Oliver Werner
2016-Sep-22 16:14 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Hi, After some hours (maybe 8-12h) i can’t connect to my Samba Member (SMB://). After restarting winbind works fine again. We using 4.5.0 right now. I hope the following informations will be enough at this moment In samba log on DC i got the following Error: [2016/09/22 08:58:56.925190, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [dfs_samba4] [2016/09/22 08:58:56.925235, 2] ../source3/modules/vfs_acl_xattr.c:201(connect_acl_xattr) connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ [2016/09/22 08:58:56.928361, 3] ../source3/smbd/service.c:907(make_connection_snum) 192.168.111.159 (ipv4:192.168.111.159:45070) connect to service IPC$ initially as user HQKONTRAST\pl0024$ (uid=3000085, gid=3000015) (pid 3755) [2016/09/22 17:21:05.879733, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415 [2016/09/22 17:21:05.880494, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415 [2016/09/22 17:21:05.881399, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415 [2016/09/22 17:21:05.881874, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415 [2016/09/22 17:21:05.882713, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_SESSION_EXPIRED] || at ../source3/smbd/smb2_server.c:2415 [2016/09/22 17:21:05.883692, 3] ../source3/smbd/service.c:1183(close_cnum) 192.168.111.159 (ipv4:192.168.111.159:45070) closed connection to service IPC$ [2016/09/22 17:21:05.889500, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_END_OF_FILE) [2016/09/22 17:21:05.920155, 3] ../source3/smbd/oplock.c:1322(init_oplocks) init_oplocks: initializing messages. My DC Config: # Global parameters [global] workgroup = HQKONTRAST realm = HQ.KONTRAST netbios name = VL0227 server role = active directory domain controller idmap_ldb:use rfc2307 = yes interfaces = eth0:35 bind interfaces only=yes ldap server require strong auth = no ntlm auth = yes # Debug logging information log level = 3 log file = /var/log/samba/samba.log.%m #max log size = 50 #debug timestamp = yesddiid tls enabled = yes tls keyfile = /var/lib/samba/private/tls/key.pem tls certfile = /var/lib/samba/private/tls/cert.pem tls cafile = /var/lib/samba/private/tls/ca.pem [netlogon] path = /var/lib/samba/sysvol/hq.kontrast/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Member config: [global] netbios name = PL0024 security = ADS workgroup = HQKONTRAST realm = hq.kontrast log file = /var/log/samba/%m.log log level = 3 passdb:5 auth:10 winbind:10 dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes #winbind cache time = 300 # Default idmap config used for BUILTIN and local accounts/groups #idmap cache time = 604800 idmap cache time = 1 idmap negative cache time = 1 winbind cache time = 1 idmap config *:backend = tdb idmap config *:range = 500-1023 # idmap config for domain HQKONTRAST idmap config HQKONTRAST:backend = ad idmap config HQKONTRAST:schema_mode = rfc2307 idmap config HQKONTRAST:range = 1024-99999 # Use settings from AD for login shell and home directory winbind nss info = rfc2307 Log on Member-Server: [2016/09/22 18:07:44.380907, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:795(wb_request_done) wb_request_done[10221:XIDS_TO_SIDS]: NT_STATUS_OK [2016/09/22 18:07:44.380936, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:863(winbind_client_response_written) winbind_client_response_written[10221:XIDS_TO_SIDS]: delivered response to client [2016/09/22 18:07:44.381056, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:733(process_request) process_request: Handling async request 10221:XIDS_TO_SIDS [2016/09/22 18:07:44.381072, 3, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_xids_to_sids.c:52(winbindd_xids_to_sids_send) xids_to_sids [2016/09/22 18:07:44.381084, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_xids_to_sids.c:70(winbindd_xids_to_sids_send) num_xids: 1 [2016/09/22 18:07:44.382846, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:795(wb_request_done) wb_request_done[10221:XIDS_TO_SIDS]: NT_STATUS_OK [2016/09/22 18:07:44.382874, 10, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:863(winbind_client_response_written) winbind_client_response_written[10221:XIDS_TO_SIDS]: delivered response to client [2016/09/22 18:07:49.013472, 1, pid=5520, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_util.c:352(trustdom_list_done) trustdom_list_done: Could not receive trusts for domain HQKONTRAST [2016/09/22 18:10:10.176988, 4, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1397(child_handler) Finished processing child request 20 [2016/09/22 18:10:10.177000, 10, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response) Writing 3496 bytes to parent [2016/09/22 18:10:11.178087, 4, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1389(child_handler) child daemon request 20 [2016/09/22 18:10:11.178113, 10, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:512(child_process_request) child_process_request: request fn LIST_TRUSTDOM [2016/09/22 18:10:11.178131, 3, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains) [ 5520]: list trusted domains [2016/09/22 18:10:11.178145, 3, pid=5523, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:168(winbindd_dual_list_trusted_domains) winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL Best wishes OLIVER WERNER Systemadministrator
Jeremy Allison
2016-Sep-22 17:06 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
On Thu, Sep 22, 2016 at 06:14:19PM +0200, Oliver Werner via samba wrote:> Hi, > > After some hours (maybe 8-12h) i can’t connect to my Samba Member (SMB://). > > After restarting winbind works fine again. > > We using 4.5.0 right now. > > I hope the following informations will be enough at this momentSeems like your krb5 ticket expired. What does klist say ?
Oliver Werner
2016-Sep-22 18:06 UTC
[Samba] Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
Hi Jermey, I have checked now (when member look work fine) so i get this informations: klist -k /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024.hq.kontrast at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 host/pl0024 at HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 1 PL0024$@HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024.hq.kontrast at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 host/pl0024 at HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST 2 PL0024$@HQ.KONTRAST <mailto:PL0024$@HQ.KONTRAST> pl0024:~# klist -A pl0024:~# klist -l Principal name Cache name -------------- ————— pl0024:~# klist klist: Credentials cache file '/tmp/krb5cc_0' not found pl0024:~# more /etc/krb5.conf [libdefaults] default_realm = HQ.KONTRAST dns_lookup_realm = false dns_lookup_kdc = true OLIVER WERNER Systemadministrator> Am 22.09.2016 um 19:06 schrieb Jeremy Allison via samba <samba at lists.samba.org>: > > On Thu, Sep 22, 2016 at 06:14:19PM +0200, Oliver Werner via samba wrote: >> Hi, >> >> After some hours (maybe 8-12h) i can’t connect to my Samba Member (SMB://). >> >> After restarting winbind works fine again. >> >> We using 4.5.0 right now. >> >> I hope the following informations will be enough at this moment > > Seems like your krb5 ticket expired. > > What does klist say ? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba