jillelaine
2019-Nov-26 22:54 UTC
[Samba] Samba share not working: getpwuid(1000) failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFUL
I have a small home network with server and 5 clients all on an internal
LAN with private IPs.
Samba, Version 4.7.6-Ubuntu, file sharing is not working on the server
for any of the 5 clients. I have tried both mount.cifs and smbclient.
The same errors are thrown in the server's samba logs for all connection
attempts, regardless of how the client tries to connect: getpwuid(1000)
failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFUL
Below is some data. Please tell me what else is needed to help diagnose
this problem. Thank you for your help.
---------------------------
SERVER - jazz
Kubuntu VERSION="18.04.3 LTS (Bionic Beaver)"
Samba, Version 4.7.6-Ubuntu
Shared directory 'samba' and permissions
drwxr-xr-x 4 root sambashare 4096 Nov 25 16:04 samba
--------------------------
Contents of 'samba' directory
drwxr-xr-x 4 root sambashare 4096 Nov 25 16:04 .
drwxr-xr-x 25 root root 4096 Nov 25 15:57 ..
drwxrws--- 2 root sambashare 4096 Nov 25 16:04 users
---------------------------
smb.conf
[global]
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
dns proxy = no
root directory = /samba
log file = /var/log/samba/log.%m
max log size = 1000
log level = 3
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
guest account = jj
[users]
comment = Our Jazz Files
path = /samba/users
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
guest ok = yes
---------------------------
testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[users]"
Loaded services file OK.
Server role: ROLE_STANDALONE
# Global parameters
[global]
dns proxy = No
guest account = jj
log file = /var/log/samba/log.%m
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
root directory = /samba
server role = standalone server
server string = %h server (Samba, Ubuntu)
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
[users]
comment = Our Jazz Files
create mask = 0775
directory mask = 0775
guest ok = Yes
path = /samba/users
read only = No
---------------------------
FIVE CLIENTS
clients 1 & 2:
Kubuntu - upgraded from Kubuntu 16.04 to 18.04
client 3:
Kubuntu - fresh install of 18.04
client 4:
Windows 7
client 5:
Android tablet
---------------------------
Example from CLIENT 1:
frazz at frazzle3:~$ sudo mount -t cifs //jazz/users /mnt/jazz --verbose -o
user=jj,pass=******
mount.cifs kernel mount options:
ip=192.168.1.30,unc=\\jazz\users,user=jj,pass=********
mount error(5): Input/output error
or
frazz at frazzle3:~$ smbclient -L jazz -U jj
WARNING: The "syslog" option is deprecated
Enter WORKGROUP\jj's password:
session setup failed: NT_STATUS_UNSUCCESSFUL
---and in the server log for the failed connection----
[2019/11/26 22:41:31.809461, 1]
../source3/smbd/process.c:4045(smbd_process)
smbd_process: Changed root to /samba
[2019/11/26 22:41:31.809601, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
init_oplocks: initializing messages.
