Now I have this config on the f25 desktop and restarted the smb service but
I still have the same problem.
# net conf list
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN
netbios name = F25SERVER
server string = Samba Server Version %v
kerberos method = dedicated keytab
dedicated keytab file = FILE:/etc/samba/samba.keytab
log file = /var/log/samba/log.%m
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
security = user
map untrusted to domain = Yes
smb ports = 139 445
ntlm auth = yes
log level = 2
[data]
comment = /data/beauduin on f25desktop
path = /data/smith
create mask = 0644
read only = no
[data2]
comment = /data2/beauduin on f25desktop
path = /data2/smith
create mask = 0644
read only = no
[data3]
comment = /data3 on f25desktop
path = /data3/smith
create mask = 0644
read only = no
[backup]
comment = /backup on f25desktop
path = /backup
read only = no
On Thu, Dec 1, 2016 at 12:21 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 1 Dec 2016 11:58:00 +0100
> Fujisan via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > I have upgraded a client and a freeipa server from Fedora 24 to 25
> > recently. And I cannot access linux shares located on the F25 client
> > from a windows desktop.
> >
> > I get these messages:
> >
> > [2016/12/01 11:42:19.218759, 1]
> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_
> from_dedicated_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> > failed (Key table name malformed)
> > [2016/12/01 11:42:19.218800, 1]
> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> > keytab
> > - -1765328205
> > [2016/12/01 11:42:19.218823, 1]
> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> > Failed to start GENSEC server mech gse_krb5:
> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.261611, 1]
> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_
> from_dedicated_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> > failed (Key table name malformed)
> > [2016/12/01 11:42:19.261638, 1]
> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> > keytab
> > - -1765328205
> > [2016/12/01 11:42:19.261653, 1]
> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> > Failed to start GENSEC server mech gse_krb5:
> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.263330, 2]
> > ../source3/auth/auth.c:315(auth_check_ntlm_password)
> > check_ntlm_password: Authentication for user [smith] -> [smith]
> > FAILED with error NT_STATUS_NO_SUCH_USER
> > [2016/12/01 11:42:19.263380, 2]
> > ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> > [2016/12/01 11:42:19.270531, 1]
> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_
> from_dedicated_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> > failed (Key table name malformed)
> > [2016/12/01 11:42:19.270562, 1]
> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> > keytab
> > - -1765328205
> > [2016/12/01 11:42:19.270586, 1]
> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> > Failed to start GENSEC server mech gse_krb5:
> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.313479, 1]
> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_
> from_dedicated_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab
> > failed (Key table name malformed)
> > [2016/12/01 11:42:19.313506, 1]
> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab)
> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem
> > keytab
> > - -1765328205
> > [2016/12/01 11:42:19.313523, 1]
> > ../auth/gensec/gensec_start.c:698(gensec_start_mech)
> > Failed to start GENSEC server mech gse_krb5:
> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.315256, 2]
> > ../source3/auth/auth.c:315(auth_check_ntlm_password)
> > check_ntlm_password: Authentication for user [smith] -> [smith]
> > FAILED with error NT_STATUS_NO_SUCH_USER
> > [2016/12/01 11:42:19.315291, 2]
> > ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> >
> > Also from the F25 server, I have the following when I run smbclient
> >
> > # smbclient -k -L f25desktop.mydomain
> > lp_load_ex: changing to config backend registry
> > session setup failed: NT_STATUS_LOGON_FAILURE
> >
> > But if i run it with a F24 desktop, it works:
> >
> > # smbclient -k -L f24desktop.mydomain
> > lp_load_ex: changing to config backend registry
> > Domain=[MYDOMAIN] OS=[Windows 6.1] Server=[Samba 4.4.7]
> >
> > Sharename Type Comment
> > --------- ---- -------
> > IPC$ IPC IPC Service (Samba Server Version 4.4.7)
> > data Disk /data on f24desktop
> > data2 Disk /data2 on f24desktop
> > data3 Disk /data3 on f24desktop
> > backup Disk /backup on f24desktop
> > [...]
