Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / mount.cifs of SAMBA share Fail by using Kerberos
« on: January 05, 2014, 08:10:32 pm »
Hi guys,
I'm using Zentyal 3.3, updated from Zentyal 3.2 configured as a Domain Controller
By using the module "File Sharing and Domain Services", I have created a share "myshare" folder with rw permission for my yser "myuser".
In order to mount the share in an ubuntu client, I use the following command:
but as a result I have obtained the following error:
By checking the log "syslog", the error is generated by cifs.upcall when it tries to get the kerberos ticket. Here below the syslog:
More in detail, the kerberos error (-1765328377) is defined as "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" and it means "Server not found in Kerberos database".
In order to mount some network unit after the login of the user in a client, I adopted this solution starting Zentyal 3.0 by using the mount.cifs in a script that it is executed after the login. After the upgrade of the Zentyal server to the version 3.2 and after 3.3, this solution didn't work.
Do you know this problem and a possible solution?
Differently, can you suggest a different way to mount network units after the login of the user in an ubuntu client? The most important thing is that each network units have to be mounted with the privilege of the user because each users has different privileges on the units.
For windows clients, I use the command "net use ..." and I need a similiar solution for ubuntu clients.
Thanks a lot
I'm using Zentyal 3.3, updated from Zentyal 3.2 configured as a Domain Controller
By using the module "File Sharing and Domain Services", I have created a share "myshare" folder with rw permission for my yser "myuser".
In order to mount the share in an ubuntu client, I use the following command:
Code: [Select]
sudo mount.cifs //mydc.mydomain/myshare /tmp/myshare -o user=myuser,sec=krb5,cruid=myuid,cifsacl,fsc --verbose
but as a result I have obtained the following error:
Code: [Select]
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
By checking the log "syslog", the error is generated by cifs.upcall when it tries to get the kerberos ticket. Here below the syslog:
Code: [Select]
key description: cifs.spnego;0;0;39010000;ver=0x2;host=myhost;ip4=192.168.123.245;sec=krb5;uid=0x0;creduid=0x2dc6ef;user=myuser;pid=0x164f
cifs.upcall: ver=2
cifs.upcall: host=myhost
cifs.upcall: ip=192.168.123.245
cifs.upcall: sec=1
cifs.upcall: uid=0
cifs.upcall: creduid=3000047
cifs.upcall: user=myuser
cifs.upcall: pid=5711
cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_3000047_LptXXy
cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_3000047_LptXXy is valid ccache
cifs.upcall: handle_krb5_mech: getting service ticket for myhost
cifs.upcall: cifs_krb5_get_req: unable to get credentials for myhost
cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
kernel: [25707.318586] CIFS VFS: Send error in SessSetup = -126
kernel: [25707.318736] CIFS VFS: cifs_mount failed w/return code = -126
More in detail, the kerberos error (-1765328377) is defined as "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" and it means "Server not found in Kerberos database".
In order to mount some network unit after the login of the user in a client, I adopted this solution starting Zentyal 3.0 by using the mount.cifs in a script that it is executed after the login. After the upgrade of the Zentyal server to the version 3.2 and after 3.3, this solution didn't work.
Do you know this problem and a possible solution?
Differently, can you suggest a different way to mount network units after the login of the user in an ubuntu client? The most important thing is that each network units have to be mounted with the privilege of the user because each users has different privileges on the units.
For windows clients, I use the command "net use ..." and I need a similiar solution for ubuntu clients.
Thanks a lot
2
Installation and Upgrades / [SOLVED] SAMBA Error On Activation+SAMBA DNS Update Fail+Join a Win client Fail
« on: November 24, 2013, 03:16:57 pm »
Hi,
I set up a new installation of Zentyal 3.2 by formatting the old Zentyal 3.0 (that was working perfectly)
I have set uo a domain by installing and configuring the DNS Service and Users and Computers modules without detect any problems. Everything work as expected after the update of the DNS Service to the new version 3.2.4.
