[Samba] Samba/LDAP XP Authentication Weirdness
_Chris McKeever_
tech-mail at prupref.com
Thu Jul 10 18:25:00 GMT 2003
logs below:
-- Jason Williams Wrote:
Weird stuff happening eh?
Just to get a few things out of the way, the user that is having problems
logging on, they have an account on the PDC?
---> all done through ldap, logs show authenticating user fine (below)
The machine account will be there since it has already connected to the
PDC.
---> machine account is in the LDAP
The original user works, but when you create a new user on the XP box
and try and log on, you get errors right?
---> I am not creating a new user, just trying to log in (as I did with the
first user that works). I did however try to add that user to the list of
power users and that didnt help either.
Anything the logs say?
---> see comments below
> -----Original Message-----
> From: _Chris McKeever_ [mailto:tech-mail at prupref.com]
>
>
> Samba 2.2.8a, RH7.3
>
> I have successfully connected machines running XP to the
> samba controlled
> domain.
>
> There are 3 XP machines, each with only one user designated
> as a power user
> (ie domain\username power user). Each can log into any of the three
> machines without a problem.
>
> Now I am trying to log a different person into any of these
> machines and I
> get the message "System Could Not Log You On".
>
> I can log into any of these machines with the administrator
> or my account
> (neither of which are set up in the local users - other than
> computername\administrator).
>
> Any ideas of what is going on? Did I miss something? I
> thought that with
> domain logins that any user can log into the XP machine as
> long as they are
> set-up correctly via samba, which they are since they can
> access resources
> from windows 98 machines to samba shares.
>
> Thanks
>From the logs it seems like the user is authenticating fine against
ldap/samba:
problem user:
[2003/07/10 12:46:59, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(605)
SAM Logon (Interactive). Domain:[PRUPREF.COM]. User:[jearhart]
[2003/07/10 12:46:59, 3] smbd/sec_ctx.c:push_sec_ctx(296)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/07/10 12:46:59, 3] smbd/uid.c:push_conn_ctx(285)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/07/10 12:46:59, 3] smbd/sec_ctx.c:set_sec_ctx(328)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/07/10 12:46:59, 5] passdb/pdb_ldap.c:ldap_open_connection(122)
ldap_open_connection: starting...
[2003/07/10 12:46:59, 10] passdb/pdb_ldap.c:ldap_open_connection(148)
Initializing connection to winnetka.prupref.com on port 389
[2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_open_connection(186)
StartTLS issued: using a TLS connection
[2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
ldap_open_connection: connection opened
[2003/07/10 12:46:59, 0] passdb/pdb_ldap.c:ldap_connect_system(315)
ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
[2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
ldap_connect_system: succesful connection to the LDAP server
[2003/07/10 12:46:59, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
ldap_search_one_user: searching
for:[(&(uid=jearhart)(objectclass=sambaAccount))]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [uid] = [jearhart]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
Entry found for user: jearhart
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdLastSet] = [1057792387]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logonTime] = [0]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logoffTime] = [2147483647]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [kickoffTime] = [2147483647]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdCanChange] = [0]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdMustChange] = [2147483647]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [cn] = [Jeff Earhart]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [homeDrive] = [<does not exist>]
[2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626)
homeDrive fell back to
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [smbHome] = [<does not exist>]
[2003/07/10 12:47:00, 4] lib/substitute.c:automount_server(183)
Home server: prupref-winn
[2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635)
smbHome fell back to \\prupref-winn\jearhart
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [scriptPath] = [<does not exist>]
[2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644)
scriptPath fell back to
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [profilePath] = [<does not exist>]
[2003/07/10 12:47:00, 4] lib/substitute.c:automount_server(183)
Home server: prupref-winn
[2003/07/10 12:47:00, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653)
profilePath fell back to \\prupref-winn\jearhart\profile
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [description] = [<does not exist>]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [rid] = [87124]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [primaryGroupID] = [3005]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [lmPassword] = [B9AD96875]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [ntPassword] = [77A7A]
[2003/07/10 12:47:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [acctFlags] = [[UX ]]
[2003/07/10 12:47:00, 3] smbd/sec_ctx.c:pop_sec_ctx(435)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2003/07/10 12:47:00, 3] smbd/sec_ctx.c:push_sec_ctx(296)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/07/10 12:47:00, 3] smbd/uid.c:push_conn_ctx(285)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
** this is where the strange part is
2003/07/10 12:47:00, 10] lib/util_sid.c:split_domain_name(340)
split_domain_name:name 'jearhart' split into domain :'PRUPREF-WINN' and
user :'jearhart'
[2003/07/10 12:47:00, 5] rpc_server/srv_lsa_nt.c:init_lsa_rid2s(160)
init_lsa_rid2s: looking up name jearhart
[2003/07/10 12:47:00, 10] smbd/uid.c:lookup_name(457)
lookup_name: winbind lookup for jearhart failed - trying local
[2003/07/10 12:47:00, 10] smbd/uid.c:lookup_name(486)
lookup_name: (local) jearhart -> SID
S-1-5-21-2263616378-1746176118-2189425910-87124 (type 1)
[2003/07/10 12:47:00, 5] rpc_server/srv_lsa_nt.c:init_lsa_rid2s(164)
init_lsa_rid2s: found
[2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_debug(60)
000000 lsa_io_r_lookup_names
[2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_uint32(588)
0000 ptr_dom_ref: 00000001
[2003/07/10 12:47:00, 6] rpc_parse/parse_prs.c:prs_debug(60)
000004 lsa_io_dom_r_ref
[2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_uint32(588)
0004 num_ref_doms_1: 00000001
[2003/07/10 12:47:00, 5] rpc_parse/parse_prs.c:prs_uint32(588)
Here are logs from the successfull user:
2003/07/10 12:42:54, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(605)
SAM Logon (Interactive). Domain:[PRUPREF.COM]. User:[mbarnes]
[2003/07/10 12:42:54, 3] smbd/sec_ctx.c:push_sec_ctx(296)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/07/10 12:42:54, 3] smbd/uid.c:push_conn_ctx(285)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/07/10 12:42:54, 3] smbd/sec_ctx.c:set_sec_ctx(328)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:ldap_open_connection(122)
ldap_open_connection: starting...
