On Thursday 22 December 2011 22:32:46 steve wrote: > Hi everyone > > After almost 2 days up-time with Samba 4, it failed again. This time it > simply will not restart. > > The krb5.conf had got corrupted. I replaced it with this one from > /usr/local/samba/private > > /etc/krb5.conf > [libdefaults] > default_realm = HH3.SITE > dns_lookup_realm = false > dns_lookup_kdc = true > > It starts up OK: > samba -i -d 3 > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > params.c:pm_process() - Processing configuration file > "/usr/local/samba/etc/smb.conf" > samba version 4.0.0alpha18-GIT-bfc7481 started. > Copyright Andrew Tridgell and the Samba Team 1992-2011 > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'sasl-DIGEST-MD5' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > NTPTR backend 'simple_ldb' > NTVFS backend 'default' for type 1 registered > NTVFS backend 'posix' for type 1 registered > NTVFS backend 'unixuid' for type 1 registered > NTVFS backend 'unixuid' for type 3 registered > NTVFS backend 'unixuid' for type 2 registered > NTVFS backend 'cifs' for type 1 registered > NTVFS backend 'smb2' for type 1 registered > NTVFS backend 'simple' for type 1 registered > NTVFS backend 'cifsposix' for type 1 registered > NTVFS backend 'default' for type 3 registered > NTVFS backend 'default' for type 2 registered > NTVFS backend 'nbench' for type 1 registered > PROCESS_MODEL 'single' registered > PROCESS_MODEL 'standard' registered > PROCESS_MODEL 'onefork' registered > PROCESS_MODEL 'prefork' registered > AUTH backend 'sam' registered > AUTH backend 'sam_ignoredomain' registered > AUTH backend 'anonymous' registered > AUTH backend 'server' registered > AUTH backend 'winbind' registered > AUTH backend 'winbind_wbclient' registered > AUTH backend 'name_to_ntstatus' registered > AUTH backend 'fixed_challenge' registered > AUTH backend 'unix' registered > SHARE backend [classic] registered. > SHARE backend [ldb] registered. > ldb_wrap open of privilege.ldb > samba: using 'standard' process model > DCERPC endpoint server 'rpcecho' registered > DCERPC endpoint server 'epmapper' registered > DCERPC endpoint server 'remote' registered > DCERPC endpoint server 'srvsvc' registered > DCERPC endpoint server 'wkssvc' registered > DCERPC endpoint server 'unixinfo' registered > DCERPC endpoint server 'samr' registered > DCERPC endpoint server 'winreg' registered > DCERPC endpoint server 'netlogon' registered > DCERPC endpoint server 'dssetup' registered > DCERPC endpoint server 'lsarpc' registered > DCERPC endpoint server 'backupkey' registered > DCERPC endpoint server 'spoolss' registered > DCERPC endpoint server 'drsuapi' registered > DCERPC endpoint server 'browser' registered > DCERPC endpoint server 'eventlog6' registered > DCERPC endpoint server 'dnsserver' registered > WARNING: no socket to connect to > ldb_wrap open of secrets.ldb > ldb_wrap open of idmap.ldb > Calling DNS name update script > Calling SPN name update script > kccsrv_partition[DC=hh3,DC=site] loaded > kccsrv_partition[CN=Configuration,DC=hh3,DC=site] loaded > kccsrv_partition[CN=Schema,CN=Configuration,DC=hh3,DC=site] loaded > kccsrv_partition[DC=DomainDnsZones,DC=hh3,DC=site] loaded > dreplsrv_partition[CN=Configuration,DC=hh3,DC=site] loaded > dreplsrv_partition[CN=Schema,CN=Configuration,DC=hh3,DC=site] loaded > dreplsrv_partition[DC=hh3,DC=site] loaded > dreplsrv_partition[DC=ForestDnsZones,DC=hh3,DC=site] loaded > dreplsrv_partition[DC=DomainDnsZones,DC=hh3,DC=site] loaded > kccsrv_partition[DC=ForestDnsZones,DC=hh3,DC=site] loaded > Completed SPN update check OK > Completed DNS update check OK > Registered HH3<00> with 192.168.1.3 on interface 192.168.1.255 > Registered HH3<03> with 192.168.1.3 on interface 192.168.1.255 > Registered HH3<20> with 192.168.1.3 on interface 192.168.1.255 > Registered CACTUS<1b> with 192.168.1.3 on interface 192.168.1.255 > Registered CACTUS<1c> with 192.168.1.3 on interface 192.168.1.255 > Registered CACTUS<00> with 192.168.1.3 on interface 192.168.1.255 > > > And this works: > > kinit [email