Yesterday we updated our fileserver to bring it up to the newest kernel. At the same time it update the ipa-client and samba. After the update was finished our ability to access the shared resources on the fileserver disappeared. After some very careful troubleshooting we have been able to narrow it down to a problem with Samba, but we have been unable to find where in the configuration the problem is. I am including several logs, config files, etc with this, we need this restored ASAP, but can't seem to isolate the issue.

logs:

Log.192.168.105.237

[2017/08/17 07:59:38.684827,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[homes]"

[2017/08/17 07:59:38.684939,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[stockroom]"

[2017/08/17 07:59:38.685049,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[inorgstk]"

[2017/08/17 07:59:38.685144,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[netlogon]"

[2017/08/17 07:59:38.685211,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[deptchair]"

[2017/08/17 07:59:38.685333,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[deptfinance]"

[2017/08/17 07:59:38.685448,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[facultysearch]"

[2017/08/17 07:59:38.685523,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[research]"

[2017/08/17 07:59:38.685610,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[working]"

[2017/08/17 07:59:38.685713,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[csradmin]"

[2017/08/17 07:59:38.685802,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[install]"

[2017/08/17 07:59:38.685933,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[coffice]"

[2017/08/17 07:59:38.686097,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[grants]"

[2017/08/17 07:59:38.686202,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[deptoffice]"

[2017/08/17 07:59:38.686330,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[gradadmissions]"

[2017/08/17 07:59:38.686411,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[mainoffice]"

[2017/08/17 07:59:38.686525,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[busoffice]"

[2017/08/17 07:59:38.686607,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[entropy]"

[2017/08/17 07:59:38.686718,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[ltarch]"

[2017/08/17 07:59:38.686807,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[netlogon-n175]"

[2017/08/17 07:59:38.686963,3] ../source3/param/loadparm.c:1592(lp_add_ipc)

adding IPC service

[2017/08/17 07:59:38.687257,2] ../source3/lib/interface.c:345(add_interface)

added interface eth0 ip=192.168.105.99 bcast=192.168.105.99 netmask=255.255.255.255

[2017/08/17 07:59:38.687362,3] ../source3/smbd/oplock.c:1322(init_oplocks)

init_oplocks: initializing messages.

[2017/08/17 07:59:38.687511,3] ../source3/smbd/process.c:1957(process_smb)

Transaction 0 of length 159 (0 toread)

[2017/08/17 07:59:38.687557,3] ../source3/smbd/process.c:1538(switch_message)

switch message SMBnegprot (pid 22349) conn 0x0

[2017/08/17 07:59:38.688383,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [PC NETWORK PROGRAM 1.0]

[2017/08/17 07:59:38.688408,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [LANMAN1.0]

[2017/08/17 07:59:38.688418,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [Windows for Workgroups 3.1a]

[2017/08/17 07:59:38.688423,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [LM1.2X002]

[2017/08/17 07:59:38.688429,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [LANMAN2.1]

[2017/08/17 07:59:38.688434,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [NT LM 0.12]

[2017/08/17 07:59:38.688439,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [SMB 2.002]

[2017/08/17 07:59:38.688444,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [SMB 2.???]

[2017/08/17 07:59:38.688548,3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)

Selected protocol SMB2_FF

[2017/08/17 07:59:38.689133,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'gssapi_spnego' registered

[2017/08/17 07:59:38.689159,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'gssapi_krb5' registered

[2017/08/17 07:59:38.689171,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'gssapi_krb5_sasl' registered

[2017/08/17 07:59:38.689181,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'spnego' registered

[2017/08/17 07:59:38.689191,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'schannel' registered

[2017/08/17 07:59:38.689203,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'naclrpc_as_system' registered

[2017/08/17 07:59:38.689221,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'sasl-EXTERNAL' registered

[2017/08/17 07:59:38.689249,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'ntlmssp' registered

[2017/08/17 07:59:38.689265,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'ntlmssp_resume_ccache' registered

[2017/08/17 07:59:38.689283,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'http_basic' registered

[2017/08/17 07:59:38.689334,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'http_ntlm' registered

[2017/08/17 07:59:38.690888,3] ../source3/smbd/negprot.c:730(reply_negprot)

Selected protocol SMB 2.???

[2017/08/17 07:59:38.691535,3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)

Selected protocol SMB3_11

[2017/08/17 07:59:46.501902,3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)

smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134

[2017/08/17 07:59:46.503583,3] ../source3/smbd/server_exit.c:246(exit_server_common)

Server exit (NT_STATUS_CONNECTION_RESET)

[2017/08/17 07:59:59.462220,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[homes]"

[2017/08/17 07:59:59.462329,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[stockroom]"

[2017/08/17 07:59:59.462456,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[inorgstk]"

[2017/08/17 07:59:59.462530,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[netlogon]"

[2017/08/17 07:59:59.462577,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[deptchair]"

[2017/08/17 07:59:59.462630,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[deptfinance]"

[2017/08/17 07:59:59.462711,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[facultysearch]"

[2017/08/17 07:59:59.462761,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[research]"

[2017/08/17 07:59:59.462839,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[working]"

[2017/08/17 07:59:59.462896,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[csradmin]"

[2017/08/17 07:59:59.462962,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[install]"

[2017/08/17 07:59:59.463032,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[coffice]"

[2017/08/17 07:59:59.463098,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[grants]"

[2017/08/17 07:59:59.463161, 2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[deptoffice]"

[2017/08/17 07:59:59.463238,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[gradadmissions]"

[2017/08/17 07:59:59.463289,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[mainoffice]"

[2017/08/17 07:59:59.463355,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[busoffice]"

[2017/08/17 07:59:59.463418,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[entropy]"

[2017/08/17 07:59:59.463478,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[ltarch]"

[2017/08/17 07:59:59.463540,2] ../source3/param/loadparm.c:2769(lp_do_section)

Processing section "[netlogon-n175]"

[2017/08/17 07:59:59.463623,3] ../source3/param/loadparm.c:1592(lp_add_ipc)

adding IPC service

[2017/08/17 07:59:59.463828,2] ../source3/lib/interface.c:345(add_interface)

added interface eth0 ip=192.168.105.99 bcast=192.168.105.99 netmask=255.255.255.255

[2017/08/17 07:59:59.463902,3] ../source3/smbd/oplock.c:1322(init_oplocks)

init_oplocks: initializing messages.

[2017/08/17 07:59:59.464003,3] ../source3/smbd/process.c:1957(process_smb)

Transaction 0 of length 159 (0 toread)

[2017/08/17 07:59:59.464038,3] ../source3/smbd/process.c:1538(switch_message)

switch message SMBnegprot (pid 22371) conn 0x0

[2017/08/17 07:59:59.464721,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [PC NETWORK PROGRAM 1.0]

[2017/08/17 07:59:59.464747,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [LANMAN1.0]

[2017/08/17 07:59:59.464760,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [Windows for Workgroups 3.1a]

[2017/08/17 07:59:59.464786,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [LM1.2X002]

[2017/08/17 07:59:59.464795,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [LANMAN2.1]

[2017/08/17 07:59:59.464817,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [NT LM 0.12]

[2017/08/17 07:59:59.464876,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [SMB 2.002]

[2017/08/17 07:59:59.464893,3] ../source3/smbd/negprot.c:603(reply_negprot)

Requested protocol [SMB 2.???]

[2017/08/17 07:59:59.465013,3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)

Selected protocol SMB2_FF

[2017/08/17 07:59:59.465821,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'gssapi_spnego' registered

[2017/08/17 07:59:59.465869,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'gssapi_krb5' registered

[2017/08/17 07:59:59.465879,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'gssapi_krb5_sasl' registered

[2017/08/17 07:59:59.465888,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'spnego' registered

[2017/08/17 07:59:59.465910,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'schannel' registered

[2017/08/17 07:59:59.465930,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'naclrpc_as_system' registered

[2017/08/17 07:59:59.465941,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'sasl-EXTERNAL' registered

[2017/08/17 07:59:59.465949,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'ntlmssp' registered

[2017/08/17 07:59:59.465957,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'ntlmssp_resume_ccache' registered

[2017/08/17 07:59:59.465972,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'http_basic' registered

[2017/08/17 07:59:59.465982,3] ../auth/gensec/gensec_start.c:918(gensec_register)

GENSEC backend 'http_ntlm' registered

[2017/08/17 07:59:59.467516,3] ../source3/smbd/negprot.c:730(reply_negprot)

Selected protocol SMB 2.???

