I can not get libwbclient in sssd 1.15 work at all for samba. samba log is not helpful either: [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE
Is libwbclient working in 1.15?
Jocke
On (11/02/17 19:10), Joakim Tjernlund wrote:
I can not get libwbclient in sssd 1.15 work at all for samba. samba log is not helpful either: [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE
Is libwbclient working in 1.15?
Which distribution do you use?
Did you set alternatives yourself?
Does sssd-libwblient has the same soname as libwblient from samba?
LS
On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote:
On (11/02/17 19:10), Joakim Tjernlund wrote:
I can not get libwbclient in sssd 1.15 work at all for samba. samba log is not helpful either: [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE
Is libwbclient working in 1.15?
Which distribution do you use?
Gentoo
Did you set alternatives yourself?
No I set a symlink for libwbclient myself: cd /usr/lib64/ devsrv2 lib64 # ls -l libwbclient.so* lrwxrwxrwx 1 root root 19 Feb 3 12:41 libwbclient.so -> libwbclient.so.0.13* lrwxrwxrwx 1 root root 19 Feb 3 12:41 libwbclient.so.0 -> libwbclient.so.0.13* lrwxrwxrwx 1 root root 34 Feb 11 19:11 libwbclient.so.0.13 -> sssd/modules/libwbclient.so.0.13.0*
Does sssd-libwblient has the same soname as libwblient from samba?
Yes, this is samba 4.5.5 which have libwbclient.so.0.13
Jocke
On Sat, 2017-02-11 at 21:25 +0100, Joakim Tjernlund wrote:
On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote:
On (11/02/17 19:10), Joakim Tjernlund wrote:
I can not get libwbclient in sssd 1.15 work at all for samba. samba log is not helpful either: [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE
Is libwbclient working in 1.15?
Which distribution do you use?
Gentoo
Can you say something about required config for sssd/samba for using sssd's libwbclient?
On Sat, Feb 11, 2017 at 08:29:18PM +0000, Joakim Tjernlund wrote:
On Sat, 2017-02-11 at 21:25 +0100, Joakim Tjernlund wrote:
On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote:
On (11/02/17 19:10), Joakim Tjernlund wrote:
I can not get libwbclient in sssd 1.15 work at all for samba. samba log is not helpful either: [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE
Is libwbclient working in 1.15?
Which distribution do you use?
Gentoo
Can you say something about required config for sssd/samba for using sssd's libwbclient?
For the Samba side all is done if the Samba binaries can find and load the library.
The most important option on the SSSD side is 'use_fully_qualified_names = True' currently SSSD's version of libwbclient will not work with short names.
In general it has to be noted that SSSD's version of libwbclient has some general restrictions, e.g. it only works with Kerberos authentication not with NTLM. Since you got a NT_STATUS_LOGON_FAILURE the client might have tried NTLM instead of Kerberos. The Samba logs should tell you which authentication method was tried, maybe you have to increase the 'log level' in smb.conf.
HTH
bye, Sumit
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Mon, 2017-02-13 at 09:32 +0100, Sumit Bose wrote:
On Sat, Feb 11, 2017 at 08:29:18PM +0000, Joakim Tjernlund wrote:
On Sat, 2017-02-11 at 21:25 +0100, Joakim Tjernlund wrote:
On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote:
On (11/02/17 19:10), Joakim Tjernlund wrote:
I can not get libwbclient in sssd 1.15 work at all for samba. samba log is not helpful either: [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE
Is libwbclient working in 1.15?
Which distribution do you use?
Gentoo
Can you say something about required config for sssd/samba for using sssd's libwbclient?
For the Samba side all is done if the Samba binaries can find and load the library.
The most important option on the SSSD side is 'use_fully_qualified_names = True' currently SSSD's version of libwbclient will not work with short names.
We tried that briefly but didn't get past the login failure.
In general it has to be noted that SSSD's version of libwbclient has some general restrictions, e.g. it only works with Kerberos authentication not with NTLM. Since you got a NT_STATUS_LOGON_FAILURE the client might have tried NTLM instead of Kerberos. The Samba logs should tell you which authentication method was tried, maybe you have to increase the 'log level' in smb.conf.
we ran smbclient -k -L <samba host> but only got the NT_STATUS_LOGON_FAILURE I think we may have understood that sssd wbclient only works for the client? The sever running samba fileserver cannot use sssd libwbclient, is that true? That would explain why we could not make this work.
Jocke
On Mon, Feb 13, 2017 at 08:57:12AM +0000, Joakim Tjernlund wrote:
On Mon, 2017-02-13 at 09:32 +0100, Sumit Bose wrote:
On Sat, Feb 11, 2017 at 08:29:18PM +0000, Joakim Tjernlund wrote:
On Sat, 2017-02-11 at 21:25 +0100, Joakim Tjernlund wrote:
On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote:
On (11/02/17 19:10), Joakim Tjernlund wrote:
I can not get libwbclient in sssd 1.15 work at all for samba. samba log is not helpful either: [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE
Is libwbclient working in 1.15?
Which distribution do you use?
Gentoo
Can you say something about required config for sssd/samba for using sssd's libwbclient?
For the Samba side all is done if the Samba binaries can find and load the library.
The most important option on the SSSD side is 'use_fully_qualified_names = True' currently SSSD's version of libwbclient will not work with short names.
We tried that briefly but didn't get past the login failure.
In general it has to be noted that SSSD's version of libwbclient has some general restrictions, e.g. it only works with Kerberos authentication not with NTLM. Since you got a NT_STATUS_LOGON_FAILURE the client might have tried NTLM instead of Kerberos. The Samba logs should tell you which authentication method was tried, maybe you have to increase the 'log level' in smb.conf.
we ran smbclient -k -L <samba host> but only got the NT_STATUS_LOGON_FAILURE I think we may have understood that sssd wbclient only works for the client? The sever running samba fileserver cannot use sssd libwbclient, is that true?
No, you can use it on the server as well with some restrictions like no NTLM.
Feel free to send me the Samba logs from the server if you want me to take a look.
bye, Sumit
That would explain why we could not make this work.
Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
sssd-users@lists.fedorahosted.org
-
Joakim Tjernlund -
Lukas Slebodnik -
Sumit Bose