Ubuntu
gvfs package

Bug #1771943
Comment #13

Comment 13 for bug 1771943

Revision history for this message

piviul (piviul) wrote on 2019-01-31: Re: [Bug 1771943] Re: nautilus accessing samba shares doesn't use cached credentials

#13

Il 31/01/19 14:31, Sebastien Bacher ha scritto:
> Upstream comment
>
> 'SMB backend doesn't use smbc_setOptionUseCCache explicitly in order to
> enable winbind ccache, but it seems that it is enabled by default, at
> least on my system. Please try to obtain the debug log again, but also
> with GVFS_SMB_DEBUG=3.

If I have well understood this is the output:
$ GVFS_DEBUG=1 GVFS_SMB_DEBUG=3 /usr/lib/gvfs/gvfsd -r
smb: g_vfs_backend_smb_init: default workgroup = 'NULL'
smb: Added new job source 0x562f1e60d130 (GVfsBackendSmb)
smb: Queued new job 0x562f1e60e1d0 (GVfsJobMount)
Using netbios name 103NOTE0512.
Using workgroup DOMAIN.
smb: do_mount - URI = smb://server/share
smb: do_mount - try #0
smb: auth_callback - kerberos pass
smb: auth_callback - out: last_user = 'DOMAIN\username', last_domain =
'DOMAIN'
tdb(/var/cache/samba/gencache.tdb): tdb_open_ex: could not open file
/var/cache/samba/gencache.tdb: Permesso negato
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT
SPNEGO login failed: An invalid parameter was passed to a service or
function.
smb: do_mount - [smb://server/share; 0] res = -1, cancelled = 0, errno =
[1] 'Operazione non permessa'
smb: do_mount - after anon, enabling NTLMSSP fallback
smb: do_mount - try #1
smb: auth_callback - normal pass
smb: auth_callback - asking for password...
smb: auth_callback - out: last_user = 'DOMAIN\username', last_domain =
'DOMAIN'
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Server connect ok: //server/share: 0x7f583c026c90
smb: do_mount - [smb://server/share; 1] res = 0, cancelled = 0, errno =
[17] 'File già esistente'
smb: do_mount - login successful
smb: send_reply(0x562f1e60e1d0), failed=0 ()

> The SMB backend is based on libsmbclient, so
> please also verify whether smbclient works and provide its debug log.
> Tentatively something like smbclient //server/share --debuglevel 3
> --kerberos --use-ccache --user ... --workgroup ... should work.'
smbclient wasn't installed... now I have installed it and in effect
doesn't seems to works; this is the output:

$ smbclient //server/share --debuglevel 3 --kerberos --use-ccache --user
DOMAIN\\username --workgroup DOMAIN
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
WARNING: The "syslog" option is deprecated
added interface wlp2s0 ip=192.168.71.226 bcast=192.168.79.255
netmask=255.255.240.0
Client started (version 4.7.6-Ubuntu).
tdb(/var/cache/samba/gencache.tdb): tdb_open_ex: could not open file
/var/cache/samba/gencache.tdb: Permesso negato
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT
SPNEGO login failed: An invalid parameter was passed to a service or
function.
session setup failed: NT_STATUS_INVALID_PARAMETER

but if I remove --kerberos it works!:
$ smbclient //server/share --debuglevel 3 --use-ccache --user
DOMAIN\\username --workgroup DOMAIN
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
WARNING: The "syslog" option is deprecated
added interface wlp2s0 ip=192.168.71.226 bcast=192.168.79.255
netmask=255.255.240.0
Client started (version 4.7.6-Ubuntu).
tdb(/var/cache/samba/gencache.tdb): tdb_open_ex: could not open file
/var/cache/samba/gencache.tdb: Permesso negato
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Try "help" to get a list of possible commands.
smb: \>

...but I have forgot to say that the JOIN is on a samba3 domain: we have
done bingo?

Piviul

Il 31/01/19 14:31, Sebastien Bacher ha scritto:
> Upstream comment
> 
> 'SMB backend doesn't use smbc_setOptionUseCCache explicitly in order to
> enable winbind ccache, but it seems that it is enabled by default, at
> least on my system. Please try to obtain the debug log again, but also
> with GVFS_SMB_DEBUG=3.

If I have well understood this is the output:
$ GVFS_DEBUG=1 GVFS_SMB_DEBUG=3 /usr/lib/gvfs/gvfsd -r
smb: g_vfs_backend_smb_init: default workgroup = 'NULL'
smb: Added new job source 0x562f1e60d130 (GVfsBackendSmb)
smb: Queued new job 0x562f1e60e1d0 (GVfsJobMount)
Using netbios name 103NOTE0512.
Using workgroup DOMAIN.
smb: do_mount - URI = smb://server/share
smb: do_mount - try #0
smb: auth_callback - kerberos pass
smb: auth_callback - out: last_user = 'DOMAIN\username', last_domain = 
'DOMAIN'
tdb(/var/cache/samba/gencache.tdb): tdb_open_ex: could not open file 
/var/cache/samba/gencache.tdb: Permesso negato
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT
SPNEGO login failed: An invalid parameter was passed to a service or 
function.
smb: do_mount - [smb://server/share; 0] res = -1, cancelled = 0, errno = 
[1] 'Operazione non permessa'
smb: do_mount - after anon, enabling NTLMSSP fallback
smb: do_mount - try #1
smb: auth_callback - normal pass
smb: auth_callback - asking for password...
smb: auth_callback - out: last_user = 'DOMAIN\username', last_domain = 
'DOMAIN'
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Server connect ok: //server/share: 0x7f583c026c90
smb: do_mount - [smb://server/share; 1] res = 0, cancelled = 0, errno = 
[17] 'File già esistente'
smb: do_mount - login successful
smb: send_reply(0x562f1e60e1d0), failed=0 ()

$ smbclient //server/share --debuglevel 3 --kerberos --use-ccache --user 
DOMAIN\\username --workgroup DOMAIN
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
WARNING: The "syslog" option is deprecated
added interface wlp2s0 ip=192.168.71.226 bcast=192.168.79.255 
netmask=255.255.240.0
Client started (version 4.7.6-Ubuntu).
tdb(/var/cache/samba/gencache.tdb): tdb_open_ex: could not open file 
/var/cache/samba/gencache.tdb: Permesso negato
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT
SPNEGO login failed: An invalid parameter was passed to a service or 
function.
session setup failed: NT_STATUS_INVALID_PARAMETER

but if I remove --kerberos it works!:
$ smbclient //server/share --debuglevel 3 --use-ccache --user 
DOMAIN\\username --workgroup DOMAIN
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
WARNING: The "syslog" option is deprecated
added interface wlp2s0 ip=192.168.71.226 bcast=192.168.79.255 
netmask=255.255.240.0
Client started (version 4.7.6-Ubuntu).
tdb(/var/cache/samba/gencache.tdb): tdb_open_ex: could not open file 
/var/cache/samba/gencache.tdb: Permesso negato
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
Connecting to 192.168.70.5 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Try "help" to get a list of possible commands.
smb: \>

...but I have forgot to say that the JOIN is on a samba3 domain: we have 
done bingo?

Piviul

Ubuntugvfs package

Comment 13 for bug 1771943

Ubuntu
gvfs package