Web lists-archives.com

[Samba] Errors "Domain password server not available" and "SPNEGO login failed: The request is not supported"




Hi,


I am running an Ubuntu 14.04 server with Samba
2:4.3.11+dfsg-0ubuntu0.14.04.14, which just provides storage services to
the network. It is configured to use an existing Active Directory
infrastructure based on Windows servers.

Since some weeks I am experiencing issues with accessing the network
shares served by Samba (no matter which client/operating system).
Connection/mounting attempts ultimately fail most of the time. I am
seeing errors like "SPNEGO login failed: The request is not supported."
and "domain_client_validate: Domain password server not available." in
the logs. But sometimes, without changes on the server side, accessing
the shares works fine. An excerpt of the full log is attached below.

I tried many hours already to solve the problem by modifying the Samba
configuration without success, however, the original configuration
worked fine for years.

I have no clue how this issue can be solved and would appreciate any
support.


Thank you in advance and kind regards,
René


Log excerpt:

[2018/07/09 09:28:37.296984,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to [REDACTED] at port 445
[2018/07/09 09:28:37.297273,  5, pid=31899, effective(0, 0), real(0, 0)]
../lib/util/util_net.c:1055(print_socket_options)
  Socket options:
  	SO_KEEPALIVE = 0
  	SO_REUSEADDR = 0
  	SO_BROADCAST = 0
  	TCP_NODELAY = 1
  	TCP_KEEPCNT = 9
  	TCP_KEEPIDLE = 7200
  	TCP_KEEPINTVL = 75
  	IPTOS_LOWDELAY = 0
  	IPTOS_THROUGHPUT = 0
  	SO_REUSEPORT = 0
  	SO_SNDBUF = 46080
  	SO_RCVBUF = 372480
  	SO_SNDLOWAT = 1
  	SO_RCVLOWAT = 1
  	SO_SNDTIMEO = 0
  	SO_RCVTIMEO = 0
  	TCP_QUICKACK = 1
  	TCP_DEFER_ACCEPT = 0
[2018/07/09 09:28:37.298134,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:1837(cli_session_setup_spnego_send)
  Doing spnego session setup (blob length=120)
[2018/07/09 09:28:37.298168,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:1864(cli_session_setup_spnego_send)
  got OID=1.3.6.1.4.1.311.2.2.30
  got OID=1.2.840.48018.1.2.2
  got OID=1.2.840.113554.1.2.2
  got OID=1.2.840.113554.1.2.2.3
  got OID=1.3.6.1.4.1.311.2.2.10
[2018/07/09 09:28:37.298190,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:1874(cli_session_setup_spnego_send)
  got principal=not_defined_in_RFC4178@please_ignore
[2018/07/09 09:28:37.298291,  5, pid=31899, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:680(gensec_start_mech)
  Starting GENSEC mechanism spnego
[2018/07/09 09:28:37.298315,  5, pid=31899, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:680(gensec_start_mech)
  Starting GENSEC submechanism ntlmssp
[2018/07/09 09:28:37.298339,  1, pid=31899, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:402(ndr_print_debug)
       negotiate: struct NEGOTIATE_MESSAGE
          Signature                : 'NTLMSSP'
          MessageType              : NtLmNegotiate (1)
          NegotiateFlags           : 0x62088215 (1644724757)
                 1: NTLMSSP_NEGOTIATE_UNICODE
                 0: NTLMSSP_NEGOTIATE_OEM
                 1: NTLMSSP_REQUEST_TARGET
                 1: NTLMSSP_NEGOTIATE_SIGN
                 0: NTLMSSP_NEGOTIATE_SEAL
                 0: NTLMSSP_NEGOTIATE_DATAGRAM
                 0: NTLMSSP_NEGOTIATE_LM_KEY
                 0: NTLMSSP_NEGOTIATE_NETWARE
                 1: NTLMSSP_NEGOTIATE_NTLM
                 0: NTLMSSP_NEGOTIATE_NT_ONLY
                 0: NTLMSSP_ANONYMOUS
                 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                 0: NTLMSSP_TARGET_TYPE_DOMAIN
                 0: NTLMSSP_TARGET_TYPE_SERVER
                 0: NTLMSSP_TARGET_TYPE_SHARE
                 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                 0: NTLMSSP_NEGOTIATE_IDENTIFY
                 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                 0: NTLMSSP_NEGOTIATE_TARGET_INFO
                 1: NTLMSSP_NEGOTIATE_VERSION
                 1: NTLMSSP_NEGOTIATE_128
                 1: NTLMSSP_NEGOTIATE_KEY_EXCH
                 0: NTLMSSP_NEGOTIATE_56
          DomainNameLen            : 0x0000 (0)
          DomainNameMaxLen         : 0x0000 (0)
          DomainName               : *
              DomainName               : ''
          WorkstationLen           : 0x0000 (0)
          WorkstationMaxLen        : 0x0000 (0)
          Workstation              : *
              Workstation              : ''
          Version: struct ntlmssp_VERSION
              ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
              ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
              ProductBuild             : 0x0000 (0)
              Reserved: ARRAY(3)
                  [0]                      : 0x00 (0)
                  [1]                      : 0x00 (0)
                  [2]                      : 0x00 (0)
              NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
[2018/07/09 09:28:37.298917,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
  Got challenge flags:
[2018/07/09 09:28:37.298934,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_TARGET_TYPE_DOMAIN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2018/07/09 09:28:37.298984,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
  NTLMSSP: Set final flags:
[2018/07/09 09:28:37.298996,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2018/07/09 09:28:37.299027,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2018/07/09 09:28:37.299037,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2018/07/09 09:28:37.299067,  5, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_sign.c:633(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - using NTLM1
[2018/07/09 09:28:37.299462,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:2216(cli_session_setup_done_spnego)
  SPNEGO login failed: The request is not supported.
[2018/07/09 09:28:37.299558,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/lib/util_sock.c:515(open_socket_out_send)
  Connecting to [REDACTED] at port 445
[2018/07/09 09:28:37.299857,  5, pid=31899, effective(0, 0), real(0, 0)]
../lib/util/util_net.c:1055(print_socket_options)
  Socket options:
  	SO_KEEPALIVE = 0
  	SO_REUSEADDR = 0
  	SO_BROADCAST = 0
  	TCP_NODELAY = 1
  	TCP_KEEPCNT = 9
  	TCP_KEEPIDLE = 7200
  	TCP_KEEPINTVL = 75
  	IPTOS_LOWDELAY = 0
  	IPTOS_THROUGHPUT = 0
  	SO_REUSEPORT = 0
  	SO_SNDBUF = 46080
  	SO_RCVBUF = 372480
  	SO_SNDLOWAT = 1
  	SO_RCVLOWAT = 1
  	SO_SNDTIMEO = 0
  	SO_RCVTIMEO = 0
  	TCP_QUICKACK = 1
  	TCP_DEFER_ACCEPT = 0
[2018/07/09 09:28:37.300719,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:1837(cli_session_setup_spnego_send)
  Doing spnego session setup (blob length=120)
[2018/07/09 09:28:37.300772,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:1864(cli_session_setup_spnego_send)
  got OID=1.3.6.1.4.1.311.2.2.30
  got OID=1.2.840.48018.1.2.2
  got OID=1.2.840.113554.1.2.2
  got OID=1.2.840.113554.1.2.2.3
  got OID=1.3.6.1.4.1.311.2.2.10
[2018/07/09 09:28:37.300800,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:1874(cli_session_setup_spnego_send)
  got principal=not_defined_in_RFC4178@please_ignore
[2018/07/09 09:28:37.300905,  5, pid=31899, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:680(gensec_start_mech)
  Starting GENSEC mechanism spnego
[2018/07/09 09:28:37.300927,  5, pid=31899, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:680(gensec_start_mech)
  Starting GENSEC submechanism ntlmssp
[2018/07/09 09:28:37.300950,  1, pid=31899, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:402(ndr_print_debug)
       negotiate: struct NEGOTIATE_MESSAGE
          Signature                : 'NTLMSSP'
          MessageType              : NtLmNegotiate (1)
          NegotiateFlags           : 0x62088215 (1644724757)
                 1: NTLMSSP_NEGOTIATE_UNICODE
                 0: NTLMSSP_NEGOTIATE_OEM
                 1: NTLMSSP_REQUEST_TARGET
                 1: NTLMSSP_NEGOTIATE_SIGN
                 0: NTLMSSP_NEGOTIATE_SEAL
                 0: NTLMSSP_NEGOTIATE_DATAGRAM
