SSSD / sssd

Clone

#3461 unable to access cifs share using sssd-libwbclient
Closed: Fixed 5 years ago Opened 6 years ago by jhrozek.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1462769

Description of problem:

Unable to access cifs share using sssd-libwbclient. When accessing the share
the following error is seen:


[root@vm-idm-017 samba]# smbclient -k -L
//vm-idm-017.lab.eng.pnq.redhat.com/share1
session setup failed: NT_STATUS_LOGON_FAILURE



Version-Release number of selected component (if applicable):

sssd-krb5-common-1.15.2-48.el7.x86_64
sssd-ldap-1.15.2-48.el7.x86_64
python-sssdconfig-1.15.2-48.el7.noarch
sssd-common-1.15.2-48.el7.x86_64
sssd-common-pac-1.15.2-48.el7.x86_64
sssd-ad-1.15.2-48.el7.x86_64
sssd-krb5-1.15.2-48.el7.x86_64
sssd-1.15.2-48.el7.x86_64
sssd-libwbclient-1.15.2-48.el7.x86_64
sssd-client-1.15.2-48.el7.x86_64
sssd-ipa-1.15.2-48.el7.x86_64
sssd-proxy-1.15.2-48.el7.x86_64


How reproducible:


Steps to Reproduce:
1. On RHEL7.4 system install sssd samba realmd cifs-utils packages
krb5-workstation

2. Join the system to Windows AD using realm command
realm join -v JUNO.TEST -U administrator

[sssd]
domains = juno.test
config_file_version = 2
services = nss, pam

[domain/juno.test]
ad_domain = juno.test
krb5_realm = JUNO.TEST
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad

3. Start sssd service

4.configure smb.conf to provide a share "share1"

[global]
workgroup = JUNO
netbios name = vm-idm-017
realm = JUNO.TEST
security = ads
kerberos method = system keytab
ntlm auth = no
load printers = no
printing = bsd
log file = /var/log/samba/log.%m
max log size = 500
log level = 50
map acl inherit = Yes
store dos attributes = Yes

[share1]
path = /mnt/samba/share1
comment = test share1
writable = yes
printable = no

5. Install sssd-libwbclient

sssd-libwbclient-1.15.2-48.el7.x86_64


6. Check alternatives

[root@vm-idm-017 samba]# alternatives --list
libnssckbi.so.x86_64    auto    /usr/lib64/pkcs11/p11-kit-trust.so
pax     auto    /usr/bin/spax
ld      auto    /usr/bin/ld.bfd
print   auto    /usr/bin/lpr.cups
mta     auto    /usr/sbin/sendmail.sendmail
emacs.etags     auto    /usr/bin/etags.emacs
emacs   auto    /usr/bin/emacs-24.3
cifs-idmap-plugin       auto    /usr/lib64/cifs-utils/cifs_idmap_sss.so
libwbclient.so.0.13-64  auto    /usr/lib64/sssd/modules/libwbclient.so.0.13.0
cups_backend_smb        auto    /usr/bin/smbspool


7. Do kinit as ad user

[root@vm-idm-017 samba]# kinit foobar1
Password for foobar1@JUNO.TEST:
[root@vm-idm-017 samba]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: foobar1@JUNO.TEST

Valid starting       Expires              Service principal
06/19/2017 18:56:03  06/20/2017 04:56:03  krbtgt/JUNO.TEST@JUNO.TEST
        renew until 06/26/2017 18:55:57


8. Access samba share using smbclient command
[root@vm-idm-017 samba]# smbclient -k -L
//vm-idm-017.lab.eng.pnq.redhat.com/share1
session setup failed: NT_STATUS_LOGON_FAILURE



Actual results:

Unable to access the cifs share and fails with NT_STATUS_LOGON_FAILURE.

Expected results:

Should be able to access the share.

Additional info:

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769
6 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769
6 years ago

Metadata Update from @jhrozek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.15.4
6 years ago

Metadata Update from @jhrozek:
- Issue priority set to: blocker
- Issue tagged with: regression
6 years ago

master:
Edited 5 years ago by lslebodn

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Fix did not cause any problem with samba-4.5.10 and samba-4.4.13
therefore squashed "patchset" pushed to:

sssd-1-14:

sssd-1-13:

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769, https://bugzilla.redhat.com/show_bug.cgi?id=1479398 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1462769)
5 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1462769, https://bugzilla.redhat.com/show_bug.cgi?id=1479398 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1462769)
5 years ago

Issue linked to Bugzilla: Bug 1479398

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15.4)
5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4487

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata

regression

None
None
blocker
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1462769, https://bugzilla.redhat.com/show_bug.cgi?id=1479398
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.