[2019/11/26 22:41:31.809792, 3] ../source3/smbd/process.c:1959(process_smb)
Transaction 0 of length 110 (0 toread)
[2019/11/26 22:41:31.810629, 0]
../lib/util/debug.c:1053(reopen_logs_internfrazz at frazzle3:~$ smbclient
-L jazz -U jj
WARNING: The "syslog" option is deprecated
Enter WORKGROUP\jj's password:
session setup failed: NT_STATUS_UNSUCCESSFUL
al)
Unable to open new log file '/var/log/samba/log.192.168.1.127': No
such file or directory
[2019/11/26 22:41:31.810833, 3]
../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB3_02
[2019/11/26 22:41:31.813294, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name jazz
(flags 34) [System error]
[2019/11/26 22:41:31.813394, 3]
../source3/lib/util_sock.c:1187(get_mydnsfullname)
get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
[2019/11/26 22:41:31.813611, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name jazz
(flags 34) [System error]
[2019/11/26 22:41:31.813682, 3]
../source3/lib/util_sock.c:1187(get_mydnsfullname)
get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
[2019/11/26 22:41:31.813824, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2019/11/26 22:41:31.813893, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2019/11/26 22:41:31.813962, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2019/11/26 22:41:31.814028, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2019/11/26 22:41:31.814093, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2019/11/26 22:41:31.814157, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2019/11/26 22:41:31.814222, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2019/11/26 22:41:31.814343, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2019/11/26 22:41:31.814409, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2019/11/26 22:41:31.814464, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2019/11/26 22:41:31.814519, 3]
../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2019/11/26 22:41:31.815812, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name jazz
(flags 34) [System error]
[2019/11/26 22:41:31.815891, 3]
../source3/lib/util_sock.c:1187(get_mydnsfullname)
get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
[2019/11/26 22:41:31.816098, 3]
../lib/util/util_net.c:256(interpret_string_addr_internal)
interpret_string_addr_internal: getaddrinfo failed for name jazz
(flags 34) [System error]
[2019/11/26 22:41:31.816163, 3]
../source3/lib/util_sock.c:1187(get_mydnsfullname)
get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error]
[2019/11/26 22:41:31.816488, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe0080225
[2019/11/26 22:41:31.817488, 3]
../auth/ntlmssp/ntlmssp_server.c:454(ntlmssp_server_preauth)
Got user=[jj] domain=[] workstationfrazz at frazzle3:~$ smbclient -L
jazz -U jj
WARNING: The "syslog" option is deprecated
Enter WORKGROUP\jj's password:
session setup failed: NT_STATUS_UNSUCCESSFUL
=[] len1=0 len2=96
[2019/11/26 22:41:31.817594, 3]
../source3/param/loadparm.c:3860(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/11/26 22:41:31.817759, 3]
../source3/param/loadparm.c:549(init_globals)
Initialising global parameters
[2019/11/26 22:41:31.817998, 3]
../source3/param/loadparm.c:1609(lp_add_ipc)
adding IPC service
[2019/11/26 22:41:31.818088, 3]
../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[jj]@[]
with the new password interface
[2019/11/26 22:41:31.818146, 3]
../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: []\[jj]@[]
[2019/11/26 22:41:31.818624, 3]
../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for jj
[2019/11/26 22:41:31.819171, 3]
../source3/auth/auth.c:256(auth_check_ntlm_password)
auth_check_ntlm_password: sam_ignoredomain authentication for user
[jj] succeeded
[2019/11/26 22:41:31.819345, 3]
../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user []\[jj] at [Tue, 26 Nov 2019 22:41:31.819276
UTC] with [NTLMv2] status [NT_STATUS_OK] workstation [] remote host
[ipv4:192.168.1.127:60146] became [JAZZ]\[jj]
[S-1-5-21-1867908843-1086420462-4022543744-1002]. local host
[ipv4:192.168.1.30:445]
[2019/11/26 22:41:31.819795, 3] ../auth/auth_log.c:220(log_json)
JSON Authentication: {"timestamp":
"2019-11-26T22:41:31.819531+0000",
"type": "Authentication", "Authentication":
{"version": {"major": 1,
"minor": 0}, "status": "NT_STATUS_OK",
"localAddress":
"ipv4:192.168.1.30:445", "remoteAddress":
"ipv4:192.168.1.127:60146",
"serviceDescription": "SMB2", "authDescription":
null, "clientDomain":
"", "clientAccount": "jj",
"workstation": "", "becameAccount":
"jj",
"becameDomain": "JAZZ", "becameSid":
"S-1-5-21-1867908843-1086420462-4022543744-1002",
"mappedAccount": "jj",
"mappedDomain": "", "netlogonComputer": null,
"netlogonTrustAccount":
null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid":
"(NULL SID)",
"passwordType": "NTLMv2"}}
[2019/11/26 22:41:31.819889, 2]
../source3/auth/auth.c:314(auth_check_ntlm_password)
check_ntlm_password: authentication for user [jj] -> [jj] -> [jj]
succeeded
[2019/11/26 22:41:31.820261, 1]
../source3/auth/token_util.c:442(add_local_groups)
SID S-1-5-21-1867908843-1086420462-4022543744-1002 -> getpwuid(1000)
failed
[2019/11/26 22:41:31.820339, 3]
../source3/auth/token_util.c:328(create_local_nt_token_from_info3)
Failed to finalize nt token
[2019/11/26 22:41:31.820425, 3]
../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_sesssetup.c:134
[2019/11/26 22:41:31.956312, 3]
../source3/smbd/server_exit.c:244(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
Christopher Cox
2019-Nov-26 23:16 UTC
[Samba] Samba share not working: getpwuid(1000) failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFUL
On 11/26/19 4:54 PM, jillelaine via samba wrote:> I have a small home network with server and 5 clients all on an internal > LAN with private IPs. > > Samba, Version 4.7.6-Ubuntu, file sharing is not working on the server > for any of the 5 clients. I have tried both mount.cifs and smbclient. > The same errors are thrown in the server's samba logs for all connection > attempts, regardless of how the client tries to connect: getpwuid(1000) > failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFULI reported a cifs bug for CentOs https://bugs.centos.org/view.php?id=16552 For CentOs, a kernel that came in 7.5 or thereabout broke cifs for doing cifs mounts). I had to roll the kernel back. It was still broken last time I tried to do an update.> > Below is some data. Please tell me what else is needed to help diagnose > this problem. Thank you for your help. > --------------------------- > SERVER - jazz > Kubuntu VERSION="18.04.3 LTS (Bionic Beaver)" > Samba, Version 4.7.6-Ubuntu > > Shared directory 'samba' and permissions > drwxr-xr-x?? 4 root sambashare?????? 4096 Nov 25 16:04 samba > -------------------------- > Contents of 'samba' directory > drwxr-xr-x? 4 root? sambashare 4096 Nov 25 16:04 . > drwxr-xr-x 25 root? root?????? 4096 Nov 25 15:57 .. > drwxrws---? 2 root? sambashare 4096 Nov 25 16:04 users > --------------------------- > smb.conf > [global] > ??? workgroup = WORKGROUP > ??? server string = %h server (Samba, Ubuntu) > ??? dns proxy = no > ??? root directory = /samba > ??? log file = /var/log/samba/log.%m > ??? max log size = 1000 > ??? log level = 3 > ??? panic action = /usr/share/samba/panic-action %d > ??? server role = standalone server > ??? passdb backend = tdbsam > ??? obey pam restrictions = yes > ??? unix password sync = yes > ??? passwd program = /usr/bin/passwd %u > ??? passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > ??? pam password change = yes > ??? map to guest = bad user > ??? usershare allow guests = yes > ??? guest account = jj > > [users] > ??? comment = Our Jazz Files > ??? path = /samba/users > ??? browseable = yes > ??? read only = no > ??? create mask = 0775 > ??? directory mask = 0775 > ??? guest ok = yes > > --------------------------- > testparm -s > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[users]" > Loaded services file OK. > Server role: ROLE_STANDALONE > > # Global parameters > [global] > ??????? dns proxy = No > ??????? guest account = jj > ??????? log file = /var/log/samba/log.%m > ??????? map to guest = Bad User > ??????? max log size = 1000 > ??????? obey pam restrictions = Yes > ??????? pam password change = Yes > ??????? panic action = /usr/share/samba/panic-action %d > ??????? passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > ??????? passwd program = /usr/bin/passwd %u > ??????? root directory = /samba > ??????? server role = standalone server > ??????? server string = %h server (Samba, Ubuntu) > ??????? unix password sync = Yes > ??????? usershare allow guests = Yes > ??????? idmap config * : backend = tdb > > [users] > ??????? comment = Our Jazz Files > ??????? create mask = 0775 > ??????? directory mask = 0775 > ??????? guest ok = Yes > ??????? path = /samba/users > ??????? read only = No > > --------------------------- > FIVE CLIENTS > clients 1 & 2: > Kubuntu - upgraded from Kubuntu 16.04 to 18.04 > > client 3: > Kubuntu - fresh install of 18.04 > > client 4: > Windows 7 > > client 5: > Android tablet > --------------------------- > > Example from CLIENT 1: > frazz at frazzle3:~$ sudo mount -t cifs //jazz/users /mnt/jazz --verbose -o > user=jj,pass=****** > mount.cifs kernel mount options: > ip=192.168.1.30,unc=\\jazz\users,user=jj,pass=******** > mount error(5): Input/output error > > or > > frazz at frazzle3:~$ smbclient -L jazz -U jj > WARNING: The "syslog" option is deprecated > Enter WORKGROUP\jj's password: > session setup failed: NT_STATUS_UNSUCCESSFUL > > ---and in the server log for the failed connection---- > > [2019/11/26 22:41:31.809461,? 1] > ../source3/smbd/process.c:4045(smbd_process) > ? smbd_process: Changed root to /samba > [2019/11/26 22:41:31.809601,? 3] > ../source3/smbd/oplock.c:1340(init_oplocks) > ? init_oplocks: initializing messages. > [2019/11/26 22:41:31.809792,? 3] > ../source3/smbd/process.c:1959(process_smb) > ? Transaction 0 of length 110 (0 toread) > [2019/11/26 22:41:31.810629,? 0] > ../lib/util/debug.c:1053(reopen_logs_internfrazz at frazzle3:~$ smbclient > -L jazz -U jj > WARNING: The "syslog" option is deprecated > Enter WORKGROUP\jj's password: > session setup failed: NT_STATUS_UNSUCCESSFUL > al) > ? Unable to open new log file '/var/log/samba/log.192.168.1.127': No > such file or directory > [2019/11/26 22:41:31.810833,? 3] > ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) > ? Selected protocol SMB3_02 > [2019/11/26 22:41:31.813294,? 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > ? interpret_string_addr_internal: getaddrinfo failed for name jazz > (flags 34) [System error] > [2019/11/26 22:41:31.813394,? 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > ? get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error] > [2019/11/26 22:41:31.813611,? 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > ? interpret_string_addr_internal: getaddrinfo failed for name jazz > (flags 34) [System error] > [2019/11/26 22:41:31.813682,? 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > ? get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error] > [2019/11/26 22:41:31.813824,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'gssapi_spnego' registered > [2019/11/26 22:41:31.813893,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'gssapi_krb5' registered > [2019/11/26 22:41:31.813962,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'gssapi_krb5_sasl' registered > [2019/11/26 22:41:31.814028,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'spnego' registered > [2019/11/26 22:41:31.814093,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'schannel' registered > [2019/11/26 22:41:31.814157,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'naclrpc_as_system' registered > [2019/11/26 22:41:31.814222,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'sasl-EXTERNAL' registered > [2019/11/26 22:41:31.814343,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'ntlmssp' registered > [2019/11/26 22:41:31.814409,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'ntlmssp_resume_ccache' registered > [2019/11/26 22:41:31.814464,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'http_basic' registered > [2019/11/26 22:41:31.814519,? 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > ? GENSEC backend 'http_ntlm' registered > [2019/11/26 22:41:31.815812,? 