After Yum Upgrade - Shares no more accessible

NethServer Version: NethServer release 7.6.1810 (final)
Module: Backup, File Server

Hi Everyone,
yesterday from console I upgraded my fileserver as usual with a yum update.
These packages need to be installed/upgraded:

Installing:
kernel x86_64 3.10.0-957.27.2.el7 ce-updates
Updating:
bind-libs x86_64 32:9.9.4-74.el7_6.2 ce-updates
bind-libs-lite x86_64 32:9.9.4-74.el7_6.2 ce-updates
bind-license noarch 32:9.9.4-74.el7_6.2 ce-updates
bind-utils x86_64 32:9.9.4-74.el7_6.2 ce-updates
curl x86_64 7.29.0-51.el7_6.3 ce-updates
httpd x86_64 2.4.6-89.el7.centos.1 ce-updates
httpd-tools x86_64 2.4.6-89.el7.centos.1 ce-updates
kernel-tools x86_64 3.10.0-957.27.2.el7 ce-updates
kernel-tools-libs x86_64 3.10.0-957.27.2.el7 ce-updates
kexec-tools x86_64 2.0.15-21.el7_6.4 ce-updates
libcurl x86_64 7.29.0-51.el7_6.3 ce-updates
libsmbclient x86_64 4.8.3-6.el7_6 ce-updates
libssh2 x86_64 1.4.3-12.el7_6.3 ce-updates
libwbclient x86_64 4.8.3-6.el7_6 ce-updates
mod_ssl x86_64 1:2.4.6-89.el7.centos.1 ce-updates
net-snmp x86_64 1:5.7.2-38.el7_6.2 ce-updates
net-snmp-agent-libs x86_64 1:5.7.2-38.el7_6.2 ce-updates 705 k
net-snmp-libs x86_64 1:5.7.2-38.el7_6.2 ce-updates
nethserver-backup-config noarch 2.4.0-1.ns7 nethserver-updates 50 k
nethserver-cockpit-lib noarch 0.11.0-1.ns7 nethserver-updates 31 k
nethserver-duc noarch 1.5.0-1.ns7 nethserver-updates 79 k
python-perf x86_64 3.10.0-957.27.2.el7 ce-updates
samba x86_64 4.8.3-6.el7_6 ce-updates
samba-client-libs x86_64 4.8.3-6.el7_6 ce-updates
samba-common noarch 4.8.3-6.el7_6 ce-updates
samba-common-libs x86_64 4.8.3-6.el7_6 ce-updates 164 k
samba-common-tools x86_64 4.8.3-6.el7_6 ce-updates 448 k
samba-libs x86_64 4.8.3-6.el7_6 ce-updates
samba-winbind x86_64 4.8.3-6.el7_6 ce-updates
samba-winbind-modules x86_64 4.8.3-6.el7_6 ce-updates 116 k
selinux-policy noarch 3.13.1-229.el7_6.15 ce-updates
selinux-policy-targeted noarch 3.13.1-229.el7_6.15 ce-updates
systemd x86_64 219-62.el7_6.9 ce-updates
systemd-libs x86_64 219-62.el7_6.9 ce-updates
systemd-sysv x86_64 219-62.el7_6.9 ce-updates
tuned noarch 2.10.0-6.el7_6.4 ce-updates
zabbix-agent x86_64 4.0.11-1.el7 zabbix
zabbix-release noarch 4.0-2.el7 zabbix
Removing:
kernel x86_64 3.10.0-957.10.1.el7 @ce-updates

So I upgraded my system. Then rebooted as usual.

Ok now login to AD is working for my clients (WIN7 clients) but no more shares. No share is accessible.

Domain Accounts web page was working with correct infos and JOIN was OK. Configured shares was there with correct ACLs. But no client mounted any share.

So due to fact that it’s a production system, I roll back immediately to our nightly backups and everything now its working.

Any other experiences with latest upgrades from centos ? Maybe a samba issue with newer version ?

Actually (working config) these are samba related packages installed:

samba-common-4.8.3-4.el7.noarch
samba-libs-4.8.3-4.el7.x86_64
samba-4.8.3-4.el7.x86_64
samba-common-libs-4.8.3-4.el7.x86_64
samba-common-tools-4.8.3-4.el7.x86_64
samba-winbind-modules-4.8.3-4.el7.x86_64
nethserver-samba-4.3.1-1.ns7.noarch
samba-winbind-4.8.3-4.el7.x86_64
samba-client-libs-4.8.3-4.el7.x86_64

Please help I would like to upgrade my system without any issues.

Paolo

Cc @davidep

Hi Paolo,

my NethServer running as Samba file server was updated yesterday (no reboot yet) and received similar samba packages (from samba 4.8.3-4 to 4.8.3-6). No issues so far with both smbclient and Windows 10 clients (Windows 10 ver. 1809 build SO 17763.615).

If you can restore the bogus system state we can investigate the failure reason of your system.

Ok. Done.

@davidep Do not reboot your machine !!!

Issue happens again ! But It happens only if nethserver machine is rebooted.

Now if i browse my nethserver with a \10.10.0.5\ it asks me for username and pwd, but no access at all. Before reboot all was ok !

/var/log/message seems ok no evidence. I also tried to reset permissions from web mgt page on some shares but no luck at all.

Domain Account Info:
NetBIOS domain name: MYCOMPANY
LDAP server: 10.10.0.1
LDAP server name: nsdc-nethserver.ad.mycompany.it
Realm: AD.MYCOMPANY.IT
Bind Path: dc=AD,dc=MYCOMPANY,dc=IT
LDAP port: 389
Server time: Fri, 02 Aug 2019 09:59:38 CEST
KDC server: 10.10.0.1
Server time offset: 0
Last machine account password change: Mon, 07 May 2018 15:35:40 CEST

Join is OK

whenCreated: 20180507133539.0Z
name: NETHSERVER
objectSid: S-1-5-21-1564140734-1993629625-3374088968-1104
accountExpires: 9223372036854775807
sAMAccountName: NETHSERVER$
pwdLastSet: 131701737399655330
dNSHostName: nethserver.mycompany.it
servicePrincipalName: HOST/NETHSERVER
servicePrincipalName: HOST/nethserver.mycompany.it
whenChanged: 20190801184428.0Z
lastLogon: 132092063604452280
distinguishedName: CN=NETHSERVER,CN=Computers,DC=ad,DC=mycompany,DC=it

Smbclient test from other box (same result with -U pfornara@mycompany.it or pfornara@mycompany):

root@pandaserver:/home/pfornara# smbclient -d4 -L 10.10.0.5 -U pfornara
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section “[global]”
doing parameter workgroup = WORKGROUP
doing parameter server string = %h server (Samba, Ubuntu)
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
WARNING: The “syslog” option is deprecated
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter server role = standalone server
doing parameter passdb backend = tdbsam
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
doing parameter pam password change = yes
doing parameter map to guest = bad user
doing parameter usershare allow guests = yes
pm_process() returned Yes
added interface eth0 ip=10.10.0.15 bcast=10.10.0.255 netmask=255.255.255.0
Client started (version 4.3.11-Ubuntu).
Enter pfornara’s password:
Connecting to 10.10.0.5 at port 445
session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend ‘gssapi_spnego’ registered
GENSEC backend ‘gssapi_krb5’ registered
GENSEC backend ‘gssapi_krb5_sasl’ registered
GENSEC backend ‘spnego’ registered
GENSEC backend ‘schannel’ registered
GENSEC backend ‘naclrpc_as_system’ registered
GENSEC backend ‘sasl-EXTERNAL’ registered
GENSEC backend ‘ntlmssp’ registered
GENSEC backend ‘ntlmssp_resume_ccache’ registered
GENSEC backend ‘http_basic’ registered
GENSEC backend ‘http_ntlm’ registered
GENSEC backend ‘krb5’ registered
GENSEC backend ‘fake_gssapi_krb5’ registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

I’m thinking about some updated kernel or selinux-policy related issue…

I can’t reproduce it: everything is still working here, also after rebooting the system.

Add the NetBIOS domain name prefix or use -W flag with smbclient. I.e.

smbclient -L 10.10.0.5 -U MYCOMPANY\\pfornara

Or

smbclient -L 10.10.0.5 -U pfornara -W MYCOMPANY

Quite old, but shouldn’t be an issue…

What about Windows clients?

smbclient -L 10.10.0.5 -U MYCOMPANY\\pfornara

WARNING: The “syslog” option is deprecated
Enter MYCOMPANY\pfornara’s password:
session setup failed: NT_STATUS_LOGON_FAILURE

smbclient -L 10.10.0.5 -U pfornara -W MYCOMPANY

WARNING: The “syslog” option is deprecated
Enter pfornara’s password:
session setup failed: NT_STATUS_LOGON_FAILURE

WIN7 Clients -> no access at all. Still prompt for username and password.

So tried to change pfornara password from webmgt (maybe I’m so stupid that input wrong password ?) :

Aug 2 10:19:06 nethserver esmith::event[3038]: Event: password-modify pfornara@mycompany.it /tmp/ng-mjxoyC
Aug 2 10:19:06 nethserver esmith::event[3038]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.003843]
Aug 2 10:19:07 nethserver esmith::event[3038]: Changed password OK
Aug 2 10:19:07 nethserver esmith::event[3038]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.612413]
Aug 2 10:19:07 nethserver esmith::event[3038]: Enabled user ‘pfornara’
Aug 2 10:19:07 nethserver esmith::event[3038]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.312043]
Aug 2 10:19:07 nethserver esmith::event[3038]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.012534]
Aug 2 10:19:07 nethserver esmith::event[3038]: Event: password-modify SUCCESS
Aug 2 10:19:07 nethserver systemd: Started Session c22 of user root.

still no luck !

Also tried with a recent version of smbclient from another box, and I confirm smbclient version is not an issue (smbclient 2:4.5.16+dfsg-1+deb9u2)

I have no idea of what is happening to your system

Ensure all Samba services are up and running,

systemctl status smb nmb winbind

clear cached infos

net cache flush

try to restart windbind:

systemctl restart winbind

selinux is disabled, the kernel cannot be related to a samba issue…

Ensure there’s no IP conflict on your network

● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-08-02 07:35:21 CEST; 2h 52min ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1214 (smbd)
Status: “smbd: ready to serve connections…”
CGroup: /system.slice/smb.service
├─1214 /usr/sbin/smbd --foreground --no-process-group
├─1242 /usr/sbin/smbd --foreground --no-process-group
├─1243 /usr/sbin/smbd --foreground --no-process-group
└─1659 /usr/sbin/smbd --foreground --no-process-group

Aug 02 07:35:20 nethserver.mycompany.it systemd[1]: Starting Samba SMB Daemon…
Aug 02 07:35:21 nethserver.mycompany.it systemd[1]: Started Samba SMB Daemon.
Aug 02 07:35:21 nethserver.mycompany.it smbd[1214]: [2019/08/02 07:35:21.170230, 0] …/lib/util/become_daemon.c:138(daemon_ready)
Aug 02 07:35:21 nethserver.mycompany.it smbd[1214]: daemon_ready: STATUS=daemon ‘smbd’ finished starting up and ready to serve connections
Aug 02 07:35:25 nethserver.mycompany.it smbd[1214]: [2019/08/02 07:35:25.282118, 0] …/source3/printing/nt_printing.c:249(nt_printing_init)
Aug 02 07:35:25 nethserver.mycompany.it smbd[1214]: nt_printing_init: error checking published printers: WERR_ACCESS_DENIED

● nmb.service - Samba NMB Daemon
Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-08-02 07:35:20 CEST; 2h 52min ago
Docs: man:nmbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1130 (nmbd)
Status: “nmbd: ready to serve connections…”
CGroup: /system.slice/nmb.service
└─1130 /usr/sbin/nmbd --foreground --no-process-group

Aug 02 07:35:20 nethserver.mycompany.it systemd[1]: Starting Samba NMB Daemon…
Aug 02 07:35:20 nethserver.mycompany.it nmbd[1130]: [2019/08/02 07:35:20.701291, 0] …/lib/util/become_daemon.c:138(daemon_ready)
Aug 02 07:35:20 nethserver.mycompany.it systemd[1]: Started Samba NMB Daemon.
Aug 02 07:35:20 nethserver.mycompany.it nmbd[1130]: daemon_ready: STATUS=daemon ‘nmbd’ finished starting up and ready to serve connections

● winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-08-02 07:35:20 CEST; 2h 52min ago
Docs: man:winbindd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1206 (winbindd)
Status: “winbindd: ready to serve connections…”
CGroup: /system.slice/winbind.service
├─1206 /usr/sbin/winbindd --foreground --no-process-group
└─1213 /usr/sbin/winbindd --foreground --no-process-group

Aug 02 07:35:20 nethserver.mycompany.it systemd[1]: Starting Samba Winbind Daemon…
Aug 02 07:35:20 nethserver.mycompany.it winbindd[1206]: [2019/08/02 07:35:20.800864, 0] …/source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Aug 02 07:35:20 nethserver.mycompany.it winbindd[1206]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Aug 02 07:35:20 nethserver.mycompany.it winbindd[1206]: [2019/08/02 07:35:20.821567, 0] …/lib/util/become_daemon.c:138(daemon_ready)
Aug 02 07:35:20 nethserver.mycompany.it systemd[1]: Started Samba Winbind Daemon.
Aug 02 07:35:20 nethserver.mycompany.it winbindd[1206]: daemon_ready: STATUS=daemon ‘winbindd’ finished starting up and ready to serve connections

DONE

DONE

What a fu** … I don’t understand what happens with those updates and reboot (I also tried early this morning a full reboot before updating those packages and all works)

@davidep /var/log/message quite strange lines with no issue i suppose are :

Aug 2 08:35:54 nethserver sssd[be[mycompany.it]]: Backend is offline
Aug 2 08:35:58 nethserver smbd[1310]: [2019/08/02 08:35:58.442314, 0] …/source3/printing/nt_printing.c:249(nt_printing_init)
Aug 2 08:35:58 nethserver smbd[1310]: nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
Aug 2 08:36:01 nethserver sssd[be[cappeller.it]]: Backend is online
Aug 2 08:36:01 nethserver sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Aug 2 08:36:01 nethserver sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Aug 2 08:36:01 nethserver sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Aug 2 08:36:01 nethserver sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.
Aug 2 08:36:01 nethserver sssd: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database.

I don’t have those lines in my smb status output

What you could try is downgrading samba-* packages to 4.8.3-4. That could narrow the issue origin to the samba package update…

Try this command (maybe you need to adapt it to your actual packages list…)

yum downgrade samba-4.8.3-4.el7.x86_64 samba-client-4.8.3-4.el7.x86_64 samba-client-libs-4.8.3-4.el7.x86_64 samba-common-4.8.3-4.el7.noarch samba-common-libs-4.8.3-4.el7.x86_64 samba-common-tools-4.8.3-4.el7.x86_64 samba-libs-4.8.3-4.el7.x86_64 samba-winbind-4.8.3-4.el7.x86_64 samba-winbind-clients-4.8.3-4.el7.x86_64 samba-winbind-modules-4.8.3-4.el7.x86_64 libwbclient-4.8.3-4.el7.x86_64  libsmbclient-4.8.3-4.el7.x86_64

I don’t know if it is required a restart, or downgrade runs it automatically:

systemctl restart smb nmb winbind

This is not an issue (search in past discussions about it)

It seems unrelated too: nethserver nt_printing_init - Google Search

Downgrade Done:
Removed:
libsmbclient.x86_64 0:4.8.3-6.el7_6 libwbclient.x86_64 0:4.8.3-6.el7_6 samba.x86_64 0:4.8.3-6.el7_6
samba-client-libs.x86_64 0:4.8.3-6.el7_6 samba-common.noarch 0:4.8.3-6.el7_6 samba-common-libs.x86_64 0:4.8.3-6.el7_6
samba-common-tools.x86_64 0:4.8.3-6.el7_6 samba-libs.x86_64 0:4.8.3-6.el7_6 samba-winbind.x86_64 0:4.8.3-6.el7_6
samba-winbind-modules.x86_64 0:4.8.3-6.el7_6

Installed:
libsmbclient.x86_64 0:4.8.3-4.el7 libwbclient.x86_64 0:4.8.3-4.el7 samba.x86_64 0:4.8.3-4.el7 samba-client-libs.x86_64 0:4.8.3-4.el7
samba-common.noarch 0:4.8.3-4.el7 samba-common-libs.x86_64 0:4.8.3-4.el7 samba-common-tools.x86_64 0:4.8.3-4.el7 samba-libs.x86_64 0:4.8.3-4.el7
samba-winbind.x86_64 0:4.8.3-4.el7 samba-winbind-modules.x86_64 0:4.8.3-4.el7

reboot server.

Still not working…so probably not a samba issue…

I have the same problem.
After the last upgrades Windows 10 can access shares, but smbclient from linux (SME Server 9.2 and Raspbian GNU/Linux 9 (stretch)) as well as various Kyocer/TriumphAdler multifunctional devices cannot.

[root@novads ~]# smbclient -d4 -L 192.168.1.102 -U pks@dundaga.lv lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file “/etc/samba/smb.conf”
Processing section “[global]”
doing parameter add machine script = /sbin/e-smith/signal-event machine-account-create ‘%u’
doing parameter bind interfaces only = yes
doing parameter case sensitive = no
doing parameter deadtime = 10080
doing parameter display charset = ISO8859-1
doing parameter dns proxy = no
doing parameter domain logons = no
doing parameter domain master = no
doing parameter dos charset = 850
doing parameter encrypt passwords = yes
doing parameter guest account = public
doing parameter guest ok = no
doing parameter hosts allow = 127.0.0.1 192.168.0.0/255.255.254.0
doing parameter interfaces = 127.0.0.1 192.168.1.160/255.255.254.0
doing parameter log file = /var/log/samba/log.%m
doing parameter logon drive = Z:
doing parameter map to guest = never
doing parameter max log size = 50
doing parameter name resolve order = wins lmhosts bcast
doing parameter netbios name = novads
handle_netbios_name: set global_myname to: NOVADS
doing parameter oplocks = true
doing parameter kernel oplocks = true
doing parameter level2 oplocks = true
doing parameter os level = 35
doing parameter passdb backend = smbpasswd:/etc/samba/smbpasswd
doing parameter pid directory = /var/run
doing parameter preferred master = auto
doing parameter preserve case = yes
doing parameter private dir = /etc/samba
doing parameter security = user
doing parameter server string = SME Server
doing parameter short preserve case = yes
doing parameter smb passwd file = /etc/samba/smbpasswd
doing parameter smb ports = 139
doing parameter socket options = TCP_NODELAY
doing parameter strict locking = no
doing parameter unix charset = UTF8
doing parameter unix password sync = Yes
doing parameter pam password change = Yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = NewUNIXpassword %n\n ReTypenewUNIXpassword* %n\n passwd:allauthenticationtokensupdatedsuccessfully*
doing parameter check password script = /sbin/e-smith/samba_check_password
doing parameter unix extensions = no
doing parameter wins support = no
doing parameter workgroup = dome
doing parameter printcap name = /etc/printcap
doing parameter load printers = yes
doing parameter printing = lprng
doing parameter print command = /usr/bin/lpr -b -h -r -P%p %s
pm_process() returned Yes
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
interpret_interface: Adding interface 192.168.1.160/255.255.254.0
added interface 192.168.1.160/2 ip=192.168.1.160 bcast=192.168.1.255 netmask=255.255.254.0
Client started (version 3.6.23-51.el6).
Enter pks@dundaga.lv’s password:
Connecting to 192.168.1.102 at port 445
session request ok
Doing spnego session setup (blob length=112)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

It worked here with the same smbclient version:

[root@vm3 ~]# rpm -q samba-client
samba-client-3.6.23-51.el6.x86_64

As per docs I used the NBDOMAIN\username syntax: Shared folders — NethServer 7 Final

Did you try the above yum downgrade command?

Having equal problems here- gonna try your suggestions and refer.

I have same situation after last update.
What i found out:
Client (win7) is domainmember in same network - share is OK
Client (win7) is not domainmember in same network - share is OK
Client (win7) is not domainmember in other network - share fails
Client (suse linux) fails

is downgrade the solution, shel i do it ?

I have tried all possible variants of username synthax

Suggested downgrade didn’t help.

pi@raspberrypi:~ $ smbclient -d4 -L 192.168.1.102 -U DOME\pks
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section “[global]”
doing parameter workgroup = WORKGROUP
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
WARNING: The “syslog” option is deprecated
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter server role = standalone server
doing parameter passdb backend = tdbsam
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
doing parameter pam password change = yes
doing parameter map to guest = bad user
doing parameter usershare allow guests = yes
pm_process() returned Yes
added interface wlan0 ip=192.168.1.11 bcast=192.168.1.255 netmask=255.255.254.0
Client started (version 4.5.16-Debian).
Enter DOME\pks’s password:
Connecting to 192.168.1.102 at port 445
session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend ‘gssapi_spnego’ registered
GENSEC backend ‘gssapi_krb5’ registered
GENSEC backend ‘gssapi_krb5_sasl’ registered
GENSEC backend ‘spnego’ registered
GENSEC backend ‘schannel’ registered
GENSEC backend ‘naclrpc_as_system’ registered
GENSEC backend ‘sasl-EXTERNAL’ registered
GENSEC backend ‘ntlmssp’ registered
GENSEC backend ‘ntlmssp_resume_ccache’ registered
GENSEC backend ‘http_basic’ registered
GENSEC backend ‘http_ntlm’ registered
GENSEC backend ‘krb5’ registered
GENSEC backend ‘fake_gssapi_krb5’ registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

Windows 10 clients, members of Nethserver AD, can access shares if browsing \\servername.
But the same Windows 10 clients cannot access network shares and continuously asks for password, if I try to browse server by IP as \\192.168.1.102

No. Just tried to downgrade all samba related packages. And its not working at all.

What i found out:
Client (win7) is domainmember in same network - share is KO
Client (win7) is not domainmember in same network - share is KO
Client (win7) is not domainmember in other network - share KO
Client (debian/centos linux) KO

Issue seems to have no relation with samba upgrade, also with old samba suite installed is present.

Maybe some other updated package…

Could it be related to something in libwbclient or libsmbclient or selinux-policy as I notice that are included in the list of items to be updated?

Maybe…Same feeling here.

The only suggestion from me is to do not upgrade anything untile issue is resolved.

Better not trying