After, I have installed and configured the "File Sharing and Domain Services" (by defining also one shared folder) but, when I have tried to activate it, I have obtained the following error:
Here below, there is the log "zentyal.log" generated after the attempt to enable the module:
and here below the log "/var/log/samba/samba.log"
By checking the log files, it seems that there are two different problems:
- The SMB server doesn't work as expected because the SMBclient is not able to contact by SAMBA share "/mnt/DataStorage"
- The integration of the DNS with SAMBA doesn't work.
Supporting the second point, I tested the DNS configuration with the following command:
dig _kerberos._udp.mydomain srv
Before activating the "File Sharing and Domain Services", the answer of this command has been the following:
;; ANSWER SECTION:
_kpasswd._tcp.mydomain. 900 IN SRV 100 100 8464 myserver.mydomain.
After the activation of the "File Sharing and Domain Services", the answer of the command has been the following:
;; ANSWER SECTION:
_kpasswd._tcp.mydomain. 900 IN SRV 0 100 464 myserver.mydomain.
The test result indicates that, after the activation of the "File Sharing and Domain Services", the DNS loses his configuration (it is different of the configuration indicates in the relevant section of the DNS module configuration).
These problems are present from the first official release of the Zentyal 3.2, and although the high number of upgrade for the Samba module, this problem still unsolved.
In addition, by trying to join a windows client in the domain (both windows XP and Windows 7), after the request of specify an administrator user of the domain, windows generates the following error:
I can confirm that with zentyal 3.0, the same configuration was working properly before I decide to upgrade the server with zentyal 3.2 starting from scratch.
I already open also a tiket about this issue but I hope that some of you can help me to bypass this problem to come back up with my nework. Now, everthing is down.
Installed Components:
- Backup 3.2
- Certification Authority 3.2
- Common Library 3.2.1
- Core 3.2.4
- DNS Service 3.2.4
- FTP 3.2.1
- File Sharing and Domain Services 3.2.9
- Firewall 3.2
- NTP Service 3.2
- Network Configuration 3.2.3
- Network Objects 3.2
- Network Services 3.2
- Software Management 3.2.1
- Users and Computers 3.2.3
- VPN Service 3.2.1
I set up a new installation of Zentyal 3.2 by formatting the old Zentyal 3.0 (that was working perfectly)
I have set uo a domain by installing and configuring the DNS Service and Users and Computers modules without detect any problems. Everything work as expected after the update of the DNS Service to the new version 3.2.4.
After, I have installed and configured the "File Sharing and Domain Services" (by defining also one shared folder) but, when I have tried to activate it, I have obtained the following error:
Quote
Some modules reported error when saving changes . More information on the logs in /var/log/zentyal/
Error connecting with SMB server after 10 tries."
Here below, there is the log "zentyal.log" generated after the attempt to enable the module:
Quote
2013/11/18 03:16:41 INFO> Base.pm:1078 EBox::Module::Base::__ANON__ - Using custom template for /etc/krb5.conf: /etc/zentyal/stubs/users/krb5.conf.mas
2013/11/18 03:16:48 INFO> GlobalImpl.pm:617 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2013/11/18 03:16:48 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: firewall
2013/11/18 03:16:49 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2013/11/18 03:16:53 ERROR> Sudo.pm:231 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15 failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2 at /usr/share/perl5/Error.pm line 182
Error::throw('EBox::Exceptions::Sudo::Command', 'cmd', 'nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15', 'output', 'ARRAY(0x5f3be38)', 'error', 'ARRAY(0x1ed3018)', 'exitValue', 2, ...) called at /usr/share/perl5/EBox/Sudo.pm line 231
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/_bVSY0gX9S.cmd 2>...', 'nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15', 512, 'ARRAY(0x5f3be38)', 'ARRAY(0x1ed3018)') called at /usr/share/perl5/EBox/Sudo.pm line 201
EBox::Sudo::_root(1, 'nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15') called at /usr/share/perl5/EBox/Sudo.pm line 152
EBox::Sudo::root('nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15') called at /usr/share/perl5/EBox/DNS.pm line 1582