> >
> >
> > net conf list on the f25desktop gives:
> >
> > # net conf list
> > [global]
> > workgroup = MYDOMAIN
> > realm = MYDOMAIN
> > netbios name = F25SERVER
> > server string = Samba Server Version %v
> > kerberos method = dedicated keytab
> > dedicated keytab file = FILE:/etc/samba/samba.keytab
> > log file = /var/log/samba/log.%m
> > rpc_server:epmapper = external
> > rpc_server:lsarpc = external
> > rpc_server:lsass = external
> > rpc_server:lsasd = external
> > rpc_server:samr = external
> > rpc_server:netlogon = external
> > rpc_server:tcpip = yes
> > rpc_daemon:epmd = fork
> > rpc_daemon:lsasd = fork
> > security = user
> > map untrusted to domain = Yes
> > smb ports = 139 445
> > log level = 2
> >
> > [data]
> > comment = /data/beauduin on f25desktop
> > path = /data/smith
> > create mask = 0644
> > read only = no
> >
> > [data2]
> > comment = /data2/beauduin on f25desktop
> > path = /data2/smith
> > create mask = 0644
> > read only = no
> >
> > [data3]
> > comment = /data3 on f25desktop
> > path = /data3/smith
> > create mask = 0644
> > read only = no
> >
> > [backup]
> > comment = /backup on f25desktop
> > path = /backup
> > read only = no
> >
> >
> > on the F25 server and desktop, i have the following packages
> > installed:
> >
> > samba-4.5.1-1.fc25.x86_64
> > samba-client-4.5.1-1.fc25.x86_64
> > samba-client-libs-4.5.1-1.fc25.x86_64
> > samba-common-4.5.1-1.fc25.noarch
> > samba-common-libs-4.5.1-1.fc25.x86_64
> > samba-common-tools-4.5.1-1.fc25.x86_64
> > samba-libs-4.5.1-1.fc25.x86_64
> > samba-python-4.5.1-1.fc25.x86_64
> > samba-test-4.5.1-1.fc25.x86_64
> > samba-test-libs-4.5.1-1.fc25.x86_64
> > samba-winbind-4.5.1-1.fc25.x86_64
> > samba-winbind-clients-4.5.1-1.fc25.x86_64
> > samba-winbind-krb5-locator-4.5.1-1.fc25.x86_64
> > samba-winbind-modules-4.5.1-1.fc25.x86_64
> > system-config-samba-1.2.100-5.fc24.noarch
> > system-config-samba-docs-1.0.9-9.fc24.noarch
> >
> > Any idea what is wrong?
> >
> > Regards,
> > Fuji
>
>
> The default value for 'ntlm auth' got changed from
> 'yes' to 'no' from Samba 4.5.0. Could this be your problem
?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
By the way, I can access to the linux shares that are on the freeipa F25 server from the windows desktop and I do not have the 'ntlm auth' set to yes. On Thu, Dec 1, 2016 at 1:10 PM, Fujisan <fujisan43 at gmail.com> wrote:> Now I have this config on the f25 desktop and restarted the smb service > but I still have the same problem. > > # net conf list > [global] > workgroup = MYDOMAIN > realm = MYDOMAIN > netbios name = F25SERVER > server string = Samba Server Version %v > kerberos method = dedicated keytab > dedicated keytab file = FILE:/etc/samba/samba.keytab > log file = /var/log/samba/log.%m > rpc_server:epmapper = external > rpc_server:lsarpc = external > rpc_server:lsass = external > rpc_server:lsasd = external > rpc_server:samr = external > rpc_server:netlogon = external > rpc_server:tcpip = yes > rpc_daemon:epmd = fork > rpc_daemon:lsasd = fork > security = user > map untrusted to domain = Yes > smb ports = 139 445 > ntlm auth = yes > log level = 2 > > [data] > comment = /data/beauduin on f25desktop > path = /data/smith > create mask = 0644 > read only = no > > [data2] > comment = /data2/beauduin on f25desktop > path = /data2/smith > create mask = 0644 > read only = no > > [data3] > comment = /data3 on f25desktop > path = /data3/smith > create mask = 0644 > read only = no > > [backup] > comment = /backup on f25desktop > path = /backup > read only = no > > On Thu, Dec 1, 2016 at 12:21 PM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Thu, 1 Dec 2016 11:58:00 +0100 >> Fujisan via samba <samba at lists.samba.org> wrote: >> >> > Hello, >> > >> > I have upgraded a client and a freeipa server from Fedora 24 to 25 >> > recently. And I cannot access linux shares located on the F25 client >> > from a windows desktop. >> > >> > I get these messages: >> > >> > [2016/12/01 11:42:19.218759, 1] >> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from >> _dedicated_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab >> > failed (Key table name malformed) >> > [2016/12/01 11:42:19.218800, 1] >> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem >> > keytab >> > - -1765328205 >> > [2016/12/01 11:42:19.218823, 1] >> > ../auth/gensec/gensec_start.c:698(gensec_start_mech) >> > Failed to start GENSEC server mech gse_krb5: >> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.261611, 1] >> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from >> _dedicated_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab >> > failed (Key table name malformed) >> > [2016/12/01 11:42:19.261638, 1] >> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem >> > keytab >> > - -1765328205 >> > [2016/12/01 11:42:19.261653, 1] >> > ../auth/gensec/gensec_start.c:698(gensec_start_mech) >> > Failed to start GENSEC server mech gse_krb5: >> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.263330, 