Created attachment 12248 [details] SMB Conf File I have 2 windows server. Both windows versions are win2k12. My client is Montavista 64 bit Linux. I get NT_STATUS_CONNECTION_DISCONNECTED error with only one server for one or 2 files and sometimes even during browsing (ls) using smbclient using Kerberos Authentication Method, however rest of the files are fetched properly. Theb error is not seen during NTLM authentication or unsigned connection. I have attached both the working and non-working scenario logs. The only difference that I found between the two logs were that there was an error in one of them: samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fdee6b29a10] mpx_fde[(nil)] fd[9] - disabling I have attached the smb.conf file along too.
Created attachment 12249 [details] This is the working scenario where file is fetched
Created attachment 12250 [details] This is the error case
Queries: 1. Have you tried other clients (RHEL, Suse, CentOS etc)? 2. These logs are few, Have you taken packet captures to see What message server sends while disconnecting? This is Problem Diagram: //No error seen on NTLM auth. Issues only with Kerberos Authentication [Win2012-1(smbServer)] [Montavista-64Bit-Linux] [Win2012-2(samba-server)] | smbclient-4.19 | | | | | | | | // Browsing Win2012-1. No issues | Got KRB5 session key of length 32 cli_init_creds: user administrator@phone1.local domain PHONE1.LOCAL session setup ok // Browsing Win2012-2. Issues Got KRB5 session key of length 32 samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fdee6b29a10] mpx_fde[(nil)] fd[9] - disabling SPNEGO login failed: NT_STATUS_CONNECTION_DISCONNECTED Digging in Code: SessionKey is assigned by server in Session-SetUp Response message. bool smb_krb5_get_smb_session_key(){ DEBUG(10, ("Got KRB5 session key of length %d\n",(int)KRB5_KEY_LENGTH(skey))); } epoll_del_event(struct epoll_event_context *epoll_ev, struct tevent_fd *fde){ ret = epoll_ctl(epoll_ev->epoll_fd, EPOLL_CTL_DEL, fde->fd, &event); if (ret != 0 && errno == ENOENT) { } else if (ret != 0 && errno == EBADF) { //EBADF.Bad file descriptor (POSIX.1). tevent_debug(epoll_ev->ev, TEVENT_DEBUG_WARNING, "EPOLL_CTL_DEL EBADF for " "fde[%p] mpx_fde[%p] fd[%d] - disabling\n", fde, mpx_fde, fde->fd); } } In what cases epoll_ctl returns EBADF? http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/libc-epoll-ctl-1.html The parameter epfd or the parameter fd is an invalid file descriptor. Means epoll_ev->epoll_fd is Invalid or Windows has closed the connection. Suggested Action Plan: 1. Are there any access policies on windows2012, which is restricting the connection. 2. What's difference in Access policies on both windows machines. Why Issue happens with only 1 machine. 3. Install fresh window-server-2012 without restricted access and try connecting, also see wireshark (if it fails). 4. Try connecting to your montavista-linux with win2008 (or some other variant)