EBox::DNS::_launchNSupdate('EBox::DNS=HASH(0x3f94ed0)', 'File::Temp=GLOB(0x5fac408)') called at /usr/share/perl5/EBox/DNS.pm line 1553
EBox::DNS::_updateDynDirectZone('EBox::DNS=HASH(0x3f94ed0)', 'HASH(0x5f14f98)') called at /usr/share/perl5/EBox/DNS.pm line 767
EBox::DNS::_setConf('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/Module/Service.pm line 961
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/Module/Base.pm line 232
EBox::Module::Base::save('EBox::DNS=HASH(0x3f94ed0)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 654
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x31a7b48)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x31a4c78)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/zentyal/global-action line 36
2013/11/18 03:16:53 ERROR> DNS.pm:1585 EBox::DNS::__ANON__ - nsupdate error: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/iGtEuVOl15 failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2013/11/18 03:16:54 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2013/11/18 03:16:59 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: samba
2013/11/18 03:16:59 INFO> Base.pm:1078 EBox::Module::Base::__ANON__ - Using custom template for /etc/samba/smb.conf: /etc/zentyal/stubs/samba/smb.conf.mas
2013/11/18 03:17:00 INFO> Samba.pm:249 EBox::Samba::_postServiceHook - Setting roaming profiles...
2013/11/18 03:17:01 INFO> Samba.pm:302 EBox::Samba::_postServiceHook - Applying new permissions to the share 'DataStorage'...
2013/11/18 03:17:02 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (1 attempts)
2013/11/18 03:17:03 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (2 attempts)
2013/11/18 03:17:04 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (3 attempts)
2013/11/18 03:17:05 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (4 attempts)
2013/11/18 03:17:06 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (5 attempts)
2013/11/18 03:17:07 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (6 attempts)
2013/11/18 03:17:08 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (7 attempts)
2013/11/18 03:17:09 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (8 attempts)
2013/11/18 03:17:10 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (9 attempts)
2013/11/18 03:17:11 WARN> SmbClient.pm:68 EBox::Samba::SmbClient::__ANON__ - Error connecting with SMB server: Failed to connect: NT_STATUS_INVALID_PARAMETER at /usr/share/perl5/EBox/Samba/SmbClient.pm line 61.
, retrying (10 attempts)
2013/11/18 03:17:12 DEBUG> SmbClient.pm:72 EBox::Samba::SmbClient::new - Error connecting with SMB server after 10 tries. at /usr/share/perl5/EBox/Samba/SmbClient.pm line 72
EBox::Samba::SmbClient::new('EBox::Samba::SmbClient', 'target', 'bravo-server.retebravo.local', 'service', 'DataStorage', 'RID', 500) called at /usr/share/perl5/EBox/Samba.pm line 304
EBox::Samba::_postServiceHook('EBox::Samba=HASH(0x446a648)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 969
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x446a648)') called at /usr/share/perl5/EBox/Module/Base.pm line 232
EBox::Module::Base::save('EBox::Samba=HASH(0x446a648)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 654
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x31a7b48)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x31a4c78)', 'progress', 'EBox::ProgressIndicator=HASH(0x16417b8)') called at /usr/share/zentyal/global-action line 36
and here below the log "/var/log/samba/samba.log"
Quote
[2013/11/18 03:16:59.731622, 0] ../source4/smbd/server.c:370(binary_smbd_main)
samba version 4.1.1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
[2013/11/18 03:16:59.981793, 0] ../source4/smbd/server.c:492(binary_smbd_main)
samba: using 'standard' process model
[2013/11/18 03:17:20.072581, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT
By checking the log files, it seems that there are two different problems:
- The SMB server doesn't work as expected because the SMBclient is not able to contact by SAMBA share "/mnt/DataStorage"
- The integration of the DNS with SAMBA doesn't work.
Supporting the second point, I tested the DNS configuration with the following command:
dig _kerberos._udp.mydomain srv
Before activating the "File Sharing and Domain Services", the answer of this command has been the following:
;; ANSWER SECTION:
_kpasswd._tcp.mydomain. 900 IN SRV 100 100 8464 myserver.mydomain.
