oplocks)
init_oplocks: initializing messages.
My DC Config:
# Global parameters
[global]
workgroup = HQKONTRAST
realm = HQ.KONTRAST
netbios name = VL0227
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
interfaces = eth0:35
bind interfaces only=yes
ldap server require strong auth = no
ntlm auth = yes
# Debug logging information
log level = 3
log file = /var/log/samba/samba.log.%m
#max log size = 50
#debug timestamp = yesddiid
tls enabled = yes
tls keyfile = /var/lib/samba/private/tls/key.pem
tls certfile = /var/lib/samba/private/tls/cert.pem
tls cafile = /var/lib/samba/private/tls/ca.pem
[netlogon]
path = /var/lib/samba/sysvol/hq.kontrast/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Member config:
[global]
netbios name = PL0024
security = ADS
workgroup = HQKONTRAST
realm = hq.kontrast
log file = /var/log/samba/%m.log
log level = 3 passdb:5 auth:10 winbind:10
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
#winbind cache time = 300
# Default idmap config used for BUILTIN and local accounts/groups
#idmap cache time = 604800
idmap cache time = 1
idmap negative cache time = 1
winbind cache time = 1
idmap config *:backend = tdb
idmap config *:range = 500-1023
# idmap config for domain HQKONTRAST
idmap config HQKONTRAST:backend = ad
idmap config HQKONTRAST:schema_mode = rfc2307
idmap config HQKONTRAST:range = 1024-99999
# Use settings from AD for login shell and home directory
winbind nss info = rfc2307
Log on Member-Server:
[2016/09/22 18:07:44.380907, 10, pid=5520, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:795(wb_request_done)
wb_request_done[10221:XIDS_TO_SIDS]: NT_STATUS_OK
[2016/09/22 18:07:44.380936, 10, pid=5520, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:863(winbind_client_response_written)
winbind_client_response_written[10221:XIDS_TO_SIDS]: delivered response to
client
[2016/09/22 18:07:44.381056, 10, pid=5520, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:733(process_request)
process_request: Handling async request 10221:XIDS_TO_SIDS
[2016/09/22 18:07:44.381072, 3, pid=5520, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_xids_to_sids.c:52(winbindd_xids_to_sids_send)
xids_to_sids
[2016/09/22 18:07:44.381084, 10, pid=5520, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_xids_to_sids.c:70(winbindd_xids_to_sids_send)
num_xids: 1
[2016/09/22 18:07:44.382846, 10, pid=5520, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:795(wb_request_done)
wb_request_done[10221:XIDS_TO_SIDS]: NT_STATUS_OK
[2016/09/22 18:07:44.382874, 10, pid=5520, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:863(winbind_client_response_written)
winbind_client_response_written[10221:XIDS_TO_SIDS]: delivered response to
client
[2016/09/22 18:07:49.013472, 1, pid=5520, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_util.c:352(trustdom_list_done)
trustdom_list_done: Could not receive trusts for domain HQKONTRAST
[2016/09/22 18:10:10.176988, 4, pid=5523, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1397(child_handler)
Finished processing child request 20
[2016/09/22 18:10:10.177000, 10, pid=5523, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
Writing 3496 bytes to parent
[2016/09/22 18:10:11.178087, 4, pid=5523, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:1389(child_handler)
child daemon request 20
[2016/09/22 18:10:11.178113, 10, pid=5523, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_dual.c:512(child_process_request)
child_process_request: request fn LIST_TRUSTDOM
[2016/09/22 18:10:11.178131, 3, pid=5523, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
[ 5520]: list trusted domains
[2016/09/22 18:10:11.178145, 3, pid=5523, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_misc.c:168(winbindd_dual_list_trusted_domains)
winbindd_dual_list_trusted_domains: trusted_domains returned
NT_STATUS_UNSUCCESSFUL
Best wishes
OLIVER WERNER
Systemadministrator
Jeremy Allison
2016-Sep-22 17:06 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
On Thu, Sep 22, 2016 at 06:14:19PM +0200, Oliver Werner via samba wrote:> Hi, > > After some hours (maybe 8-12h) i can’t connect to my Samba Member (SMB://). > > After restarting winbind works fine again. > > We using 4.5.0 right now. > > I hope the following informations will be enough at this momentSeems like your krb5 ticket expired. What does klist say ?
Oliver Werner
2016-Sep-22 18:06 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Hi Jermey, I have checked now (when member look work fine) so i get this informations: klist -k /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST <mailto:PL0024$@HQ.KONTRAST> pl0024:~# klist -A pl0024:~# klist -l Principal name Cache name -------------- ————— pl0024:~# klist klist: Credentials cache file '/tmp/krb5cc_0' not found pl0024:~# more /etc/krb5.conf [libdefaults] default_realm = HQ.KONTRAST dns_lookup_realm = false dns_lookup_kdc = true OLIVER WERNER Systemadministrator> Am 22.09.2016 um 19:06 schrieb Jeremy Allison via samba <samba at lists.samba.org>: > > On Thu, Sep 22, 2016 at 06:14:19PM +0200, Oliver Werner via samba wrote: >> Hi, >> >> After some hours (maybe 8-12h) i can’t connect to my Samba Member (SMB://). >> >> After restarting winbind works fine again. >> >> We using 4.5.0 right now. >> >> I hope the following informations will be enough at this moment > > Seems like your krb5 ticket expired. > > What does klist say ? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba