Bug 459606 - Authentication failure between samba on RHEL 4.7 and Vista clients
Authentication failure between samba on RHEL 4.7 and Vista clients
Status: CLOSED INSUFFICIENT_DATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba (Show other bugs)
4.9
i386 Linux
medium Severity high
: rc
: ---
Assigned To: Guenther Deschner
qe-baseos-daemons
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-20 10:17 EDT by Shing-Shong Shei
Modified: 2010-05-10 10:54 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-10 10:54:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Level 10 log file (231.16 KB, text/plain)
2008-08-20 10:32 EDT, Shing-Shong Shei
no flags Details

  None (edit)
Description Shing-Shong Shei 2008-08-20 10:17:23 EDT
Description of problem:
Authentication failure between samba on RHEL 4.7 and Vista clients

Version-Release number of selected component (if applicable):
3.0.28-0.el4.9

How reproducible:


Steps to Reproduce:
1. on a Vista 32-bit client do 'Run' then '\\servername\user_name' which authenticated againt a Kerberos ADS server
2.
3.
  
Actual results:
After entering username and password, it failed mounting the samba drive.  Instead it came back and as for username and password again.

Expected results:
Should pop up a explorer window should the samba drive's contents.

Additional info:
The log file showed:

[2008/08/14 15:16:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
 Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2008/08/14 15:16:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
 Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2008/08/14 15:16:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)

The same samba setup worked until applying the Update 7 patches.
Comment 1 Shing-Shong Shei 2008-08-20 10:32:51 EDT
Created attachment 314631 [details]
Level 10 log file
Comment 2 Shing-Shong Shei 2008-09-05 14:17:22 EDT
We kind of 'solve' the problem by the following procedures:

1) service smb stop
2) net -U your_username ads leave
3) rm /etc/samba/secrets.tdb
4) find /var/cache/samba -type f | xargs rm
5) net -U your_username ads join
6) service smb start

Hope this will help.

Thanks,
Bruce
Comment 3 Simo Sorce 2008-09-05 14:35:49 EDT
your "solution" surprises me.
it seem like your samba server credentials (either in the AD domain or in secrets.tdb are broken/changed/erased) and you just reset it by leaving and joining the domian.

How often does this problem happen?
Does it happen randomly? Or have you identified a correlation with some other action ?
Comment 4 Shing-Shong Shei 2008-09-05 15:08:44 EDT
Hi Simo,

Well, I have worked with Günther and you intensively for a while and then things dropped cold.  Thus we were kind of experimenting around and seemed to have found that the above mentioned steps solved our problem.  I am not a samba expert but it was working before.  The first time I noticed that it's broken was roughly the time I applied RHEL4 Update 7 to the (samba) server.  Then it failed constantly for Vista clients (while it works for XP Pro clients).  So to answer your questoins: 1) it happened consistently for Vista clients; 2) No, I have not identified a correlation.  Just watched which file got changed when we 'leave' and 'join' the ADS.  (Also this machine has a CNAME 'samba1' which we used to joint the ADS.  I don't think it matters as now this is the way it's set up and it's working fine.)

Thanks,
Bruce
Comment 5 Dmitri Pal 2010-05-10 10:54:24 EDT
Please retest with the latest version of Samba and reopen if the problem still exists.

Note You need to log in before you can comment on or make changes to this bug.