Bug 3853 - msdfs broken (similar to bug 1406)
msdfs broken (similar to bug 1406)
Status: RESOLVED DUPLICATE of bug 3651
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.9
x86 Windows XP
: P3 critical
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-23 11:48 UTC by rajeev
Modified: 2006-07-07 12:34 UTC (History)
1 user (show)

See Also:


Attachments
smb startup log with debug 10 (689.34 KB, text/plain)
2006-06-23 11:50 UTC, rajeev
no flags Details
failed attempt log (97.38 KB, text/plain)
2006-06-23 11:51 UTC, rajeev
no flags Details
success attempt log (444.35 KB, text/plain)
2006-06-23 11:51 UTC, rajeev
no flags Details
samba startup with d10 (160.58 KB, text/plain)
2006-07-07 12:05 UTC, rajeev
no flags Details
failed attempt to access a dfs link (364.49 KB, text/plain)
2006-07-07 12:05 UTC, rajeev
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description rajeev 2006-06-23 11:48:47 UTC
Very similar (if not identical) to bug 1406. 

Trying to use a samba install as a MSDFS root.

\\servername\dfs\<dfslink> does not work and 
\\serverip\dfs\<dfslink> works.

Samba - 3.0.22 and Active Directory 2003 Domain - no winbind.
Comment 1 rajeev 2006-06-23 11:50:39 UTC
Created attachment 1979 [details]
smb startup log with debug 10

startup of smb.log file with debug 10 (it also has 1 case of failure)
Comment 2 rajeev 2006-06-23 11:51:11 UTC
Created attachment 1980 [details]
failed attempt log
Comment 3 rajeev 2006-06-23 11:51:31 UTC
Created attachment 1981 [details]
success attempt log
Comment 4 rajeev 2006-06-27 17:35:21 UTC
anyone ?
Comment 5 Jeremy Allison 2006-06-27 18:14:36 UTC
Almost certainly the problem is this (from your log) :

[2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
  ads_secrets_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
[2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
  ads_secrets_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type
[2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
  ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2006/06/23 12:38:46, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed
[2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
  ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
  ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
[2006/06/23 12:38:46, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(249)
  ads_secrets_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
[2006/06/23 12:38:46, 10] passdb/secrets.c:secrets_named_mutex_release(821)
  secrets_named_mutex: released mutex for replay cache mutex
[2006/06/23 12:38:46, 3] libads/kerberos_verify.c:ads_verify_ticket(378)
  ads_verify_ticket: krb5_rd_req with auth failed (Success)
[2006/06/23 12:38:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(197)
  Failed to verify incoming ticket!
[2006/06/23 12:38:46, 3] smbd/error.c:error_packet(146)
  error packet at smbd/sesssetup.c(199) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2006/06/23 12:38:46, 5] lib/util.c:show_msg(454)
[2006/06/23 12:38:46, 5] lib/util.c:show_msg(464)

Your kerberos logins are failing, your NTLM ones are probably succeeding. This is consistent with \\name failing (it'll try and use krb5) and \\ip succeeding (it will automatically use NTLM). Fix your kerberos problem and the dfs will work.

Jeremy.
Comment 6 rajeev 2006-06-27 18:34:46 UTC
I upgraded the kerberos to the latest version and go over those errors. still no dice. I will be posting my logs again. plz watch out for them.

Comment 7 Jeremy Allison 2006-06-27 18:44:46 UTC
What I'm trying to tell you is that this isn't an msdfs bug. It's a configuration issue probably with the way you've set up kerberos. I'm not closing this bug immediately on the off chance there's something more here but if you keep posting logs with krb5 logon errors I'm just going to point you at the mailing lists to get that fixed and close this bug. Fix your kerberos issues first, then we can talk about other problems.
Jeremy.
Comment 8 rajeev 2006-06-27 18:46:44 UTC
Point taken Jeremy. I was planning on doing that in the first place (posting non-kerberos messages).
your help is much appreciated !

rajeev
p.s: and thx much leaving the ticket open too!
Comment 9 rajeev 2006-07-02 00:50:52 UTC
Jeremy

I got rid of all the kerberos errors and noticed that I was still not able to follow the dfs links. I am seeing very similar results to the ones deposited in bug # 3651. 





*** This bug has been marked as a duplicate of 3651 ***
Comment 10 Jeremy Allison 2006-07-02 14:06:10 UTC
If you're still having problems after getting rid of the krb5 error please post the logs showing this. I need to see what is going wrong before I can do anything about this.
Jeremy.
Comment 11 rajeev 2006-07-07 12:05:24 UTC
Created attachment 2022 [details]
samba startup with d10
Comment 12 rajeev 2006-07-07 12:05:57 UTC
Created attachment 2023 [details]
failed attempt to access a dfs link
Comment 13 rajeev 2006-07-07 12:10:18 UTC
smbclient test
==============


a) TEST 1 - DFS link is to a \\server\share\path

[root@ibrix2 samba]# /usr/local/samba/bin/smbclient -k //ibrix2/dfs
OS=[Unix] Server=[Samba 3.0.23rc3]
smb: \> dir
  .                                   D        0  Fri Jul  7 12:45:37 2006
  ..                                  D        0  Mon Jun 26 23:23:09 2006
  annotation                          D        0  Wed Jun 28 09:57:41 2006
  IT                                  D        0  Wed Jun 28 09:54:22 2006

                40317 blocks of size 262144. 22131 blocks available
smb: \> cd IT
Connection to nfsa.tigr.org\IFX failed
Unable to follow dfs referral [//nfsa.tigr.org\IFX/IT]
cd \IT\: NT_STATUS_PATH_NOT_COVERED


b) TEST 2 -- DFS Links is to a \\server\share

smb: \> dir
  .                                   D        0  Fri Jul  7 12:45:37 2006
  ..                                  D        0  Mon Jun 26 23:23:09 2006
  annotation                          D        0  Wed Jun 28 09:57:41 2006
  IT                                  D        0  Wed Jun 28 09:54:22 2006

                40317 blocks of size 262144. 22131 blocks available
smb: \> cd annotation
smb: \annotation\> ls
  ~snapshot                          DH        0  Fri Jul  7 12:00:36 2006
  TTT                                 D        0  Tue Jul 26 14:30:51 2005
 <<content truncated>>



Do these logs help ?

rajeev

Comment 14 rajeev 2006-07-07 12:34:42 UTC
Jeremy

Perhaps you can tell me what sequence of steps to take for log generation and I can get them for you.

rajeev