Package: debian-edu-config
Version: 2.12.36
Currently, it is not possible with either gvfs nor smbclient to access a user's
home directory due to an authentication failure.
$ klist
Ticket cache: FILE:/tmp/krb5cc_1003_X8fbPu
Default principal: gber@INTERN
Valid starting Expires Service principal
09/19/23 13:12:44 09/19/23 23:12:44 krbtgt/INTERN@INTERN
renew until 09/20/23 13:12:44
09/19/23 13:13:16 09/19/23 23:12:44 cifs/tjener.intern@INTERN
renew until 09/20/23 13:12:44
$ smbclient -d 99 --use-kerberos=required -U 'TJENER\gber'
'\\tjener.intern\homes\'
INFO: Current debug levels:
all: 99
tdb: 99
printdrivers: 99
lanman: 99
smb: 99
rpc_parse: 99
rpc_srv: 99
rpc_cli: 99
passdb: 99
sam: 99
auth: 99
winbind: 99
vfs: 99
idmap: 99
quota: 99
acls: 99
locking: 99
msdfs: 99
dmapi: 99
registry: 99
scavenger: 99
dns: 99
ldb: 99
tevent: 99
auth_audit: 99
auth_json_audit: 99
kerberos: 99
drs_repl: 99
smb2: 99
smb2_credits: 99
dsdb_audit: 99
dsdb_json_audit: 99
dsdb_password_audit: 99
dsdb_password_json_audit: 99
dsdb_transaction_audit: 99
dsdb_transaction_json_audit: 99
dsdb_group_audit: 99
dsdb_group_json_audit: 99
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 99
tdb: 99
printdrivers: 99
lanman: 99
smb: 99
rpc_parse: 99
rpc_srv: 99
rpc_cli: 99
passdb: 99
sam: 99
auth: 99
winbind: 99
vfs: 99
idmap: 99
quota: 99
acls: 99
locking: 99
msdfs: 99
dmapi: 99
registry: 99
scavenger: 99
dns: 99
ldb: 99
tevent: 99
auth_audit: 99
auth_json_audit: 99
kerberos: 99
drs_repl: 99
smb2: 99
smb2_credits: 99
dsdb_audit: 99
dsdb_json_audit: 99
dsdb_password_audit: 99
dsdb_password_json_audit: 99
dsdb_transaction_audit: 99
dsdb_transaction_json_audit: 99
dsdb_group_audit: 99
dsdb_group_json_audit: 99
Processing section "[global]"
doing parameter workgroup = skolelinux
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter logging = file
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter server role = standalone server
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
doing parameter map to guest = bad user
doing parameter usershare allow guests = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=10.0.2.20 bcast=10.255.255.255 netmask=255.0.0.0
Password for [TJENER\gber]:Client started (version 4.17.10-Debian).
Opening cache file at /run/samba/gencache.tdb
tdb(/run/samba/gencache.tdb): tdb_open_ex: could not open file
/run/samba/gencache.tdb: Permission denied
gencache_init: Opening user cache file
/skole/tjener/home0/gber/.cache/samba/gencache.tdb.
sitename_fetch: No stored sitename for realm ''
internal_resolve_name: looking up tjener.intern#20 (sitename (null))
namecache_fetch: name tjener.intern#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
samba_tevent: Added timed event "tevent_req_timedout": 0x55612aa9f2b0
Connecting to 10.0.2.2 at port 445
samba_tevent: Added timed event "tevent_req_timedout": 0x55612aa9fb50
samba_tevent: Added timed event "tevent_req_timedout": 0x55612aa87d00
samba_tevent: Destroying timer event 0x55612aa9f2b0 "tevent_req_timedout"
samba_tevent: Destroying timer event 0x55612aa9fb50 "tevent_req_timedout"
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1,
TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0,
IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072,
SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1,
TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
samba_tevent: Destroying timer event 0x55612aa87d00 "tevent_req_timedout"
session request ok
samba_tevent: Added timed event "tevent_req_timedout": 0x55612aa986f0
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x55612aa9ed60
samba_tevent: Cancel immediate event 0x55612aa9ed60 "tevent_req_trigger"
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x55612aa9ed60
samba_tevent: Run immediate event "tevent_req_trigger": 0x55612aa9ed60
samba_tevent: Destroying timer event 0x55612aa986f0 "tevent_req_timedout"
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x55612aaa0cd0
samba_tevent: Run immediate event "tevent_req_trigger": 0x55612aaa0cd0
negotiated dialect[SMB3_11] against server[tjener.intern]
cli_session_setup_spnego_send: Connect to tjener.intern as gber@TJENER using
SPNEGO
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x55612aa9fa10
gensec_update_send: gse_krb5[0x55612aaa0ad0]: subreq: 0x55612aa9f920
gensec_update_send: spnego[0x55612aa9e7c0]: subreq: 0x55612aaa3610
samba_tevent: Run immediate event "tevent_req_trigger": 0x55612aa9fa10
gensec_update_done: gse_krb5[0x55612aaa0ad0]:
NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x55612aa9f920/../../source3/librpc/crypto/gse.c:895]: state[2]
error[0 (0x0)] state[struct gensec_gse_update_state (0x55612aa9fae0)]
timer[(nil)] finish[../../source3/librpc/crypto/gse.c:906]
gensec_update_done: spnego[0x55612aa9e7c0]: NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x55612aaa3610/../../auth/gensec/spnego.c:1631]: state[2] error[0
(0x0)] state[struct gensec_spnego_update_state (0x55612aaa37d0)] timer[(nil)]
finish[../../auth/gensec/spnego.c:2116]
samba_tevent: Added timed event "tevent_req_timedout": 0x55612aa986f0
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x55612aaadc30
samba_tevent: Cancel immediate event 0x55612aaadc30 "tevent_req_trigger"
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x55612aaadc30
samba_tevent: Run immediate event "tevent_req_trigger": 0x55612aaadc30
samba_tevent: Destroying timer event 0x55612aa986f0 "tevent_req_timedout"
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x55612aaad6a0
samba_tevent: Run immediate event "tevent_req_trigger": 0x55612aaad6a0
SPNEGO login failed: An invalid parameter was passed to a service or function.
session setup failed: NT_STATUS_INVALID_PARAMETER
The samba log on tjener:
[2023/09/19 14:04:01.336794, 5]
../../source3/auth/auth.c:565(make_auth3_context_for_ntlm)
make_auth3_context_for_ntlm: Making default auth method list for server role
= 'standalone server', encrypt passwords = yes
[2023/09/19 14:04:01.336861, 5] ../../source3/auth/auth.c:52(smb_register_auth)
Attempting to register auth backend anonymous
[2023/09/19 14:04:01.336882, 5] ../../source3/auth/auth.c:64(smb_register_auth)
Successfully added auth method 'anonymous'
[2023/09/19 14:04:01.336893, 5] ../../source3/auth/auth.c:52(smb_register_auth)
Attempting to register auth backend sam
[2023/09/19 14:04:01.336901, 5] ../../source3/auth/auth.c:64(smb_register_auth)
Successfully added auth method 'sam'
[2023/09/19 14:04:01.336908, 5] ../../source3/auth/auth.c:52(smb_register_auth)
Attempting to register auth backend sam_ignoredomain
[2023/09/19 14:04:01.336914, 5] ../../source3/auth/auth.c:64(smb_register_auth)
Successfully added auth method 'sam_ignoredomain'
[2023/09/19 14:04:01.336922, 5] ../../source3/auth/auth.c:52(smb_register_auth)
Attempting to register auth backend sam_netlogon3
[2023/09/19 14:04:01.336929, 5] ../../source3/auth/auth.c:64(smb_register_auth)
Successfully added auth method 'sam_netlogon3'
[2023/09/19 14:04:01.336935, 5] ../../source3/auth/auth.c:52(smb_register_auth)
Attempting to register auth backend winbind
[2023/09/19 14:04:01.336942, 5] ../../source3/auth/auth.c:64(smb_register_auth)
Successfully added auth method 'winbind'
[2023/09/19 14:04:01.336950, 5] ../../source3/auth/auth.c:52(smb_register_auth)
Attempting to register auth backend unix
[2023/09/19 14:04:01.336961, 5] ../../source3/auth/auth.c:64(smb_register_auth)
Successfully added auth method 'unix'
[2023/09/19 14:04:01.336969, 5] ../../source3/auth/auth.c:426(load_auth_module)
load_auth_module: Attempting to find an auth method to match anonymous
[2023/09/19 14:04:01.336978, 5] ../../source3/auth/auth.c:451(load_auth_module)
load_auth_module: auth method anonymous has a valid init
[2023/09/19 14:04:01.336985, 5] ../../source3/auth/auth.c:426(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam_ignoredomain
[2023/09/19 14:04:01.336991, 5] ../../source3/auth/auth.c:451(load_auth_module)
load_auth_module: auth method sam_ignoredomain has a valid init
[2023/09/19 14:04:01.338828, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2023/09/19 14:04:01.338852, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2023/09/19 14:04:01.338862, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2023/09/19 14:04:01.338870, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'spnego' registered
[2023/09/19 14:04:01.338878, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'schannel' registered
[2023/09/19 14:04:01.338887, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'ncalrpc_as_system' registered
[2023/09/19 14:04:01.338895, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2023/09/19 14:04:01.338903, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'ntlmssp' registered
[2023/09/19 14:04:01.338911, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2023/09/19 14:04:01.338919, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'http_basic' registered
[2023/09/19 14:04:01.338927, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'http_ntlm' registered
[2023/09/19 14:04:01.338935, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'http_negotiate' registered
[2023/09/19 14:04:01.338945, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'krb5' registered
[2023/09/19 14:04:01.338954, 3]
../../auth/gensec/gensec_start.c:1083(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2023/09/19 14:04:01.339044, 5]
../../auth/gensec/gensec_start.c:844(gensec_start_mech)
Starting GENSEC mechanism spnego
[2023/09/19 14:04:01.339083, 5]
../../auth/gensec/gensec_start.c:844(gensec_start_mech)
Starting GENSEC submechanism ntlmssp
[2023/09/19 14:04:01.342752, 5]
../../source3/auth/auth.c:565(make_auth3_context_for_ntlm)
make_auth3_context_for_ntlm: Making default auth method list for server role
= 'standalone server', encrypt passwords = yes
[2023/09/19 14:04:01.342788, 5] ../../source3/auth/auth.c:426(load_auth_module)
load_auth_module: Attempting to find an auth method to match anonymous
[2023/09/19 14:04:01.342801, 5] ../../source3/auth/auth.c:451(load_auth_module)
load_auth_module: auth method anonymous has a valid init
[2023/09/19 14:04:01.342811, 5] ../../source3/auth/auth.c:426(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam_ignoredomain
[2023/09/19 14:04:01.342820, 5] ../../source3/auth/auth.c:451(load_auth_module)
load_auth_module: auth method sam_ignoredomain has a valid init
[2023/09/19 14:04:01.342873, 5]
../../auth/gensec/gensec_start.c:844(gensec_start_mech)
Starting GENSEC mechanism spnego
[2023/09/19 14:04:01.342936, 1]
../../auth/gensec/spnego.c:1341(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: Could not find a suitable mechtype in
NEG_TOKEN_INIT
[2023/09/19 14:04:01.342972, 5]
../../auth/gensec/gensec.c:534(gensec_update_done)
gensec_update_done: spnego[0x5618c5c0b850]: NT_STATUS_INVALID_PARAMETER
--
Guido Berhoerster
