Ubuntu
likewise-open package

lwiod: GSS-API error calling gss_accept_sec_context

Bug #575021 reported by Victor Chong
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
likewise-open (Ubuntu)
Confirmed
Undecided
Gerald Carter
Nominated for Lucid by Didier Fort

Bug Description

Binary package hint: likewise-open

Description: Ubuntu 10.04 LTS
Release: 10.04
Installed: 5.4.0.42111-2ubuntu1

[Expected]
Active Directory user (a domain administrator) allowed to access shares on Ubuntu host and configure new shares using Windows "Computer Management" snap-in.

[What happened]
Fresh installation of Ubuntu 10.04 LTS Server 32-bit. Successfully joined machine to domain. Trying to use the Likewise-Open CIFS server (instead of Samba). Started lwiod (aka srvsvc) by invoking: "lwsm start srvsvc". Can't access CIFS server: no logins accepted. Verified that users exist ("id DOMAIN\\username" returns uid and group AD membership).

Error messages from syslog:

May 4 02:51:40 hostname lwiod[13897]: 0xa5bd8b70:GSS-API error calling gss_accept_sec_context: 851968 (Unspecified GSS failure. Minor code may provide more information)
May 4 02:51:40 hostname lwiod[13897]: 0xa5bd8b70:GSS-API error calling gss_accept_sec_context: 100003 ()
May 4 02:51:40 hostname lwiod[13897]: 0xa4bd6b70:GSS-API error calling gss_accept_sec_context: 851968 (Unspecified GSS failure. Minor code may provide more information)
May 4 02:51:40 hostname lwiod[13897]: 0xa4bd6b70:GSS-API error calling gss_accept_sec_context: 100003 ()
...
repeats 5 or 6 times

When attempting to create / manage shares using Windows' "Computer Management" snap-in, receive error message:

"You do not have permissions to see the list of shares for Windows clients."

Thanks,

Victor

Revision history for this message
Victor Chong (ragamofyn) wrote :
Download full text (5.0 KiB)

Additional information (after setting debug level to "trace"):

May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvListenerMain() listener.c:322] Handling client from [172.16.0.31]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvConnectionReadMessage() srvconnection.c:449] Error at srvconnection.c:449 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvConnectionReadPacket() srvconnection.c:146] Error at srvconnection.c:146 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvSocketReaderReadMessage() reader.c:120] Error at reader.c:120 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvConnectionReadMessage() srvconnection.c:449] Error at srvconnection.c:449 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvConnectionReadPacket() srvconnection.c:146] Error at srvconnection.c:146 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvSocketReaderReadMessage() reader.c:120] Error at reader.c:120 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[SrvProtocolExecute_SMB_V1() libmain.c:185] Executing command [SMB1_SESSION_SETUP:115]
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[SrvSetDefaultKrb5CachePath() srvgss.c:1146] Cache path set to [MEMORY:lwio_krb5_cc]
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[srv_display_status_1() srvgss.c:951] GSS-API error calling gss_init_sec_context: 1 (The routine must be called again to complete its function)
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[SrvSetDefaultKrb5CachePath() srvgss.c:1146] Cache path set to [FILE:/tmp/krb5cc_0]
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[srv_display_status_1() srvgss.c:958] GSS-API error calling gss_accept_sec_context: 851968 (Unspecified GSS failure. Minor code may provide more information)
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[srv_display_status_1() srvgss.c:958] GSS-API error calling gss_accept_sec_context: 100003 ()
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[SrvGssNegotiate() srvgss.c:439] Error at srvgss.c:439 [status: STATUS_LOGON_FAILURE = 0xC000006D (-1073741715)]
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[SrvMarshallSessionSetupResponse() sessionsetup.c:304] Error at sessionsetup.c:304 [status: STATUS_LOGON_FAILURE = 0xC000006D (-1073741715)]
May 6 01:18:42 localhost lwiod[3108]: 0x9f0f6b70:[SrvProcessSessionSetup() sessionsetup.c:98] Error at sessionsetup.c:98 [status: STATUS_LOGON_FAILURE = 0xC000006D (-1073741715)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvConnectionReadMessage() srvconnection.c:449] Error at srvconnection.c:449 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvConnectionReadPacket() srvconnection.c:146] Error at srvconnection.c:146 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 localhost lwiod[3108]: 0xa8705b70:[SrvSocketReaderReadMessage() reader.c:120] Error at reader.c:120 [status: STATUS_PENDING = 0x00000103 (259)]
May 6 01:18:42 loca...

