#3461 unable to access cifs share using sssd-libwbclient
Closed: Fixed 2 years ago Opened 2 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1462769

Description of problem:

Unable to access cifs share using sssd-libwbclient. When accessing the share
the following error is seen:


[root@vm-idm-017 samba]# smbclient -k -L
//vm-idm-017.lab.eng.pnq.redhat.com/share1
session setup failed: NT_STATUS_LOGON_FAILURE



Version-Release number of selected component (if applicable):

sssd-krb5-common-1.15.2-48.el7.x86_64
sssd-ldap-1.15.2-48.el7.x86_64
python-sssdconfig-1.15.2-48.el7.noarch
sssd-common-1.15.2-48.el7.x86_64
sssd-common-pac-1.15.2-48.el7.x86_64
sssd-ad-1.15.2-48.el7.x86_64
sssd-krb5-1.15.2-48.el7.x86_64
sssd-1.15.2-48.el7.x86_64
sssd-libwbclient-1.15.2-48.el7.x86_64
sssd-client-1.15.2-48.el7.x86_64
sssd-ipa-1.15.2-48.el7.x86_64
sssd-proxy-1.15.2-48.el7.x86_64


How reproducible:


Steps to Reproduce:
1. On RHEL7.4 system install sssd samba realmd cifs-utils packages
krb5-workstation

2. Join the system to Windows AD using realm command
realm join -v JUNO.TEST -U administrator

[sssd]
domains = juno.test
config_file_version = 2
services = nss, pam

[domain/juno.test]
ad_domain = juno.test
krb5_realm = JUNO.TEST
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad

3. Start sssd service

4.configure smb.conf to provide a share "share1"

[global]
workgroup = JUNO
netbios name = vm-idm-017
realm = JUNO.TEST
security = ads
kerberos method = system keytab
ntlm auth = no
load printers = no
printing = bsd
log file = /var/log/samba/log.%m
max log size = 500
log level = 50
map acl inherit = Yes
store dos attributes = Yes

[share1]
path = /mnt/samba/share1
comment = test share1
writable = yes
printable = no

5. Install sssd-libwbclient

sssd-libwbclient-1.15.2-48.el7.x86_64


6. Check alternatives

[root@vm-idm-017 samba]# alternatives --list
libnssckbi.so.x86_64    auto    /usr/lib64/pkcs11/p11-kit-trust.so
pax     auto    /usr/bin/spax
ld      auto    /usr/bin/ld.bfd
print   auto    /usr/bin/lpr.cups
mta     auto    /usr/sbin/sendmail.sendmail
emacs.etags     auto    /usr/bin/etags.emacs
emacs   auto    /usr/bin/emacs-24.3
cifs-idmap-plugin       auto    /usr/lib64/cifs-utils/cifs_idmap_sss.so
libwbclient.so.0.13-64  auto    /usr/lib64/sssd/modules/libwbclient.so.0.13.0
cups_backend_smb        auto    /usr/bin/smbspool


7. Do kinit as ad user

[root@vm-idm-017 samba]# kinit foobar1
Password for foobar1@JUNO.TEST:
[root@vm-idm-017 samba]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: foobar1@JUNO.TEST

Valid starting       Expires              Service principal
06/19/2017 18:56:03  06/20/2017 04:56:03  krbtgt/JUNO.TEST@JUNO.TEST
        renew until 06/26/2017 18:55:57


8. Access samba share using smbclient command
[root@vm-idm-017 samba]# smbclient -k -L
//vm-idm-017.lab.eng.pnq.redhat.com/share1
session setup failed: NT_STATUS_LOGON_FAILURE



Actual results:

Unable to access the cifs share and fails with NT_STATUS_LOGON_FAILURE.

Expected results:

Should be able to access the share.

Additional info:

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769

2 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769

2 years ago

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.15.4

2 years ago

Metadata Update from @jhrozek:
- Issue priority set to: blocker
- Issue tagged with: regression

2 years ago

master:

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Fix did not cause any problem with samba-4.5.10 and samba-4.4.13
therefore squashed "patchset" pushed to:

sssd-1-14:

sssd-1-13:

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)

2 years ago

Login to comment on this ticket.

Metadata