protected] > Password for [email protected]: > Warning: Your password will expire in 40 days on Tue Jan 31 23:40:57 2012 > > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:39949 for > krbtgt/[email protected] > Kerberos: Client sent patypes: 149 > Kerberos: Looking for PKINIT pa-data -- [email protected] > Kerberos: Looking for ENC-TS pa-data -- [email protected] > Kerberos: No preauth found, returning PREAUTH-REQUIRED -- > [email protected] > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:33899 for > krbtgt/[email protected] > Kerberos: Client sent patypes: encrypted-timestamp, 149 > Kerberos: Looking for PKINIT pa-data -- [email protected] > Kerberos: Looking for ENC-TS pa-data -- [email protected] > Kerberos: ENC-TS Pre-authentication succeeded -- [email protected] > using arcfour-hmac-md5 > Kerberos: AS-REQ authtime: 2011-12-22T22:19:54 starttime: unset endtime: > 2011-12-23T08:19:54 renew till: 2011-12-23T22:19:47 > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, > aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using > arcfour-hmac-md5/arcfour-hmac-md5 > Kerberos: Requested flags: renewable-ok > > Then this fails: > > wbinfo -u > Error looking up domain users > > Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() > - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - > NT_STATUS_CONNECTION_DISCONNECTED] > ldb_wrap open of secrets.ldb > using SPNEGO > Selected protocol [8][NT LANMAN 1.0] > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:58803 for > krbtgt/[email protected] > Kerberos: No preauth found, returning PREAUTH-REQUIRED -- [email protected] > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:49440 for > krbtgt/[email protected] > Kerberos: Client sent patypes: encrypted-timestamp > Kerberos: Looking for PKINIT pa-data -- [email protected] > Kerberos: Looking for ENC-TS pa-data -- [email protected] > Kerberos: Failed to decrypt PA-DATA -- [email protected] (enctype > arcfour-hmac-md5) error Decrypt integrity check failed > Kerberos: Failed to decrypt PA-DATA -- [email protected] > Wrong username or password: kinit for [email protected] failed > (Preauthentication failed) > > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE > Failed initial gensec_update with mechanism spnego: NT_STATUS_LOGON_FAILURE > Terminating connection - 'NT_STATUS_END_OF_FILE' > Terminating connection - 'NT_STATUS_END_OF_FILE' > standard_terminate: reason[NT_STATUS_END_OF_FILE] > Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() > - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - > NT_STATUS_CONNECTION_DISCONNECTED] > > And this: > > wbinfo -i Administrator > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user Administrator > > ldb_wrap open of secrets.ldb > using SPNEGO > Selected protocol [8][NT LANMAN 1.0] > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:38518 for > krbtgt/[email protected] > Kerberos: No preauth found, returning PREAUTH-REQUIRED -- [email protected] > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:53444 for > krbtgt/[email protected] > Kerberos: Client sent patypes: encrypted-timestamp > Kerberos: Looking for PKINIT pa-data -- [email protected] > Kerberos: Looking for ENC-TS pa-data -- [email protected] > Kerberos: Failed to decrypt PA-DATA -- [email protected] (enctype > arcfour-hmac-md5) error Decrypt integrity check failed > Kerberos: Failed to decrypt PA-DATA -- [email protected] > Wrong username or password: kinit for [email protected] failed > (Preauthentication failed) > > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE > Failed initial gensec_update with mechanism spnego: NT_STATUS_LOGON_FAILURE > Terminating connection - 'NT_STATUS_END_OF_FILE' > Terminating connection - 'NT_STATUS_END_OF_FILE' > standard_terminate: reason[NT_STATUS_END_OF_FILE] > Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() > - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - > NT_STATUS_CONNECTION_DISCONNECTED] > > Any ideas anyone? > Thanks > Steve
which distro are you using? Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
