thr3ads.net - samba - [Samba] Offline login doesn't work with smbclient (NT_STATUS_NO_LOGON

If this information is useful, please help other people find it:
Share via:

Maverick

2020-Apr-27 21:47 UTC

[Samba] Offline login doesn't work with smbclient (NT_STATUS_NO_LOGON_SERVERS)

Hi,

I have a samba4 AD setup with 2 DCs and one samba4 server with fileshares.

If both my DCs are offline i can't login to any of the shares on the
samba4 fileshare server with smbclient, but wbinfo -K works fine and
ntlm_auth also works fine with offline cached credentials.

??san???root???~???smbcontrol winbind offline
???san???root???~???smbcontrol winbind onlinestatus
PID 292952: global:Offline BUILTIN:Online SAN:Online MYDOM:Offline

???san???root???~???wbinfo -K MYDOM\\testuser
Enter MYDOM\testuser's password:
plaintext kerberos password authentication for [MYDOM\testuser]
succeeded (requesting cctype: FILE)
user_flgs: NETLOGON_CACHED_ACCOUNT
credentials were put in: FILE:/tmp/krb5cc_0

???san???root???~???ntlm_auth --request-nt-key --domain=MYDOM
--username=testuser --password=xxxxxxxx --offline-logon
NT_STATUS_OK: The operation completed successfully. (0x0)

???ghost?? root ??~???smbclient //san/bck -UMYDOM\\testuser
Enter MYDOM\testuser's password:
session setup failed: NT_STATUS_NO_LOGON_SERVERS

Anyone has any idea what could be the problem?

Andrew Bartlett

2020-Apr-28 00:19 UTC

head link

[Samba] Offline login doesn't work with smbclient (NT_STATUS_NO_LOGON_SERVERS)

On Mon, 2020-04-27 at 23:47 +0200, Maverick via samba
wrote:> Hi,
> 
> I have a samba4 AD setup with 2 DCs and one samba4 server with
> fileshares.
> 
> If both my DCs are offline i can't login to any of the shares on the
> samba4 fileshare server with smbclient, but wbinfo -K works fine and
> ntlm_auth also works fine with offline cached credentials.
> 
> Anyone has any idea what could be the problem?
This is as expected, offline login is only for local plaintext logins,
we don't do NTLM challenge-response against the offline store.

If you had a kerberos ticket from when the DC was online, you might be
able to use that however (it depends on if you need the AD DC for idmap
I think).

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba

Seemingly Similar Threads

Search for more seemingly similar threads

samba - Apr 2020 - Offline login doesn't work with smbclient (NT_STATUS_NO_LOGON_SERVERS)

[Samba] Offline login doesn't work with smbclient (NT_STATUS_NO_LOGON_SERVERS)

[Samba] Offline login doesn't work with smbclient (NT_STATUS_NO_LOGON_SERVERS)

Seemingly Similar Threads