[2017/08/17 07:59:59.468111,3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)

Selected protocol SMB3_11

[2017/08/17 08:00:06.151513,3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)

smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134

[2017/08/17 08:00:06.153192,3] ../source3/smbd/server_exit.c:246(exit_server_common)

Server exit (NT_STATUS_CONNECTION_RESET)

Log.smbd

[2017/08/17 02:27:26.578214,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 18077 -- ignoring

[2017/08/17 02:42:26.580707,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 19278 -- ignoring

[2017/08/17 02:57:26.585133,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 20546 -- ignoring

[2017/08/17 03:12:26.588487,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 21704 -- ignoring

[2017/08/17 03:27:26.592306,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 22935 -- ignoring

[2017/08/17 03:42:26.594330,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 2162 -- ignoring

[2017/08/17 03:57:26.598090,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 4040 -- ignoring

[2017/08/17 04:12:26.602245,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 5113 -- ignoring

[2017/08/17 04:27:26.606161,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 6269 -- ignoring

[2017/08/17 04:42:26.610297,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 7382 -- ignoring

[2017/08/17 04:57:26.612547,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 8497 -- ignoring

[2017/08/17 05:12:26.615685,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 9614 -- ignoring

[2017/08/17 05:27:26.618609,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 11133 -- ignoring

[2017/08/17 05:42:26.621232,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 12292 -- ignoring

[2017/08/17 05:57:26.625906,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 13379 -- ignoring

[2017/08/17 06:12:26.628955,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 14452 -- ignoring

[2017/08/17 06:27:26.630512,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 15536 -- ignoring

[2017/08/17 06:42:26.634709,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 16600 -- ignoring

[2017/08/17 06:57:26.638292,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 17706 -- ignoring

[2017/08/17 07:12:26.642297,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 18790 -- ignoring

[2017/08/17 07:27:26.644817,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 19881 -- ignoring

[2017/08/17 07:42:26.649127,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 21035 -- ignoring

[2017/08/17 07:57:26.653799,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 22175 -- ignoring

[2017/08/17 08:12:26.656684,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 23303 -- ignoring

[2017/08/17 08:27:26.660355,2] ../source3/smbd/server.c:794(remove_child_pid)

Could not find child 24397 -- ignoring

smb.conf (global portion only)

[global]
        #debug level = 2
        debug level = 3
        workgroup = RESEARCH
        realm = CHEM.BYU.EDU
        netbios name = CHEM
        kerberos method = dedicated keytab
        dedicated keytab file = FILE:/etc/samba/samba.keytab
        create krb5 conf = no
        log file = /var/log/samba/log.%m

        security = user
        passdb backend = ipasam:ldaps://ipa1.chem.byu.edu
        ldapsam:trusted = yes
        ldap ssl = no
        ldap suffix = dc=chem,dc=byu,dc=edu
        ldap user suffix = cn=users,cn=accounts
        ldap group suffix = cn=groups,cn=accounts

        load printers = no
        cups options = raw
        printcap name = /dev/null

running an ldapsearch yields correct results:

[root@fs-ipa-rhel7 samba]# ldapsearch -Y GSSAPI uid=randym ipaNTHash
SASL/GSSAPI authentication started
SASL username: ran...@chem.byu.edu
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=chem,dc=byu,dc=edu> (default) with scope subtree
# filter: uid=randym
# requesting: ipaNTHash
#

# randym, users, compat, chem.byu.edu
dn: uid=randym,cn=users,cn=compat,dc=chem,dc=byu,dc=edu

# randym, users, compat, chem.byu.edu
dn: uid=randym,cn=users,cn=compat,dc=chem,dc=byu,dc=edu

# randym, users, accounts, chem.byu.edu
dn: uid=randym,cn=users,cn=accounts,dc=chem,dc=byu,dc=edu

# search result
search: 4
result: 0 Success

# numResponses: 4
# numEntries: 3

I also tried changing my password to see if it was just an NT hash issue, but that had not effect either.

Any help would be greatly appreciated.

Randy

--
Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to