On 12/23/2011 06:34 AM, Günter Kukkukk wrote:
On Thursday 22 December 2011 22:32:46 steve wrote:
Hi everyone
After almost 2 days up-time with Samba 4, it failed again. This time it
simply will not restart.
The krb5.conf had got corrupted. I replaced it with this one from
/usr/local/samba/private
/etc/krb5.conf
[libdefaults]
default_realm = HH3.SITE
dns_lookup_realm = false
dns_lookup_kdc = true
It starts up OK:
samba -i -d 3
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
samba version 4.0.0alpha18-GIT-bfc7481 started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
NTPTR backend 'simple_ldb'
NTVFS backend 'default' for type 1 registered
NTVFS backend 'posix' for type 1 registered
NTVFS backend 'unixuid' for type 1 registered
NTVFS backend 'unixuid' for type 3 registered
NTVFS backend 'unixuid' for type 2 registered
NTVFS backend 'cifs' for type 1 registered
NTVFS backend 'smb2' for type 1 registered
NTVFS backend 'simple' for type 1 registered
NTVFS backend 'cifsposix' for type 1 registered
NTVFS backend 'default' for type 3 registered
NTVFS backend 'default' for type 2 registered
NTVFS backend 'nbench' for type 1 registered
PROCESS_MODEL 'single' registered
PROCESS_MODEL 'standard' registered
PROCESS_MODEL 'onefork' registered
PROCESS_MODEL 'prefork' registered
AUTH backend 'sam' registered
AUTH backend 'sam_ignoredomain' registered
AUTH backend 'anonymous' registered
AUTH backend 'server' registered
AUTH backend 'winbind' registered
AUTH backend 'winbind_wbclient' registered
AUTH backend 'name_to_ntstatus' registered
AUTH backend 'fixed_challenge' registered
AUTH backend 'unix' registered
SHARE backend [classic] registered.
SHARE backend [ldb] registered.
ldb_wrap open of privilege.ldb
samba: using 'standard' process model
DCERPC endpoint server 'rpcecho' registered
DCERPC endpoint server 'epmapper' registered
DCERPC endpoint server 'remote' registered
DCERPC endpoint server 'srvsvc' registered
DCERPC endpoint server 'wkssvc' registered
DCERPC endpoint server 'unixinfo' registered
DCERPC endpoint server 'samr' registered
DCERPC endpoint server 'winreg' registered
DCERPC endpoint server 'netlogon' registered
DCERPC endpoint server 'dssetup' registered
DCERPC endpoint server 'lsarpc' registered
DCERPC endpoint server 'backupkey' registered
DCERPC endpoint server 'spoolss' registered
DCERPC endpoint server 'drsuapi' registered
DCERPC endpoint server 'browser' registered
DCERPC endpoint server 'eventlog6' registered
DCERPC endpoint server 'dnsserver' registered
WARNING: no socket to connect to
ldb_wrap open of secrets.ldb
ldb_wrap open of idmap.ldb
Calling DNS name update script
Calling SPN name update script
kccsrv_partition[DC=hh3,DC=site] loaded
kccsrv_partition[CN=Configuration,DC=hh3,DC=site] loaded
kccsrv_partition[CN=Schema,CN=Configuration,DC=hh3,DC=site] loaded
kccsrv_partition[DC=DomainDnsZones,DC=hh3,DC=site] loaded
dreplsrv_partition[CN=Configuration,DC=hh3,DC=site] loaded
dreplsrv_partition[CN=Schema,CN=Configuration,DC=hh3,DC=site] loaded
dreplsrv_partition[DC=hh3,DC=site] loaded
dreplsrv_partition[DC=ForestDnsZones,DC=hh3,DC=site] loaded
dreplsrv_partition[DC=DomainDnsZones,DC=hh3,DC=site] loaded
kccsrv_partition[DC=ForestDnsZones,DC=hh3,DC=site] loaded
Completed SPN update check OK
Completed DNS update check OK
Registered HH3<00> with 192.168.1.3 on interface 192.168.1.255
Registered HH3<03> with 192.168.1.3 on interface 192.168.1.255
Registered HH3<20> with 192.168.1.3 on interface 192.168.1.255
Registered CACTUS<1b> with 192.168.1.3 on interface 192.168.1.255
Registered CACTUS<1c> with 192.168.1.3 on interface 192.168.1.255
Registered CACTUS<00> with 192.168.1.3 on interface 192.168.1.255