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > ? interpret_string_addr_internal: getaddrinfo failed for name jazz > (flags 34) [System error] > [2019/11/26 22:41:31.815891,? 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > ? get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error] > [2019/11/26 22:41:31.816098,? 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > ? interpret_string_addr_internal: getaddrinfo failed for name jazz > (flags 34) [System error] > [2019/11/26 22:41:31.816163,? 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > ? get_mydnsfullname: getaddrinfo failed for name jazz [Unknown error] > [2019/11/26 22:41:31.816488,? 3] > ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) > ? Got NTLMSSP neg_flags=0xe0080225 > [2019/11/26 22:41:31.817488,? 3] > ../auth/ntlmssp/ntlmssp_server.c:454(ntlmssp_server_preauth) > ? Got user=[jj] domain=[] workstationfrazz at frazzle3:~$ smbclient -L > jazz -U jj > WARNING: The "syslog" option is deprecated > Enter WORKGROUP\jj's password: > session setup failed: NT_STATUS_UNSUCCESSFUL > =[] len1=0 len2=96 > [2019/11/26 22:41:31.817594,? 3] > ../source3/param/loadparm.c:3860(lp_load_ex) > ? lp_load_ex: refreshing parameters > [2019/11/26 22:41:31.817759,? 3] > ../source3/param/loadparm.c:549(init_globals) > ? Initialising global parameters > [2019/11/26 22:41:31.817998,? 3] > ../source3/param/loadparm.c:1609(lp_add_ipc) > ? adding IPC service > [2019/11/26 22:41:31.818088,? 3] > ../source3/auth/auth.c:189(auth_check_ntlm_password) > ? check_ntlm_password:? Checking password for unmapped user []\[jj]@[] > with the new password interface > [2019/11/26 22:41:31.818146,? 3] > ../source3/auth/auth.c:192(auth_check_ntlm_password) > ? check_ntlm_password:? mapped user is: []\[jj]@[] > [2019/11/26 22:41:31.818624,? 3] > ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid) > ? Forcing Primary Group to 'Domain Users' for jj > [2019/11/26 22:41:31.819171,? 3] > ../source3/auth/auth.c:256(auth_check_ntlm_password) > ? auth_check_ntlm_password: sam_ignoredomain authentication for user > [jj] succeeded > [2019/11/26 22:41:31.819345,? 3] > ../auth/auth_log.c:760(log_authentication_event_human_readable) > ? Auth: [SMB2,(null)] user []\[jj] at [Tue, 26 Nov 2019 22:41:31.819276 > UTC] with [NTLMv2] status [NT_STATUS_OK] workstation [] remote host > [ipv4:192.168.1.127:60146] became [JAZZ]\[jj] > [S-1-5-21-1867908843-1086420462-4022543744-1002]. local host > [ipv4:192.168.1.30:445] > [2019/11/26 22:41:31.819795,? 3] ../auth/auth_log.c:220(log_json) > ? JSON Authentication: {"timestamp": "2019-11-26T22:41:31.819531+0000", > "type": "Authentication", "Authentication": {"version": {"major": 1, > "minor": 0}, "status": "NT_STATUS_OK", "localAddress": > "ipv4:192.168.1.30:445", "remoteAddress": "ipv4:192.168.1.127:60146", > "serviceDescription": "SMB2", "authDescription": null, "clientDomain": > "", "clientAccount": "jj", "workstation": "", "becameAccount": "jj", > "becameDomain": "JAZZ", "becameSid": > "S-1-5-21-1867908843-1086420462-4022543744-1002", "mappedAccount": "jj", > "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": > null, "netlogonNegotiateFlags": "0x00000000", > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)", > "passwordType": "NTLMv2"}} > [2019/11/26 22:41:31.819889,? 2] > ../source3/auth/auth.c:314(auth_check_ntlm_password) > ? check_ntlm_password:? authentication for user [jj] -> [jj] -> [jj] > succeeded > [2019/11/26 22:41:31.820261,? 1] > ../source3/auth/token_util.c:442(add_local_groups) > ? SID S-1-5-21-1867908843-1086420462-4022543744-1002 -> getpwuid(1000) > failed > [2019/11/26 22:41:31.820339,? 3] > ../source3/auth/token_util.c:328(create_local_nt_token_from_info3) > ? Failed to finalize nt token > [2019/11/26 22:41:31.820425,? 3] > ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex) > ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] > status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_sesssetup.c:134 > [2019/11/26 22:41:31.956312,? 3] > ../source3/smbd/server_exit.c:244(exit_server_common) > ? Server exit (NT_STATUS_END_OF_FILE) > > > > >
