Web lists-archives.com

[Samba] SPNEGO login failed: An internal error occurred




Hi,

I setup a test envirement on a dedicatet server.

OS: debian stretch
samba: 4.5.8
smbclient: 4.5.8

I set it up as DC, the provision work well, yes I've delete the smb.conf in advance. When I test kinit I got an kerberos ticket, but I've problems with smbclient either I use kerberos or password auth.

Myabee someone could help me?

my smb.conf:

# Global parameters
[global]
 netbios name = MX01
 realm = RABADANTEN.DE
 workgroup = RABADANTEN
 dns forwarder = 8.8.8.8
 server role = active directory domain controller

[netlogon]
 path = /var/lib/samba/sysvol/rabadanten.de/scripts
 read only = No

[sysvol]
 path = /var/lib/samba/sysvol
 read only = No

my krb5.conf:

[libdefaults]
 default_realm = RABADANTEN.DE
 dns_lookup_realm = false
 dns_lookup_kdc = true

when I try with 'smbclient -L localhost -UAdministrator -d3' :
<start>
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=195.62.123.31 bcast=195.62.123.31 netmask=255.255.255.255
Client started (version 4.5.8-Debian).
Enter Administrator's password:
resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name localhost<0x20>
Connecting to ::1 at port 445
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR
</stop>

with 'smbclient -L //mx01 -k -d6':

<start>
INFO: Current debug levels:
 all: 6
 tdb: 6
 printdrivers: 6
 lanman: 6
 smb: 6
 rpc_parse: 6
 rpc_srv: 6
 rpc_cli: 6
 passdb: 6
 sam: 6
 auth: 6
 winbind: 6
 vfs: 6
 idmap: 6
 quota: 6
 acls: 6
 locking: 6
 msdfs: 6
 dmapi: 6
 registry: 6
 scavenger: 6
 dns: 6
 ldb: 6
 tevent: 6
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
 all: 6
 tdb: 6
 printdrivers: 6
 lanman: 6
 smb: 6
 rpc_parse: 6
 rpc_srv: 6
 rpc_cli: 6
 passdb: 6
 sam: 6
 auth: 6
 winbind: 6
 vfs: 6
 idmap: 6
 quota: 6
 acls: 6
 locking: 6
 msdfs: 6
 dmapi: 6
 registry: 6
 scavenger: 6
 dns: 6
 ldb: 6
 tevent: 6
Processing section "[global]"
doing parameter netbios name = MX01
doing parameter realm = RABADANTEN.DE
doing parameter workgroup = RABADANTEN
doing parameter dns forwarder = 8.8.8.8
doing parameter server role = active directory domain controller
pm_process() returned Yes
added interface eth0 ip=2a02:248:2:32b3:5054:ff:fe80:7b7 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=195.62.123.31 bcast=195.62.123.31 netmask=255.255.255.255
Netbios name list:-
my_netbios_names[0]="MX01"
Client started (version 4.5.8-Debian).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for realm 'RABADANTEN.DE'
name mx01#20 found.
Connecting to 127.0.1.1 at port 445
Socket options:
 SO_KEEPALIVE = 0
 SO_REUSEADDR = 0
 SO_BROADCAST = 0
 TCP_NODELAY = 1
 TCP_KEEPCNT = 9
 TCP_KEEPIDLE = 7200
 TCP_KEEPINTVL = 75
 IPTOS_LOWDELAY = 0
 IPTOS_THROUGHPUT = 0
 SO_REUSEPORT = 0
 SO_SNDBUF = 2626560
 SO_RCVBUF = 1061808
 SO_SNDLOWAT = 1
 SO_RCVLOWAT = 1
 SO_SNDTIMEO = 0
 SO_RCVTIMEO = 0
 TCP_QUICKACK = 1
 TCP_DEFER_ACCEPT = 0
 session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore cli_session_setup_spnego: using target hostname not SPNEGO principal kerberos_get_default_realm_from_ccache: Trying to read krb5 cache: FILE:/tmp/krb5cc_0 cli_session_setup_spnego: guessed server principal=cifs/mx01@xxxxxxxxxxxxx GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
kerberos_get_default_realm_from_ccache: Trying to read krb5 cache: FILE:/tmp/krb5cc_0
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR
</stop>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba