Linux – Windows 7 Samba issue

linuxredhatsambawindows 7

We have a strange samba issue affecting only one user. Our samba setup is as follow :

Red Hat Enterprise Linux Server release 5.4 (Tikanga) – Samba Server

Samba version 3.0.33-3.14.el5 – Samba version

Domain Controller WIN2008R2 Standard – Windows DC

Windows 7 64 bit – Client PCs

User mentioned that he faced this problem after he force shutdown his PC few weeks ago. By right, for all users when we access \\sambaservername in windows it will show all the shares in the samba server but for this user once he startup his PC he will not be able to access \\sambaservername, Error message

Windows cannot access \\sambaservername

Current workaround to solve the problem :

Try to access one share in \\sambaservername for instance \\sambaservername\sharedfolder1. But even when doing so, it will first prompt an error in the beginning, error message is as follows

Logon failure: unknown user name or bad password.

user need to enter the credentials again and he can access the share. Thereafter, he will be able to access \\sambaservername without any issues. But once he reboots his computer the problem will persists.

Troubleshooting done so far:

  1. Ensure the following settings:

    Go to: Control Panel → Administrative Tools → Local Security Policy
    Select: Local Policies → Security Options

    "Network security: LAN Manager authentication level" → Send LM & NTLM responses
    "Minimum session security for NTLM SSP" → uncheck: Require 128-bit encryption

  2. Advise user to reset his password and try again but problem still persists

  3. Tried my account on users' PC, there is no issues. Tried user account on serveral other Windows 7 PC including mine but problem still persists. Windows XP does not have this problem.

  4. Ensure that there is no stored crendentials on the windows 7 PC. Checked the credentials manager in Control Panel as well as typing this command rundll32.exe keymgr.dll, KRShowKeyMgr

  5. Restart winbindd daemon on samba server but to no avail.

I suspect this is due to some caching issue but not sure where is the issue. Whenever the user has error accessing \\sambaservername, the following errors will be logged in the samba server :

[2012/10/10 17:10:26, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2012/10/10 17:10:27, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

But after workaround, there will be no more errors. I suspect after reading the article listed below some amendments need to be made to the \var\samba\cache directory :

There are several users using the samba server and i would like to solve this problem without any impacts.

I saw the following article :

"winbind offline logon (G)
This parameter is designed to control whether Winbind should allow to login with the pam_winbind module using Cached Credentials. If enabled, winbindd will store user credentials from successful logins encrypted in a local cache.

Default: winbind offline logon = false

Example: winbind offline logon = true "

Any idea on how to delete the entry for one user in the local cache ?

Best Answer

I'm not sure if the nbtstat -R command (which "purges and reloads the remote cache name table.") or the nbtstat -RR one (which "sends name release packets to WINs and then starts Refresh.") can do anything to enforce the kind of refresh you are looking for...

If you want to check out the manual, look here..