Rowland penny
2019-Nov-27 08:44 UTC
[Samba] Samba share not working: getpwuid(1000) failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFUL
On 26/11/2019 22:54, jillelaine via samba wrote:> I have a small home network with server and 5 clients all on an > internal LAN with private IPs. > > Samba, Version 4.7.6-Ubuntu, file sharing is not working on the server > for any of the 5 clients. I have tried both mount.cifs and smbclient. > The same errors are thrown in the server's samba logs for all > connection attempts, regardless of how the client tries to connect: > getpwuid(1000) failed, Failed to finalize nt token & > NT_STATUS_UNSUCCESSFUL > > Below is some data. Please tell me what else is needed to help > diagnose this problem. Thank you for your help. > --------------------------- > SERVER - jazz > Kubuntu VERSION="18.04.3 LTS (Bionic Beaver)" > Samba, Version 4.7.6-Ubuntu > > Shared directory 'samba' and permissions > drwxr-xr-x?? 4 root sambashare?????? 4096 Nov 25 16:04 samba > -------------------------- > Contents of 'samba' directory > drwxr-xr-x? 4 root? sambashare 4096 Nov 25 16:04 . > drwxr-xr-x 25 root? root?????? 4096 Nov 25 15:57 .. > drwxrws---? 2 root? sambashare 4096 Nov 25 16:04 users > --------------------------- > smb.conf > [global] > ??? workgroup = WORKGROUP > ??? server string = %h server (Samba, Ubuntu) > ??? dns proxy = no > ??? root directory = /samba > ??? log file = /var/log/samba/log.%m > ??? max log size = 1000 > ??? log level = 3 > ??? panic action = /usr/share/samba/panic-action %d > ??? server role = standalone server > ??? passdb backend = tdbsam > ??? obey pam restrictions = yes > ??? unix password sync = yes > ??? passwd program = /usr/bin/passwd %u > ??? passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > ??? pam password change = yes > ??? map to guest = bad user > ??? usershare allow guests = yes > ??? guest account = jj > > [users] > ??? comment = Our Jazz Files > ??? path = /samba/users > ??? browseable = yes > ??? read only = no > ??? create mask = 0775 > ??? directory mask = 0775 > ??? guest ok = yesI take it that you have created 'jj' on your standalone server and then made it a Samba user with 'smbpasswd -a jj' If so, why have made the guest user 'jj' as well ? If you want/need guest access, remove 'guest account = jj' If you do not want/need guest access and only want/need authenticated access, remove 'map to guest = bad user', 'guest account = jj' and 'guest ok = yes' Rowland
On 11/27/19 12:44 AM, Rowland penny via samba wrote:> On 26/11/2019 22:54, jillelaine via samba wrote: >> I have a small home network with server and 5 clients all on an >> internal LAN with private IPs. >> >> Samba, Version 4.7.6-Ubuntu, file sharing is not working on the server >> for any of the 5 clients. I have tried both mount.cifs and smbclient. >> The same errors are thrown in the server's samba logs for all >> connection attempts, regardless of how the client tries to connect: >> getpwuid(1000) failed, Failed to finalize nt token & >> NT_STATUS_UNSUCCESSFUL >> >> Below is some data. Please tell me what else is needed to help >> diagnose this problem. Thank you for your help. >> --------------------------- >> SERVER - jazz >> Kubuntu VERSION="18.04.3 LTS (Bionic Beaver)" >> Samba, Version 4.7.6-Ubuntu >> >> Shared directory 'samba' and permissions >> drwxr-xr-x?? 4 root sambashare?????? 4096 Nov 25 16:04 samba >> -------------------------- >> Contents of 'samba' directory >> drwxr-xr-x? 4 root? sambashare 4096 Nov 25 16:04 . >> drwxr-xr-x 25 root? root?????? 4096 Nov 25 15:57 .. >> drwxrws---? 2 root? sambashare 4096 Nov 25 16:04 users >> --------------------------- >> smb.conf >> [global] >> ??? workgroup = WORKGROUP >> ??? server string = %h server (Samba, Ubuntu) >> ??? dns proxy = no >> ??? root directory = /samba >> ??? log file = /var/log/samba/log.