Philip Cunio
2022-Nov-29 23:21 UTC
[Samba] SAMBA 4.14.4 now prompts for userid and password after AIX 7.1 to 7.2 Upgrade
Hello Team: After an upgrade to AIX 7200-05-04-2220 from 7100-05-05-1939, SAMBA 4.14.4 now prompts for userid and password from Windows 10 and Windows 11 clients attempting to map a drive. This was not required by SAMBA before the upgrade. Two other systems that have AIX 7.2 upgrades with SAMBA 4.14.4 are functioning correctly and do not prompt for userid and password.(for existing userids/accounts). The method used to perform the upgrades for all 3 systems was the same (NIM Alternate Disk Migration), Also, the smb.conf on all 3 systems is the same. In the log I see the following failure: [2022/11/28 16:48:30.181656, 1] ../../source3/librpc/crypto/gse.c:666(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/xxxx at YYYYY.COM(kvno 4) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] [global] workgroup = ZZZ realm = YYYYY.COM interfaces = 10.150.129.6 netbios name = xxxx security = ADS log file = /var/samba/log/log.%m log level = 3 passdb:5 auth:5 wins server = corp-inm-dc2.inmar.com password server = corp-inm-dc2.inmar.com socket address = 10.150.129.6 server min protocol = SMB2 server signing = mandatory create mask = 0666 follow symlinks = yes unix extensions = no (the xxxx, YYYYY and ZZZ are redactions of the actual system name for security reasons) Any assistance on finding what is causing this would be greatly appreciated! Regards, Phil -- ******************************************** ? *Inmar Confidentiality Note*:? This e-mail and any attachments are confidential and intended to be viewed and used solely by the intended recipient.? If you are not the intended recipient, be aware that any disclosure, dissemination, distribution, copying or use of this e-mail or any attachment is prohibited.? If you received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy and all attachments from your system and destroy any printed copies.? Thank you for your cooperation. ? *Notice of Protected Rights*:? The removal of any copyright, trademark, or proprietary legend contained in this e-mail or any attachment is prohibited without the express, written permission of Inmar, Inc.? Furthermore, the intended recipient must maintain all copyright notices, trademarks, and proprietary legends within this e-mail and any attachments in their original form and location if the e-mail or any attachments are reproduced, printed or distributed. ? ********************************************
Andrew Bartlett
2022-Nov-29 23:48 UTC
[Samba] SAMBA 4.14.4 now prompts for userid and password after AIX 7.1 to 7.2 Upgrade
What was the old Samba version? Andrew, On Tue, 2022-11-29 at 18:21 -0500, Philip Cunio via samba wrote:> Hello Team: > After an upgrade to AIX 7200-05-04-2220 from 7100-05-05-1939, SAMBA > 4.14.4now prompts for userid and password from Windows 10 and Windows > 11 clientsattempting to map a drive. This was not required by SAMBA > before theupgrade. Two other systems that have AIX 7.2 upgrades with > SAMBA 4.14.4 arefunctioning correctly and do not prompt for userid > and password.(forexisting userids/accounts). The method used to > perform the upgrades for all3 systems was the same (NIM Alternate > Disk Migration), Also, the smb.confon all 3 systems is the same. In > the log I see the following failure: > [2022/11/28 16:48:30.181656, > 1]../../source3/librpc/crypto/gse.c:666(gse_get_server_auth_token)gss > _accept_sec_context failed with [ Miscellaneous failure (see > text):Failed to find cifs/xxxx at YYYYY.COM(kvno 4) in keytab > MEMORY:cifs_srv_keytab(aes256-cts-hmac-sha1-96)] > [global]workgroup = ZZZrealm = YYYYY.COMinterfaces > 10.150.129.6netbios name = xxxxsecurity = ADSlog file > /var/samba/log/log.%mlog level = 3 passdb:5 auth:5wins server = corp- > inm-dc2.inmar.compassword server = corp-inm-dc2.inmar.comsocket > address = 10.150.129.6server min protocol = SMB2server signing > mandatorycreate mask = 0666follow symlinks = yesunix extensions = no > > > (the xxxx, YYYYY and ZZZ are redactions of the actual system name > forsecurity reasons) > > Any assistance on finding what is causing this would be > greatlyappreciated! > Regards,Phil > -- > > ******************************************** > > > > *Inmar Confidentiality Note*: This e-mail and any attachments are > confidential and intended to be viewed and used solely by the > intended recipient. If you are not the intended recipient, be aware > that any disclosure, dissemination, distribution, copying or use of > this e-mail or any attachment is prohibited. If you received this e- > mail in error, please notify us immediately by returning it to the > sender and delete this copy and all attachments from your system and > destroy any printed copies. Thank you for your cooperation. > > > > *Notice of Protected Rights*: The removal of any copyright, > trademark, or proprietary legend contained in this e-mail or any > attachment is prohibited without the express, written permission of > Inmar, Inc. Furthermore, the intended recipient must maintain all > copyright notices, trademarks, and proprietary legends within this e- > mail and any attachments in their original form and location if the > e-mail or any attachments are reproduced, printed or distributed. > > ********************************************-- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
Rowland Penny
2022-Nov-30 10:32 UTC
[Samba] SAMBA 4.14.4 now prompts for userid and password after AIX 7.1 to 7.2 Upgrade
On 29/11/2022 23:21, Philip Cunio via samba wrote:> Hello Team: > > After an upgrade to AIX 7200-05-04-2220 from 7100-05-05-1939, SAMBA 4.14.4 > now prompts for userid and password from Windows 10 and Windows 11 clients > attempting to map a drive. This was not required by SAMBA before the > upgrade. Two other systems that have AIX 7.2 upgrades with SAMBA 4.14.4 are > functioning correctly and do not prompt for userid and password.(for > existing userids/accounts). The method used to perform the upgrades for all > 3 systems was the same (NIM Alternate Disk Migration), Also, the smb.conf > on all 3 systems is the same. In the log I see the following failure: > > [2022/11/28 16:48:30.181656, 1] > ../../source3/librpc/crypto/gse.c:666(gse_get_server_auth_token) > gss_accept_sec_context failed with [ Miscellaneous failure (see text): > Failed to find cifs/xxxx at YYYYY.COM(kvno 4) in keytab MEMORY:cifs_srv_keytab > (aes256-cts-hmac-sha1-96)] > > [global] > workgroup = ZZZ > realm = YYYYY.COM > interfaces = 10.150.129.6 > netbios name = xxxx > security = ADS > log file = /var/samba/log/log.%m > log level = 3 passdb:5 auth:5 > wins server = corp-inm-dc2.inmar.com > password server = corp-inm-dc2.inmar.com > socket address = 10.150.129.6 > server min protocol = SMB2 > server signing = mandatory > create mask = 0666 > follow symlinks = yes > unix extensions = no > >I have never used an AIX machine, but I presume that Samba works exactly in the same way as if it was a Linux machine, so one question is, where are the 'idmap config' lines, another is, why have you set a wins server line on an AD machine ? Rowland