Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1462769
Description of problem: Unable to access cifs share using sssd-libwbclient. When accessing the share the following error is seen: [root@vm-idm-017 samba]# smbclient -k -L //vm-idm-017.lab.eng.pnq.redhat.com/share1 session setup failed: NT_STATUS_LOGON_FAILURE Version-Release number of selected component (if applicable): sssd-krb5-common-1.15.2-48.el7.x86_64 sssd-ldap-1.15.2-48.el7.x86_64 python-sssdconfig-1.15.2-48.el7.noarch sssd-common-1.15.2-48.el7.x86_64 sssd-common-pac-1.15.2-48.el7.x86_64 sssd-ad-1.15.2-48.el7.x86_64 sssd-krb5-1.15.2-48.el7.x86_64 sssd-1.15.2-48.el7.x86_64 sssd-libwbclient-1.15.2-48.el7.x86_64 sssd-client-1.15.2-48.el7.x86_64 sssd-ipa-1.15.2-48.el7.x86_64 sssd-proxy-1.15.2-48.el7.x86_64 How reproducible: Steps to Reproduce: 1. On RHEL7.4 system install sssd samba realmd cifs-utils packages krb5-workstation 2. Join the system to Windows AD using realm command realm join -v JUNO.TEST -U administrator [sssd] domains = juno.test config_file_version = 2 services = nss, pam [domain/juno.test] ad_domain = juno.test krb5_realm = JUNO.TEST realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad 3. Start sssd service 4.configure smb.conf to provide a share "share1" [global] workgroup = JUNO netbios name = vm-idm-017 realm = JUNO.TEST security = ads kerberos method = system keytab ntlm auth = no load printers = no printing = bsd log file = /var/log/samba/log.%m max log size = 500 log level = 50 map acl inherit = Yes store dos attributes = Yes [share1] path = /mnt/samba/share1 comment = test share1 writable = yes printable = no 5. Install sssd-libwbclient sssd-libwbclient-1.15.2-48.el7.x86_64 6. Check alternatives [root@vm-idm-017 samba]# alternatives --list libnssckbi.so.x86_64 auto /usr/lib64/pkcs11/p11-kit-trust.so pax auto /usr/bin/spax ld auto /usr/bin/ld.bfd print auto /usr/bin/lpr.cups mta auto /usr/sbin/sendmail.sendmail emacs.etags auto /usr/bin/etags.emacs emacs auto /usr/bin/emacs-24.3 cifs-idmap-plugin auto /usr/lib64/cifs-utils/cifs_idmap_sss.so libwbclient.so.0.13-64 auto /usr/lib64/sssd/modules/libwbclient.so.0.13.0 cups_backend_smb auto /usr/bin/smbspool 7. Do kinit as ad user [root@vm-idm-017 samba]# kinit foobar1 Password for foobar1@JUNO.TEST: [root@vm-idm-017 samba]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: foobar1@JUNO.TEST Valid starting Expires Service principal 06/19/2017 18:56:03 06/20/2017 04:56:03 krbtgt/JUNO.TEST@JUNO.TEST renew until 06/26/2017 18:55:57 8. Access samba share using smbclient command [root@vm-idm-017 samba]# smbclient -k -L //vm-idm-017.lab.eng.pnq.redhat.com/share1 session setup failed: NT_STATUS_LOGON_FAILURE Actual results: Unable to access the cifs share and fails with NT_STATUS_LOGON_FAILURE. Expected results: Should be able to access the share. Additional info:
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769
Metadata Update from @jhrozek: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.15.4
Metadata Update from @jhrozek: - Issue priority set to: blocker - Issue tagged with: regression
master:
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Fix did not cause any problem with samba-4.5.10 and samba-4.4.13 therefore squashed "patchset" pushed to:
sssd-1-14:
sssd-1-13:
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769, https://bugzilla.redhat.com/show_bug.cgi?id=1479398 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1462769)
Issue linked to Bugzilla: Bug 1479398
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4487
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.