2] >> > ../source3/auth/auth.c:315(auth_check_ntlm_password) >> > check_ntlm_password: Authentication for user [smith] -> [smith] >> > FAILED with error NT_STATUS_NO_SUCH_USER >> > [2016/12/01 11:42:19.263380, 2] >> > ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg) >> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER >> > [2016/12/01 11:42:19.270531, 1] >> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from >> _dedicated_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab >> > failed (Key table name malformed) >> > [2016/12/01 11:42:19.270562, 1] >> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem >> > keytab >> > - -1765328205 >> > [2016/12/01 11:42:19.270586, 1] >> > ../auth/gensec/gensec_start.c:698(gensec_start_mech) >> > Failed to start GENSEC server mech gse_krb5: >> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.313479, 1] >> > ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from >> _dedicated_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab >> > failed (Key table name malformed) >> > [2016/12/01 11:42:19.313506, 1] >> > ../source3/librpc/crypto/gse_krb5.c:627(gse_krb5_get_server_keytab) >> > ../source3/librpc/crypto/gse_krb5.c:627: Error! Unable to set mem >> > keytab >> > - -1765328205 >> > [2016/12/01 11:42:19.313523, 1] >> > ../auth/gensec/gensec_start.c:698(gensec_start_mech) >> > Failed to start GENSEC server mech gse_krb5: >> > NT_STATUS_INTERNAL_ERROR [2016/12/01 11:42:19.315256, 2] >> > ../source3/auth/auth.c:315(auth_check_ntlm_password) >> > check_ntlm_password: Authentication for user [smith] -> [smith] >> > FAILED with error NT_STATUS_NO_SUCH_USER >> > [2016/12/01 11:42:19.315291, 2] >> > ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg) >> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER >> > >> > Also from the F25 server, I have the following when I run smbclient >> > >> > # smbclient -k -L f25desktop.mydomain >> > lp_load_ex: changing to config backend registry >> > session setup failed: NT_STATUS_LOGON_FAILURE >> > >> > But if i run it with a F24 desktop, it works: >> > >> > # smbclient -k -L f24desktop.mydomain >> > lp_load_ex: changing to config backend registry >> > Domain=[MYDOMAIN] OS=[Windows 6.1] Server=[Samba 4.4.7] >> > >> > Sharename Type Comment >> > --------- ---- ------- >> > IPC$ IPC IPC Service (Samba Server Version 4.4.7) >> > data Disk /data on f24desktop >> > data2 Disk /data2 on f24desktop >> > data3 Disk /data3 on f24desktop >> > backup Disk /backup on f24desktop >> > [...] >> > >> > >> > net conf list on the f25desktop gives: >> > >> > # net conf list >> > [global] >> > workgroup = MYDOMAIN >> > realm = MYDOMAIN >> > netbios name = F25SERVER >> > server string = Samba Server Version %v >> > kerberos method = dedicated keytab >> > dedicated keytab file = FILE:/etc/samba/samba.keytab >> > log file = /var/log/samba/log.%m >> > rpc_server:epmapper = external >> > rpc_server:lsarpc = external >> > rpc_server:lsass = external >> > rpc_server:lsasd = external >> > rpc_server:samr = external >> > rpc_server:netlogon = external >> > rpc_server:tcpip = yes >> > rpc_daemon:epmd = fork >> > rpc_daemon:lsasd = fork >> > security = user >> > map untrusted to domain = Yes >> > smb ports = 139 445 >> > log level = 2 >> > >> > [data] >> > comment = /data/beauduin on f25desktop >> > path = /data/smith >> > create mask = 0644 >> > read only = no >> > >> > [data2] >> > comment = /data2/beauduin on f25desktop >> > path = /data2/smith >> > create mask = 0644 >> > read only = no >> > >> > [data3] >> > comment = /data3 on f25desktop >> > path = /data3/smith >> > create mask = 0644 >> > read only = no >> > >> > [backup] >> > comment = /backup on f25desktop >> > path = /backup >> > read only = no >> > >> > >> > on the F25 server and desktop, i have the following packages >> > installed: >> > >> > samba-4.5.1-1.fc25.x86_64 >> > samba-client-4.5.1-1.fc25.x86_64 >> > samba-client-libs-4.5.1-1.fc25.x86_64 >> > samba-common-4.5.1-1.fc25.noarch >> > samba-common-libs-4.5.1-1.fc25.x86_64 >> > samba-common-tools-4.5.1-1.fc25.x86_64 >> > samba-libs-4.5.1-1.fc25.x86_64 >> > samba-python-4.5.1-1.fc25.x86_64 >> > samba-test-4.5.1-1.fc25.x86_64 >> > samba-test-libs-4.5.1-1.fc25.x86_64 >> > samba-winbind-4.5.1-1.fc25.x86_64 >> > samba-winbind-clients-4.5.1-1.fc25.x86_64 >> > samba-winbind-krb5-locator-4.5.1-1.fc25.x86_64 >> > samba-winbind-modules-4.5.1-1.fc25.x86_64 >> > system-config-samba-1.2.100-5.fc24.noarch >> > system-config-samba-docs-1.0.9-9.fc24.noarch >> > >> > Any idea what is wrong? >> > >> > Regards, >> > Fuji >> >> >> The default value for 'ntlm auth' got changed from >> 'yes' to 'no' from Samba 4.5.0. Could this be your problem ? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > > >
Am 01.12.2016 um 13:37 schrieb Fujisan via samba:> By the way, I can access to the linux shares that are on the freeipa F25 > server from the windows desktop and I do not have the 'ntlm auth' set to > yesthis is *exactly* the opposite than your subject, please clarify