And this works:
kinit [email protected]
Password for [email protected]:
Warning: Your password will expire in 40 days on Tue Jan 31 23:40:57 2012
Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:39949 for
krbtgt/[email protected]
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- [email protected]
Kerberos: Looking for ENC-TS pa-data -- [email protected]
Kerberos: No preauth found, returning PREAUTH-REQUIRED --
[email protected]
Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:33899 for
krbtgt/[email protected]
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- [email protected]
Kerberos: Looking for ENC-TS pa-data -- [email protected]
Kerberos: ENC-TS Pre-authentication succeeded -- [email protected]
using arcfour-hmac-md5
Kerberos: AS-REQ authtime: 2011-12-22T22:19:54 starttime: unset endtime:
2011-12-23T08:19:54 renew till: 2011-12-23T22:19:47
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using
arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable-ok
Then this fails:
wbinfo -u
Error looking up domain users
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
ldb_wrap open of secrets.ldb
using SPNEGO
Selected protocol [8][NT LANMAN 1.0]
Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:58803 for
krbtgt/[email protected]
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- [email protected]
Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:49440 for
krbtgt/[email protected]
Kerberos: Client sent patypes: encrypted-timestamp
Kerberos: Looking for PKINIT pa-data -- [email protected]
Kerberos: Looking for ENC-TS pa-data -- [email protected]
Kerberos: Failed to decrypt PA-DATA -- [email protected] (enctype
arcfour-hmac-md5) error Decrypt integrity check failed
Kerberos: Failed to decrypt PA-DATA -- [email protected]
Wrong username or password: kinit for [email protected] failed
(Preauthentication failed)
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
Failed initial gensec_update with mechanism spnego: NT_STATUS_LOGON_FAILURE
Terminating connection - 'NT_STATUS_END_OF_FILE'
Terminating connection - 'NT_STATUS_END_OF_FILE'
standard_terminate: reason[NT_STATUS_END_OF_FILE]
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
And this:
wbinfo -i Administrator
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user Administrator
ldb_wrap open of secrets.ldb
using SPNEGO
Selected protocol [8][NT LANMAN 1.0]
Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:38518 for
krbtgt/[email protected]
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- [email protected]
Kerberos: AS-REQ [email protected] from ipv4:192.168.1.3:53444 for
krbtgt/[email protected]
Kerberos: Client sent patypes: encrypted-timestamp
Kerberos: Looking for PKINIT pa-data -- [email protected]
Kerberos: Looking for ENC-TS pa-data -- [email protected]
Kerberos: Failed to decrypt PA-DATA -- [email protected] (enctype
arcfour-hmac-md5) error Decrypt integrity check failed
Kerberos: Failed to decrypt PA-DATA -- [email protected]
Wrong username or password: kinit for [email protected] failed
(Preauthentication failed)
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
Failed initial gensec_update with mechanism spnego: NT_STATUS_LOGON_FAILURE
Terminating connection - 'NT_STATUS_END_OF_FILE'
Terminating connection - 'NT_STATUS_END_OF_FILE'
standard_terminate: reason[NT_STATUS_END_OF_FILE]
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Any ideas anyone?
Thanks
Steve
which distro are you using?
Cheers, Günter
openSUSE 12.1 with this output (but same with Ubuntu 11.10 on the git
from the day after this checkout).
Thanks
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba