VigneshDhanraj G
2018-Dec-14 13:44 UTC
[Samba] unable to mount nfs4v over krb5 after samba upgrade.
Hi Team, Upgraded samba from 4.7. to 4.9.3. After upgrade unable to mount nfsv4 through krb5 security. smb.conf: [Global] available= yes restrict anonymous= 0 Workgroup= VIKY netbios name= viky realm= VIKY.LOCAL password server= 192.168.1.10, * idmap backend= tdb idmap uid= 5000-9999999 idmap gid= 5000-9999999 idmap config *: backend= rid idmap config *: range= 10000000-19999999 security= ADS name resolve order= wins host bcast lmhosts client use spnego= yes dns proxy= no winbind use default domain= no winbind nested groups= yes inherit acls= yes winbind enum users= yes winbind enum groups= yes winbind separator= \\ winbind cache time= 300 winbind offline logon= true template shell= /bin/sh kerberos method= secrets and keytab map to guest= Bad User host msdfs= yes strict allocate= no encrypt passwords= yes passdb backend= smbpasswd printcap name= lpstat printable= no load printers= yes max smbd processes= 500 getwd cache= yes syslog= 0 use sendfile= yes log level= 0 max log size= 50 unix extensions= no dos charset= ascii state directory= /mnt/system/samba/system cache directory= /tmp/samba/ ntlm auth= Yes winbind expand groups= 1 Thanks,
Rowland Penny
2018-Dec-14 14:20 UTC
[Samba] unable to mount nfs4v over krb5 after samba upgrade.
On Fri, 14 Dec 2018 19:14:28 +0530 VigneshDhanraj G via samba <samba at lists.samba.org> wrote:> Hi Team, > > Upgraded samba from 4.7. to 4.9.3. After upgrade unable to mount nfsv4 > through krb5 security. > > smb.conf: > > [Global] > available= yes > restrict anonymous= 0 > Workgroup= VIKY > netbios name= viky > realm= VIKY.LOCAL > password server= 192.168.1.10, * > idmap backend= tdb > idmap uid= 5000-9999999 > idmap gid= 5000-9999999 > idmap config *: backend= rid > idmap config *: range= 10000000-19999999 > security= ADS > name resolve order= wins host bcast lmhosts > client use spnego= yes > dns proxy= no > winbind use default domain= no > winbind nested groups= yes > inherit acls= yes > winbind enum users= yes > winbind enum groups= yes > winbind separator= \\ > winbind cache time= 300 > winbind offline logon= true > template shell= /bin/sh > kerberos method= secrets and keytab > map to guest= Bad User > host msdfs= yes > strict allocate= no > encrypt passwords= yes > passdb backend= smbpasswd > printcap name= lpstat > printable= no > load printers= yes > max smbd processes= 500 > getwd cache= yes > syslog= 0 > use sendfile= yes > log level= 0 > max log size= 50 > unix extensions= no > dos charset= ascii > state directory= /mnt/system/samba/system > cache directory= /tmp/samba/ > ntlm auth= Yes > winbind expand groups= 1 > > Thanks,Several things, read 'man smb.conf' and: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Remove 'passdb backend= smbpasswd', you will then be using the default 'tdbsam' passdb backend. Rowland
VigneshDhanraj G
2018-Dec-17 07:52 UTC
[Samba] unable to mount nfs4v over krb5 after samba upgrade.
Hi Rowland, Still issue persists, i have removed passdb backend option from my smb config. i haven't found any passdb.tdb file in private folder. i only see smbpasswd file. whether passwd.tdb file will create automatically? I have created one more setup with samba 4.7 installed to check there is issue in my environment, everything works fine there. Whats the change causing this problem, i guess definitely samba upgrade causing issue, not my environment. Please help me out. Regards, VigneshDhanraj G On Fri, Dec 14, 2018 at 7:51 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 14 Dec 2018 19:14:28 +0530 > VigneshDhanraj G via samba <samba at lists.samba.org> wrote: > > > Hi Team, > > > > Upgraded samba from 4.7. to 4.9.3. After upgrade unable to mount nfsv4 > > through krb5 security. > > > > smb.conf: > > > > [Global] > > available= yes > > restrict anonymous= 0 > > Workgroup= VIKY > > netbios name= viky > > realm= VIKY.LOCAL > > password server= 192.168.1.10, * > > idmap backend= tdb > > idmap uid= 5000-9999999 > > idmap gid= 5000-9999999 > > idmap config *: backend= rid > > idmap config *: range= 10000000-19999999 > > security= ADS > > name resolve order= wins host bcast lmhosts > > client use spnego= yes > > dns proxy= no > > winbind use default domain= no > > winbind nested groups= yes > > inherit acls= yes > > winbind enum users= yes > > winbind enum groups= yes > > winbind separator= \\ > > winbind cache time= 300 > > winbind offline logon= true > > template shell= /bin/sh > > kerberos method= secrets and keytab > > map to guest= Bad User > > host msdfs= yes > > strict allocate= no > > encrypt passwords= yes > > passdb backend= smbpasswd > > printcap name= lpstat > > printable= no > > load printers= yes > > max smbd processes= 500 > > getwd cache= yes > > syslog= 0 > > use sendfile= yes > > log level= 0 > > max log size= 50 > > unix extensions= no > > dos charset= ascii > > state directory= /mnt/system/samba/system > > cache directory= /tmp/samba/ > > ntlm auth= Yes > > winbind expand groups= 1 > > > > Thanks, > > Several things, read 'man smb.conf' and: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > Remove 'passdb backend= smbpasswd', you will then be using the default > 'tdbsam' passdb backend. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
2018-Dec-17 15:51 UTC
[Samba] unable to mount nfs4v over krb5 after samba upgrade.
Hai, I think the following.. Somewhere a password has expired of something is going to a guest account... map to guest= Bad User << remove it, and and restart samba/winbind . That does man smb.conf say about this setting and helpdesks ... ;-) Can you tell why this is in you member server's config? So we understand you setup more. And your config is missing the refress tickets so i might be that a keytab pasword has expired. winbind refresh tickets = yes Last, check for the nfs/SPN in the keytab file on the member server and in the AD. How depends a bit on your setup. If you did an OS upgrade also, then OS and from/to versions. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > VigneshDhanraj G via samba > Verzonden: maandag 17 december 2018 8:53 > Aan: Rowland penny > CC: Samba Listing > Onderwerp: Re: [Samba] unable to mount nfs4v over krb5 after > samba upgrade. > > Hi Rowland, > > Still issue persists, i have removed passdb backend option from my smb > config. i haven't found any passdb.tdb file in private > folder. i only see > smbpasswd file. whether passwd.tdb file will create automatically? > > I have created one more setup with samba 4.7 installed to > check there is > issue in my environment, everything works fine there. > > Whats the change causing this problem, i guess definitely > samba upgrade > causing issue, not my environment. > > Please help me out. > > Regards, > VigneshDhanraj G > > On Fri, Dec 14, 2018 at 7:51 PM Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > On Fri, 14 Dec 2018 19:14:28 +0530 > > VigneshDhanraj G via samba <samba at lists.samba.org> wrote: > > > > > Hi Team, > > > > > > Upgraded samba from 4.7. to 4.9.3. After upgrade unable > to mount nfsv4 > > > through krb5 security. > > > > > > smb.conf: > > > > > > [Global] > > > available= yes > > > restrict anonymous= 0 > > > Workgroup= VIKY > > > netbios name= viky > > > realm= VIKY.LOCAL > > > password server= 192.168.1.10, * > > > idmap backend= tdb > > > idmap uid= 5000-9999999 > > > idmap gid= 5000-9999999 > > > idmap config *: backend= rid > > > idmap config *: range= 10000000-19999999 > > > security= ADS > > > name resolve order= wins host bcast lmhosts > > > client use spnego= yes > > > dns proxy= no > > > winbind use default domain= no > > > winbind nested groups= yes > > > inherit acls= yes > > > winbind enum users= yes > > > winbind enum groups= yes > > > winbind separator= \\ > > > winbind cache time= 300 > > > winbind offline logon= true > > > template shell= /bin/sh > > > kerberos method= secrets and keytab > > > map to guest= Bad User > > > host msdfs= yes > > > strict allocate= no > > > encrypt passwords= yes > > > passdb backend= smbpasswd > > > printcap name= lpstat > > > printable= no > > > load printers= yes > > > max smbd processes= 500 > > > getwd cache= yes > > > syslog= 0 > > > use sendfile= yes > > > log level= 0 > > > max log size= 50 > > > unix extensions= no > > > dos charset= ascii > > > state directory= /mnt/system/samba/system > > > cache directory= /tmp/samba/ > > > ntlm auth= Yes > > > winbind expand groups= 1 > > > > > > Thanks, > > > > Several things, read 'man smb.conf' and: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > > Remove 'passdb backend= smbpasswd', you will then be using > the default > > 'tdbsam' passdb backend. > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >