Bug ID 1105993
Summary Authentication broken for w2k-client when using samba as Member-Server in AD-Environment
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware x86-64
OS SUSE Other
Status NEW
Severity Normal
Priority P5 - None
Component Samba
Assignee samba-maintainers@SuSE.de
Reporter edv@brand-ladenbau.de
QA Contact samba-maintainers@SuSE.de
Found By ---
Blocker --- 

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0
Build Identifier: 

smbd-log:
switch message SMBsesssetupX (pid 6383) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Security token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
change_to_root_user: now uid=(0,0) gid=(0,0)
wct=12 flg2=0xc807
Doing spnego session setup
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
dbwrap_lock_order_lock: check lock order 1 for
/usr/local/samba/var/lock/smbXsrv_session_global.tdb
dbwrap_lock_order_unlock: release lock order 1 for
/usr/local/samba/var/lock/smbXsrv_session_global.
tdb
Making default auth method list for server role = 'domain member'
load_auth_module: Attempting to find an auth method to match guest
load_auth_module: auth method guest has a valid init
load_auth_module: Attempting to find an auth method to match sam
load_auth_module: auth method sam has a valid init
load_auth_module: Attempting to find an auth method to match winbind
load_auth_module: auth method winbind has a valid init
load_auth_module: Attempting to find an auth method to match sam_ignoredomain
load_auth_module: auth method sam_ignoredomain has a valid init
Starting GENSEC mechanism spnego
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Security token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
Starting GENSEC submechanism gse_krb5
gss_accept_sec_context failed with [Unspecified GSS failure.  Minor code may
provide more informatio
n: Encryption type not permitted]

Reproducible: Always

Steps to Reproduce:
1.Install samba from Distribution or samba-Repository (actual V4.8.4)
2.net ads join ...
3.try to access share from w2k-machine (net use x: \\samba-server\share -u
validdomain\validuser)

Actual Results:  
System Error 1450, not enough system resources available...

Expected Results:  
Connection to share successful

when samba 4.8.4 is configured without mitkrb5, it works as expected.

You are receiving this mail because: