Stefan G. Weichinger
2017-Jul-11 07:12 UTC
[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Am 2017-07-11 um 09:04 schrieb Stefan G. Weichinger via samba:> Am 2017-07-10 um 13:08 schrieb Stefan G. Weichinger via samba: > >> And what does this tell me, please: >> >> [2017/07/10 13:07:48.593400, 1] >> ../source3/auth/token_util.c:430(add_local_groups) >> SID S-1-5-21-2940660672-4062535256-4144655499-1008 -> getpwuid(11008) >> failed >> [2017/07/10 13:07:48.593415, 1] >> ../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac) >> Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL) > > I get this all over and can't connect from systems that worked yesterday. > > pls advisemore logs: [2017/07/11 09:11:00.926522, 1] ../source3/lib/util.c:1960(name_to_fqdn) getaddrinfo: Zu diesem Hostnamen gehört keine Adresse [2017/07/11 09:11:01.012504, 1] ../source3/lib/util.c:1960(name_to_fqdn) getaddrinfo: Zu diesem Hostnamen gehört keine Adresse [2017/07/11 09:11:01.061100, 1] ../source3/lib/util.c:1960(name_to_fqdn) getaddrinfo: Zu diesem Hostnamen gehört keine Adresse [2017/07/11 09:11:01.102653, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[homes]" [2017/07/11 09:11:01.102711, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[daten]" [2017/07/11 09:11:01.102784, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[scan_og]" [2017/07/11 09:11:01.102870, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[daten_archiv]" [2017/07/11 09:11:01.102917, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[software]" [2017/07/11 09:11:01.102953, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[teamviewer]" [2017/07/11 09:11:01.102994, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[Klinger]" [2017/07/11 09:11:01.103320, 1] ../source3/auth/token_util.c:430(add_local_groups) SID S-1-5-21-2940660672-4062535256-4144655499-1041 -> getpwuid(11041) failed [2017/07/11 09:11:01.103335, 1] ../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac) Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL) [2017/07/11 09:11:01.178731, 1] ../source3/lib/util.c:1960(name_to_fqdn) getaddrinfo: Zu diesem Hostnamen gehört keine Adresse [2017/07/11 09:11:01.220711, 1] ../source3/lib/util.c:1960(name_to_fqdn) getaddrinfo: Zu diesem Hostnamen gehört keine Adresse [2017/07/11 09:11:01.257794, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[homes]" [2017/07/11 09:11:01.257855, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[daten]" [2017/07/11 09:11:01.257947, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[scan_og]" [2017/07/11 09:11:01.258046, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[daten_archiv]" [2017/07/11 09:11:01.258095, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[software]" [2017/07/11 09:11:01.258144, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[teamviewer]" [2017/07/11 09:11:01.258172, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[Klinger]" [2017/07/11 09:11:01.258524, 1] ../source3/auth/token_util.c:430(add_local_groups) SID S-1-5-21-2940660672-4062535256-4144655499-1041 -> getpwuid(11041) failed [2017/07/11 09:11:01.258539, 1] ../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac) Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL) [2017/07/11 09:11:01.301422, 1] ../source3/lib/util.c:1960(name_to_fqdn) getaddrinfo: Zu diesem Hostnamen gehört keine Adresse if I run "net use" on a client, I am asked for user/pw and that fails as well. Some kerberos issue?
Stefan G. Weichinger
2017-Jul-11 07:34 UTC
[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
And the DC says: [2017/07/11 09:27:08.050367, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [BUERO\kern] FAILED with error NT_STATUS_WRONG_PASSWORD [2017/07/11 09:27:08.057801, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [BUERO\kern] FAILED with error NT_STATUS_WRONG_PASSWORD [2017/07/11 09:27:08.065377, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) And DNS stuff: [2017/07/11 09:31:17.790046, 2] ../source4/dns_server/dns_query.c:1019(dns_server_process_query_send) Not authoritative for 'SERVER', forwarding [2017/07/11 09:31:17.826966, 2] ../source4/dns_server/dns_query.c:1019(dns_server_process_query_send) Not authoritative for 'SERVER', forwarding Note: the old netbios name of the DM server is "SERVER", and that is what all the users use in their UNC paths. For some it works, for others not. I checked /etc/resolv.conf on DC and DM: nameserver 192.168.16.205 # IP of DC domain my.tld # nmblookup SERVER added interface eth0 ip=192.168.16.202 bcast=192.168.16.255 netmask=255.255.255.0 Got a positive name query response from 192.168.16.202 ( 192.168.16.202 ) 192.168.16.202 SERVER<00> = OK
Stefan G. Weichinger
2017-Jul-11 08:21 UTC
[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Am 2017-07-11 um 09:34 schrieb Stefan G. Weichinger via samba:> [2017/07/11 09:31:17.790046, 2] > ../source4/dns_server/dns_query.c:1019(dns_server_process_query_send) > Not authoritative for 'SERVER', forwarding > [2017/07/11 09:31:17.826966, 2] > ../source4/dns_server/dns_query.c:1019(dns_server_process_query_send) > Not authoritative for 'SERVER', forwarding > > Note: the old netbios name of the DM server is "SERVER", and that is > what all the users use in their UNC paths. > > For some it works, for others not. > > I checked /etc/resolv.conf on DC and DM: > > nameserver 192.168.16.205 # IP of DC > domain my.tldis it search my.tld or domain my.tld ? Should "dig server" work on both DC and DM, right? It does not right now. There was no A-record for it (anymore?), created it, no change so far.