%m >> ??? max log size = 1000 >> ??? log level = 3 >> ??? panic action = /usr/share/samba/panic-action %d >> ??? server role = standalone server >> ??? passdb backend = tdbsam >> ??? obey pam restrictions = yes >> ??? unix password sync = yes >> ??? passwd program = /usr/bin/passwd %u >> ??? passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> ??? pam password change = yes >> ??? map to guest = bad user >> ??? usershare allow guests = yes >> ??? guest account = jj >> >> [users] >> ??? comment = Our Jazz Files >> ??? path = /samba/users >> ??? browseable = yes >> ??? read only = no >> ??? create mask = 0775 >> ??? directory mask = 0775 >> ??? guest ok = yes > > I take it that you have created 'jj' on your standalone server and then > made it a Samba user with 'smbpasswd -a jj' > > If so, why have made the guest user 'jj' as well ? > > If you want/need guest access, remove 'guest account = jj' > > If you do not want/need guest access and only want/need authenticated > access, remove 'map to guest = bad user', 'guest account = jj' and > 'guest ok = yes' > > RowlandThank you for your help. jj has an acct on the server, is enabled, and is in the sambashare group. ---------------- jj at jazz:/var/log/samba$ sudo pdbedit -L ... jj:1000:jj ---------------- jj at jazz:/var/log/samba$ getent group sambashare sambashare:x:126:jj,frazz ----------------- I do want guest access. I have modified the smb.conf as you suggest. ----------------- Error from mount cifs attempt sudo mount -t cifs //jazz/users /mnt/jazz --verbose -o user=jj,pass=**** mount.cifs kernel mount options: ip=192.168.1.30,unc=\\jazz\users,user=jj,pass=******** mount error(13): Permission denied ----------------- Error from smbclient attempt smbclient //jazz/users -U jj WARNING: The "syslog" option is deprecated Enter WORKGROUP\jj's password: session setup failed: NT_STATUS_LOGON_FAILURE ----------------- And I get different errors in the samba log without the global "guest account = jj": NT_STATUS_NO_SUCH_USER and NT_STATUS_LOGON_FAILURE. See below. ----new smb.conf----- [global] workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no root directory = /samba log file = /var/log/samba/log.%m max log size = 1000 log level = 3 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [users] comment = Our Jazz Files path = /samba/users browseable = yes read only = no create mask = 0775 directory mask = 0775 guest ok = yes ----------------------------- samba log for the connecting computer for mount cifs attempt (log a bit different for smbclient attempt, but ending errors are the same)WARNING: The "syslog" option is deprecated ... [2019/11/27 15:20:05.562800, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[jj]@[] with the new password interface [2019/11/27 15:20:05.562843, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password) check_ntlm_password: mapped user is: []\[jj]@[] [2019/11/27 15:20:05.563261, 0] ../source3/passdb/lookup_sid.c:1605(get_primary_group_sid) Failed to find a Unix account for jj [2019/11/27 15:20:05.563663, 1] ../source3/auth/server_info_sam.c:85(make_server_info_sam) User jj in passdb, but getpwnam() fails! [2019/11/27 15:20:05.563720, 0] ../source3/auth/check_samsec.c:493(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2019/11/27 15:20:05.563818, 2] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [jj] -> [jj] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 [2019/11/27 15:20:05.563900, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user []\[jj] at [Wed, 27 Nov 2019 15:20:05.563863 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:192.168.1.127:34504] mapped to []\[jj]. local host [ipv4:192.168.1.30:445] [2019/11/27 15:20:05.564189, 2] ../auth/auth_log.c:220(log_json) JSON Authentication: {"timestamp": "2019-11-27T15:20:05.564011+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.1.30:445", "remoteAddress": "ipv4:192.168.1.127:34504", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "jj", "workstation": "", "becameAccount": null, "becameDomain": null, "becameSid": "(NULL SID)", "mappedAccount": "jj", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)", "passwordType": "NTLMv2"}} [2019/11/27 15:20:05.564328, 3] ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134 [2019/11/27 15:20:05.699183, 3] ../source3/smbd/server_exit.c:244(exit_server_common) Server exit (NT_STATUS_END_OF_FILE)