Windows Server 2003 SP1 Issues (3.0.15pre2)
William R. Lorenz
wrl at express.org
Thu Apr 28 17:17:43 GMT 2005
Hi All,
I'm running into some issues accessing a Samba server that's in turn
authenticating against a Win2k3-SP1 domain controller (security=ads). I
understand there were some known issues corrected in a patch, and I'm
currently running 3.0.15pre2, which I understand includes that patch.
(http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch)
All was working fine before the Win2k3 server was upgraded with the SP1
service pack. The `net ads join`, `wbinfo -t`, `wbinfo -u`, `wbinfo -p`,
`getent passwd`, and `getent group` commands all still work fine, but
users can't authenticate against the Samba box and view available shares.
For example, here's a local smbclient connection from the local console
(although other Windows XP clients fail to authenticate to view available
shares, which worked fine before and is really what we're trying to do):
[root at linux-test samba]# smbclient -L 192.168.0.52 -U polorx
added interface ip=192.168.0.52 bcast=192.168.0.255 nmask=255.255.255.0
Client started (version 3.0.15pre2).
Connecting to 192.168.0.52 at port 445
Password:
Doing spnego session setup (blob length=112)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=linux-test$@TCB.INTERNAL
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
[root at linux-test samba]#
I have attached the Samba server's configuration file, and I can also
provide detailed logs upon request. Does anyone have any ideas on this?
Thanks, in advance, for any insights you can offer!
-- William R. Lorenz <wrl at express.org>
-- http://www.express.org/~wrl/ ; "Every revolution was first
-- a thought in one man's mind." - Ralph Waldo Emerson
-------------- next part --------------
[global]
netbios name = linux-test
workgroup = MFERRY
realm = tcb.internal
server string = linux-test
security = ads
encrypt passwords = Yes
log file = /var/log/samba/%m.log
log level = 10
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = No
os level = 10
preferred master = No
domain master = No
dns proxy = No
hosts allow = 192.168.
password server = 192.168.0.239
interfaces = 192.168.0.52
bind interfaces only = yes
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
add share command = /usr/local/samba/bin/share.pl
change share command = /usr/local/samba/bin/share.pl
delete share command = /usr/local/samba/bin/share.pl
admin users = @MFERRY+Administrators
announce as = "NT Server"
announce version = 9.3
blocking locks = yes
browse list = yes
deadtime = 15
debug timestamp = yes
debug hires timestamp = yes
debug pid = yes
default service = public
dont descend = /proc,/dev,/tmp,/usr
getwd cache = yes
hide dot files = yes
invalid users = root shutdown halt service mysql apache rpm
kernel oplocks = yes
load printers = no
locking = yes
max disk size = 5000
message command = /var/log/samba "%s" "%t" "%f" &
nt acl support = yes
nt pipe support = yes
null passwords = no
obey pam restrictions = yes
strict allocate = yes
winbind separator = +
winbind cache time = 10
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/false
template homedir = /home/%U
More information about the samba-technical
mailing list