Read more...

Revision history for this message
Victor Chong (ragamofyn) wrote :

Confirmed that bug still exists in latest PPA build available (5.4.0.42111-3~ppa5~lucid).

Revision history for this message
Gerald Carter (coffeedude.jerry) wrote :

Sorry. Have not had a chance to look at this one yet. I expect it may have to do with the hss-ntlm mech and the system kerberos libs.

Changed in likewise-open (Ubuntu):
assignee: nobody → Gerald Carter (coffeedude.jerry)
Revision history for this message
Juergen Pfeifer (harmonicspace) wrote :

I've the same problem using the latest PPA build. I try to avoid Samba and winbind in favour of Likewise, but that's really hard at the moment given all these little devils sitting in the details of Likewise. Likewise appears to be a great concept, but mediocre engineering.

Revision history for this message
Gerald Carter (coffeedude.jerry) wrote :

Jeurgen, apologies for your experience. I've been a bit busy. If you are really interested in evaluating Likewise-CIFS, my suggestion it to pull the latest "master" branch from git://git.likewiseopen.org/likewise-open.git and run "build/mkcomp all && build/mkpkg cifs". That will generate a likewise-open-cifs package that you can install and experiment with. if you have questions, please email me directly and I'll do what I can to help.

The issues you are seeing in the likewise-open-server package are just packaging issues and not engineering issues IMO.

In the next 30 days, I will hopefully start generating likewise-open 6.0 packages for the PPA that work around some of the krb5 system libraries issues that are making our gss-ntlm sad. For better or worse, my focus on the likewise-open packages in Lucid focused on upgrades from previous releases and making the authentication support solid for desktops and servers.

Changed in likewise-open (Ubuntu):
status: New → Confirmed
Revision history for this message
Juergen Pfeifer (harmonicspace) wrote :

Ok, I got the git repository and did the build, resulting in package likewise-open-cifs versíon 5.5.0.44355-1 and basically all now works as expected:-)

I had to use the lwnet commandline tool to export SMB shares, using the Windows "manage computer" GUI doesn't work, just brings up a dialog telling me to wait for a connection, and this dialog never comes back... (looks like same race condition; when I shutdown the Server while still on the Windows box in this dialog, the dialog then continues, but then the tool becomes unusable because the Server is really going down).

Revision history for this message
Victor Chong (ragamofyn) wrote :

I'm glad that you were able to get your package build, Juergen -- you've had more success than me!

I believe I installed all the requisite packages and attempted build several times, but I keep getting hung up at this point:

acf_l.l:48:52: error: acf_y.h: No such file or directory
acf_l.l:63: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before âacf_yylvalâ

There's a whole bunch of these errors and they are quite strange because of the special characters. Maybe some sort of termcap issue?

Did you install any support packages aside from those listed in the branch's README?

Thanks,

Victor

Revision history for this message
Juergen Pfeifer (harmonicspace) wrote :

Looks like you don't have bison and flex installed

Revision history for this message
Juergen Pfeifer (harmonicspace) wrote :

I was a bit to optimistic in claiming "all works as expected now". I can access a Likewise-CIFS provided share from Windows, but only read operations work. Anytime I try a write operation (create file, change attributes etc.) I get an "function not implemented" error. I'm not sure whether this is intentional or based on some misconfiguration. The share is provided with read+write rights and my account has write permission.

Revision history for this message
Victor Chong (ragamofyn) wrote :

Thanks for that note, Juergen. I thought I had both bison and flex installed when last tried the build, but I'll double-check and try again.

Re: the write problem, could it be an issue with the ACL support? I hope to get my packaged compiled so I can help the diagnosis!

Revision history for this message
Gerald Carter (coffeedude.jerry) wrote :

It might make more sense to take this to either the likewise-open-discuss ml on lists.likewiseopen.org or to the forums on likewise.com. Just send me a link to the discussion if you do.

Nicolas Maillefer (nicolas-maillefer-yahoo-deactivatedaccount)
Changed in likewise-open (Ubuntu):
status: Confirmed → Fix Committed
status: Fix Committed → Confirmed
Revision history for this message
Ben Andken (bandken-t) wrote :

I am having the same issue here. How do I get whatever was fixed?

Is the source for versíon 5.5.0.44355-1 available anywhere? The links for the repository don't exist anymore.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.