[2003/07/10 12:42:54, 10] passdb/pdb_ldap.c:ldap_open_connection(148)
Initializing connection to winnetka.prupref.com on port 389
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_open_connection(186)
StartTLS issued: using a TLS connection
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
ldap_open_connection: connection opened
[2003/07/10 12:42:54, 0] passdb/pdb_ldap.c:ldap_connect_system(315)
ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
ldap_connect_system: succesful connection to the LDAP server
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
ldap_search_one_user: searching
for:[(&(uid=mbarnes)(objectclass=sambaAccount))]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [uid] = [mbarnes]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
Entry found for user: mbarnes
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdLastSet] = [1052162872]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logonTime] = [0]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [logoffTime] = [2147483647]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [kickoffTime] = [2147483647]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdCanChange] = [0]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [pwdMustChange] = [2147483647]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [cn] = [Michael Barnes]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [homeDrive] = [<does not exist>]
[2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626)
homeDrive fell back to
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [smbHome] = [<does not exist>]
[2003/07/10 12:42:54, 4] lib/substitute.c:automount_server(183)
Home server: prupref-winn
[2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635)
smbHome fell back to \\prupref-winn\mbarnes
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [scriptPath] = [<does not exist>]
[2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644)
scriptPath fell back to
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [profilePath] = [<does not exist>]
[2003/07/10 12:42:54, 4] lib/substitute.c:automount_server(183)
Home server: prupref-winn
[2003/07/10 12:42:54, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653)
profilePath fell back to \\prupref-winn\mbarnes\profile
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [description] = [<does not exist>]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(435)
get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [rid] = [6722]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [primaryGroupID] = [3005]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [lmPassword] = [3DEC2A3]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [ntPassword] = [A87AD606]
[2003/07/10 12:42:54, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [acctFlags] = [[UX ]]
[2003/07/10 12:42:54, 3] smbd/sec_ctx.c:pop_sec_ctx(435)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2003/07/10 12:42:54, 3] smbd/sec_ctx.c:push_sec_ctx(296)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/07/10 12:42:54, 3] smbd/uid.c:push_conn_ctx(285)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/07/10 12:42:54, 3] smbd/sec_ctx.c:set_sec_ctx(328)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/07/10 12:42:54, 3] smbd/sec_ctx.c:pop_sec_ctx(435)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2003/07/10 12:42:54, 10] lib/username.c:user_in_list(456)
user_in_list: checking user mbarnes in list
[2003/07/10 12:42:54, 3] rpc_server/srv_util.c:get_domain_user_groups(187)
domain group access 513/7 granted
[2003/07/10 12:42:54, 10] lib/username.c:user_in_list(456)
user_in_list: checking user mbarnes in list root @domain-admins
[2003/07/10 12:42:54, 10] lib/username.c:user_in_list(460)
user_in_list: checking user |mbarnes| against |root|
[2003/07/10 12:42:54, 10] lib/username.c:user_in_list(460)
user_in_list: checking user |mbarnes| against |@domain-admins|
[2003/07/10 12:42:54, 5] lib/username.c:user_in_netgroup_list(298)
Unable to get default yp domain
[2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(392)
user_in_unix_group_list: checking user mbarnes in group domain-admins
[2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413)
user_in_unix_group_list: checking user mbarnes against member jearhart
[2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413)
user_in_unix_group_list: checking user mbarnes against member cfusion
[2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413)
user_in_unix_group_list: checking user mbarnes against member
administrator
[2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413)
user_in_unix_group_list: checking user mbarnes against member mfalanga
[2003/07/10 12:42:54, 10] lib/username.c:user_in_unix_group_list(413)
user_in_unix_group_list: checking user mbarnes against member cgmckeever
[2003/07/10 12:42:54, 4] rpc_server/srv_util.c:make_dom_gids(90)
make_dom_gids: 513/7
[2003/07/10 12:42:54, 5] rpc_server/srv_util.c:make_dom_gids(149)
group id: 513 attr: 7
[2003/07/10 12:42:54, 4] rpc_parse/parse_net.c:init_dom_sid2s(813)
init_dom_sid2s:
** The part about domain splitting is not there
if you need other parts of the logs, please let me know.
Thanks
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list