Hello! I'm having an odd issue between Samba and Win2k8R2. We updated one of our domain controllers to 2k8R2, and as such are working in a 2003-level AD environment. If I force the 'password server' to the 2003 DC, then everything works fine, only working against the 2008 box has issues.
I'm on a CentOS 5.3 box, and as part of the troubleshooting process moved up to 3.4.2 from the default CentOS version. >From a Windows client, I can access shares on the Samba box using the URI: \\128.252.123.123\sharename <file:///\\128.252.123.123\sharename> And it works as expected - my clients are in the same domain, no password is asked for, etc. Using any form of the hostname in the URI, either \\hostname\sharename <file:///\\hostname\sharename> or \\hostname.domain.name\sharename <file:///\\hostname.domain.name\sharename> in the URI will continually prompt for a password. Using 'smbclient' with the names in the URI on the Samba box itself works fine. My Samba configuration is below (I may not have cleaned everything up properly from the 3.0.x to 3.4.2 upgrade), and I'm sure there's cruft from my troubleshooting attempts: [global] workgroup = DOMAIN security = ads hosts allow = 128.252. 172.16. 172.20. load printers = no log file = /var/log/samba/%m.log max log size = 50 realm = DOMAIN.WUSTL.EDU debug level = 1 log level = 1 domain logons = no domain master = no local master = no socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_THROUGHPUT strict locking = no #share modes = yes password level = 0 #use kerberos keytab = true kerberos method = system keytab password server = 2k8r2.domain.wustl.edu encrypt passwords = yes preferred master = no wins support = yes name resolve order = wins lmhosts hosts bcast dns proxy = yes Below this is a debug level 3 log dump of a login that does not work. One thing to note is that when the login works, the Samba log is named the hostname of the client machine, when it doesn't, it's "__ffff_172.16.123.123", or the IP address of the client. I really want to say this has something to do with name resolving but I can't seem to pin it down. The log is long, so I'll say thanks for any help here. Thanks! [2009/10/08 08:48:12, 3] lib/access.c:362(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (128.252.) [2009/10/08 08:48:12, 3] lib/access.c:396(check_access) check_access: hostnames in host allow/deny list. [2009/10/08 08:48:12, 2] lib/access.c:406(check_access) Allowed connection from __ffff_172.16.24.49 (::ffff:172.16.24.49) [2009/10/08 08:48:12, 3] smbd/process.c:1459(process_smb) Transaction 0 of length 159 (0 toread) [2009/10/08 08:48:12, 3] smbd/process.c:1273(switch_message) switch message SMBnegprot (pid 21043) conn 0x0 [2009/10/08 08:48:12, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:12, 3] smbd/negprot.c:387(reply_nt1) using SPNEGO [2009/10/08 08:48:12, 3] smbd/negprot.c:672(reply_negprot) Selected protocol NT LM 0.12 [2009/10/08 08:48:12, 3] smbd/process.c:1459(process_smb) Transaction 1 of length 1928 (0 toread) [2009/10/08 08:48:12, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 21043) conn 0x0 [2009/10/08 08:48:12, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/10/08 08:48:12, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/10/08 08:48:12, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1783 [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:266(ads_keytab_verify_ticket) ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab principals [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2009/10/08 08:48:12, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/10/08 08:48:12, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/10/08 08:48:12, 3] smbd/process.c:1459(process_smb) Transaction 2 of length 1928 (0 toread) [2009/10/08 08:48:12, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 21043) conn 0x0 [2009/10/08 08:48:12, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/10/08 08:48:12, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/10/08 08:48:12, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1783 [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:266(ads_keytab_verify_ticket) ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab principals [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2009/10/08 08:48:12, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/10/08 08:48:12, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/10/08 08:48:12, 3] smbd/process.c:1459(process_smb) Transaction 3 of length 1928 (0 toread) [2009/10/08 08:48:12, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 21043) conn 0x0 [2009/10/08 08:48:12, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/10/08 08:48:12, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/10/08 08:48:12, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1783 [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:266(ads_keytab_verify_ticket) ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab principals [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2009/10/08 08:48:12, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/10/08 08:48:12, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/10/08 08:48:12, 3] smbd/process.c:1459(process_smb) Transaction 4 of length 1928 (0 toread) [2009/10/08 08:48:12, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 21043) conn 0x0 [2009/10/08 08:48:12, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/10/08 08:48:12, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/10/08 08:48:12, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/10/08 08:48:12, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1783 [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:266(ads_keytab_verify_ticket) ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab principals [2009/10/08 08:48:12, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2009/10/08 08:48:12, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/10/08 08:48:12, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/10/08 08:48:13, 3] smbd/process.c:1459(process_smb) Transaction 5 of length 1928 (0 toread) [2009/10/08 08:48:13, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 21043) conn 0x0 [2009/10/08 08:48:13, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:13, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/10/08 08:48:13, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/08 08:48:13, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/10/08 08:48:13, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/10/08 08:48:13, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1783 [2009/10/08 08:48:13, 3] libads/kerberos_verify.c:266(ads_keytab_verify_ticket) ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab principals [2009/10/08 08:48:13, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2009/10/08 08:48:13, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/10/08 08:48:13, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/10/08 08:48:18, 3] smbd/process.c:1459(process_smb) Transaction 6 of length 1796 (0 toread) [2009/10/08 08:48:18, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 21043) conn 0x0 [2009/10/08 08:48:18, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:18, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2009/10/08 08:48:18, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/08 08:48:18, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2009/10/08 08:48:18, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2009/10/08 08:48:18, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1650 [2009/10/08 08:48:18, 3] libads/kerberos_verify.c:266(ads_keytab_verify_ticket) ads_keytab_verify_ticket: krb5_rd_req failed for all 12 matched keytab principals [2009/10/08 08:48:18, 3] libads/kerberos_verify.c:567(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) [2009/10/08 08:48:18, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! [2009/10/08 08:48:18, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(344) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/10/08 08:48:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/08 08:48:34, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2009/10/08 08:48:34, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) Mark Bober Engineering IT - School of Engineering Washington University in St. Louis bo...@wustl.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