After the activation of the "File Sharing and Domain Services", the answer of the command has been the following:
;; ANSWER SECTION:
_kpasswd._tcp.mydomain. 900 IN SRV 0 100 464 myserver.mydomain.
The test result indicates that, after the activation of the "File Sharing and Domain Services", the DNS loses his configuration (it is different of the configuration indicates in the relevant section of the DNS module configuration).
These problems are present from the first official release of the Zentyal 3.2, and although the high number of upgrade for the Samba module, this problem still unsolved.
In addition, by trying to join a windows client in the domain (both windows XP and Windows 7), after the request of specify an administrator user of the domain, windows generates the following error:
Quote
During the adding of this computer to the domain, the following error is occurred:
The specified network name is no longer available
I can confirm that with zentyal 3.0, the same configuration was working properly before I decide to upgrade the server with zentyal 3.2 starting from scratch.
I already open also a tiket about this issue but I hope that some of you can help me to bypass this problem to come back up with my nework. Now, everthing is down.
Installed Components:
- Backup 3.2
- Certification Authority 3.2
- Common Library 3.2.1
- Core 3.2.4
- DNS Service 3.2.4
- FTP 3.2.1
- File Sharing and Domain Services 3.2.9
- Firewall 3.2
- NTP Service 3.2
- Network Configuration 3.2.3
- Network Objects 3.2
- Network Services 3.2
- Software Management 3.2.1
- Users and Computers 3.2.3
- VPN Service 3.2.1
3
Installation and Upgrades / Problem when I try to enable the module "Users and Groups" - Zentyal Server 2.1
« on: March 13, 2011, 06:09:41 pm »
Hello guys,
when I try to enable the module "Users and Groups", the following error occurs:
I set the "User and Groups" Mode as Master domain and the DN as the following:
"dc=myserver,dc=mydomain,dc=local"
If I try to restart the slapd service, I'm able to enable the module, but when I try to "Save Changes", another error occurs ( the first error is the same: Can't bind the LDAP Server). After this error, the "Users and Groups" under office topic, presents all choices as the module is enable, but when I try to enter in Users or Groups, the same error occurs... To repair this situation, I have to run the following script:
'/usr/share/zentyal-users/reinstall'
When I re-try to active the module, I have the same situation that I had described .
Do you have some ideas to solve this problem?
I have the same situation with the last version of zentyal server 2.0.
Thanks
when I try to enable the module "Users and Groups", the following error occurs:
Code: [Select]
Sorry, an unexpected error has ocurred
Failed to enable: Couldn't bind to LDAP server, result code: 34
To show technical details click here.
Trace
Failed to enable: Couldn't bind to LDAP server, result code: 34 at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74
EBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x7f...') called at /usr/share/perl5/EBox/CGI/Base.pm line 254
EBox::CGI::Base::run('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x7f...') called at /usr/share/perl5/EBox/CGI/Run.pm line 119
EBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/zentyal/cgi/ebox.cgi line 35
ModPerl::ROOT::ModPerl::Registry::usr_share_zentyal_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x7f527d8c38f8)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x7f527d8caaa0)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x7f527d8caaa0)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x7f527d8c38f8)') called at -e line 0
eval {...} called at -e line 0
I set the "User and Groups" Mode as Master domain and the DN as the following:
"dc=myserver,dc=mydomain,dc=local"
If I try to restart the slapd service, I'm able to enable the module, but when I try to "Save Changes", another error occurs ( the first error is the same: Can't bind the LDAP Server). After this error, the "Users and Groups" under office topic, presents all choices as the module is enable, but when I try to enter in Users or Groups, the same error occurs... To repair this situation, I have to run the following script:
'/usr/share/zentyal-users/reinstall'
When I re-try to active the module, I have the same situation that I had described .
Do you have some ideas to solve this problem?
I have the same situation with the last version of zentyal server 2.0.
Thanks
Pages: [1]