                 0: NTLMSSP_NEGOTIATE_LM_KEY
                 0: NTLMSSP_NEGOTIATE_NETWARE
                 1: NTLMSSP_NEGOTIATE_NTLM
                 0: NTLMSSP_NEGOTIATE_NT_ONLY
                 0: NTLMSSP_ANONYMOUS
                 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                 0: NTLMSSP_TARGET_TYPE_DOMAIN
                 0: NTLMSSP_TARGET_TYPE_SERVER
                 0: NTLMSSP_TARGET_TYPE_SHARE
                 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                 0: NTLMSSP_NEGOTIATE_IDENTIFY
                 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                 0: NTLMSSP_NEGOTIATE_TARGET_INFO
                 1: NTLMSSP_NEGOTIATE_VERSION
                 1: NTLMSSP_NEGOTIATE_128
                 1: NTLMSSP_NEGOTIATE_KEY_EXCH
                 0: NTLMSSP_NEGOTIATE_56
          DomainNameLen            : 0x0000 (0)
          DomainNameMaxLen         : 0x0000 (0)
          DomainName               : *
              DomainName               : ''
          WorkstationLen           : 0x0000 (0)
          WorkstationMaxLen        : 0x0000 (0)
          Workstation              : *
              Workstation              : ''
          Version: struct ntlmssp_VERSION
              ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
              ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
              ProductBuild             : 0x0000 (0)
              Reserved: ARRAY(3)
                  [0]                      : 0x00 (0)
                  [1]                      : 0x00 (0)
                  [2]                      : 0x00 (0)
              NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
[2018/07/09 09:28:37.301526,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_client.c:270(ntlmssp_client_challenge)
  Got challenge flags:
[2018/07/09 09:28:37.301543,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_TARGET_TYPE_DOMAIN
    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2018/07/09 09:28:37.301590,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_client.c:726(ntlmssp_client_challenge)
  NTLMSSP: Set final flags:
[2018/07/09 09:28:37.301602,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2018/07/09 09:28:37.301633,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2018/07/09 09:28:37.301644,  3, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62008a15
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_ANONYMOUS
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2018/07/09 09:28:37.301681,  5, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_sign.c:633(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - using NTLM1
[2018/07/09 09:28:37.301999,  3, pid=31899, effective(0, 0), real(0, 0)]
../source3/libsmb/cliconnect.c:2216(cli_session_setup_done_spnego)
  SPNEGO login failed: The request is not supported.
[2018/07/09 09:28:37.302044,  0, pid=31899, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_domain.c:184(domain_client_validate)
  domain_client_validate: Domain password server not available.
[2018/07/09 09:28:37.302060,  5, pid=31899, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
  check_ntlm_password: winbind authentication for user [REDACTED] FAILED
with error NT_STATUS_NOT_SUPPORTED
[2018/07/09 09:28:37.302087,  2, pid=31899, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [REDACTED] -> [REDACTED]
FAILED with error NT_STATUS_NOT_SUPPORTED
[2018/07/09 09:28:37.302108,  5, pid=31899, effective(0, 0), real(0, 0)]
../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
  Checking NTLMSSP password for [REDACTED] failed: NT_STATUS_NOT_SUPPORTED
[2018/07/09 09:28:37.302131,  5, pid=31899, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
  ../auth/ntlmssp/ntlmssp_server.c:737: Checking NTLMSSP password for
[REDACTED] failed: NT_STATUS_NOT_SUPPORTED
[2018/07/09 09:28:37.302153,  2, pid=31899, effective(0, 0), real(0, 0)]
../auth/gensec/spnego.c:716(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NOT_SUPPORTED


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba