[Samba] unable to join domain
James K Linderman
jlinderman at iowanation.org
Fri Oct 17 19:36:47 GMT 2003
Ok I am kind of new to this and still got a lot of learning to go. This
once has been kicking me for about a week!
I can browse workgroups, but not the domain. And get the Error
connecting to (pdc) - NT_STATUS_ACCESS_DENIED unable to join domain
Follows is level 10 output
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = iowatribe
doing parameter server string = iowawbsrv1
doing parameter hosts allow = 10.1.1.
doing parameter printcap name = /etc/printcap
doing parameter load printers = yes
doing parameter printing = cups
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 0
doing parameter security = domain
doing parameter password server = *
doing parameter encrypt passwords = yes
doing parameter smb passwd file = /etc/samba/smbpasswd
doing parameter pam password change = no
doing parameter obey pam restrictions = no
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter wins server = 10.1.1.1
wins_srv_load_list(): Building WINS server list:
10.1.1.1,
1 WINS server listed.
doing parameter dns proxy = yes
doing parameter preserve case = no
doing parameter short preserve case = no
doing parameter default case = lower
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: ROLE_DOMAIN_MEMBER
codepage_initialise: client code page = 850
load_client_codepage: loading codepage 850.
Adding chars 0x85 0xb7 (l->u = True) (u->l = True)
Adding chars 0xa0 0xb5 (l->u = True) (u->l = True)
Adding chars 0x83 0xb6 (l->u = True) (u->l = True)
Adding chars 0xc6 0xc7 (l->u = True) (u->l = True)
Adding chars 0x84 0x8e (l->u = True) (u->l = True)
Adding chars 0x86 0x8f (l->u = True) (u->l = True)
Adding chars 0x91 0x92 (l->u = True) (u->l = True)
Adding chars 0x87 0x80 (l->u = True) (u->l = True)
Adding chars 0x8a 0xd4 (l->u = True) (u->l = True)
Adding chars 0x82 0x90 (l->u = True) (u->l = True)
Adding chars 0x88 0xd2 (l->u = True) (u->l = True)
Adding chars 0x89 0xd3 (l->u = True) (u->l = True)
Adding chars 0x8d 0xde (l->u = True) (u->l = True)
Adding chars 0xa1 0xd6 (l->u = True) (u->l = True)
Adding chars 0x8c 0xd7 (l->u = True) (u->l = True)
Adding chars 0x8b 0xd8 (l->u = True) (u->l = True)
Adding chars 0xd0 0xd1 (l->u = True) (u->l = True)
Adding chars 0xa4 0xa5 (l->u = True) (u->l = True)
Adding chars 0x95 0xe3 (l->u = True) (u->l = True)
Adding chars 0xa2 0xe0 (l->u = True) (u->l = True)
Adding chars 0x93 0xe2 (l->u = True) (u->l = True)
Adding chars 0xe4 0xe5 (l->u = True) (u->l = True)
Adding chars 0x94 0x99 (l->u = True) (u->l = True)
Adding chars 0x9b 0x9d (l->u = True) (u->l = True)
Adding chars 0x97 0xeb (l->u = True) (u->l = True)
Adding chars 0xa3 0xe9 (l->u = True) (u->l = True)
Adding chars 0x96 0xea (l->u = True) (u->l = True)
Adding chars 0x81 0x9a (l->u = True) (u->l = True)
Adding chars 0xec 0xed (l->u = True) (u->l = True)
Adding chars 0xe7 0xe8 (l->u = True) (u->l = True)
Adding chars 0x9c 0x0 (l->u = False) (u->l = False)
load_dos_unicode_map: 850
load_unicode_map: loading unicode map for codepage 850.
load_unix_unicode_map: ISO8859-1 (init_done=0, override=0)
load_unicode_map: loading unicode map for codepage ISO8859-1.
added interface ip=10.1.1.13 bcast=10.1.1.255 nmask=255.255.255.0
cli_init_creds: user xxxxxxxxxx domain IOWATRIBE flgs: 0
ntlmssp_cli_flgs:0
resolve_lmhosts: Attempting lmhosts lookup for name IOWATRIBE<0x1b>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_wins: Attempting wins lookup for name IOWATRIBE<0x1b>
wins_srv_count: WINS status: 1 servers.
10.1.1.1 <10.1.1.1>: alive
resolve_wins: WINS server == <10.1.1.1>
bind succeeded on port 0
Sending a packet of len 50 to (10.1.1.1) on port 137
read_udp_socket: lastip 10.1.1.1 lastport 137 read: 56
parse_nmb: packet id = 4272
Received a packet of len 56 from (10.1.1.1) port 137
nmb packet from 10.1.1.1(137) header: id=4272 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=3 qdcount=0 ancount=0 nscount=0 arcount=0
Negative name query response, rcode 0x03: The name requested does not
exist.
name_resolve_bcast: Attempting broadcast lookup for name IOWATRIBE<0x1b>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 65535
socket option SO_RCVBUF = 65535
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (10.1.1.255) on port 137
read_udp_socket: lastip 10.1.1.1 lastport 137 read: 68
parse_nmb: packet id = 7660
Received a packet of len 68 from (10.1.1.1) port 137
nmb packet from 10.1.1.1(137) header: id=7660 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=IOWATRIBE<1b> rr_type=32 rr_class=1 ttl=300000
answers 0 char ............ hex 0000AC10010200000A010101
Got a positive name query response from 10.1.1.1 ( xxx.xx.x.x 10.1.1.1 )
internal_resolve_name: returning 2 addresses: xxx.xx.x.x 2 10.1.1.1
bind succeeded on port 0
Sending a packet of len 50 to (xxx.xx.x.x) on port 137
read_udp_socket: lastip xxx.xx.x.x lastport 137 read: 283
parse_nmb: packet id = 23919
Received a packet of len 283 from (xxx.xx.x.x) port 137
nmb packet from xxx.xx.x.x(137) header: id=23919 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=IOWATRIBE<1c> rr_type=33 rr_class=1 ttl=0
answers 0 char .IOWASRV1 hex
08494F57415352563120202020202020
answers 10 char ...IOWATRIBE hex
000400494F5741545249424520202020
answers 20 char ...IOWATRIBE hex
2020008400494F574154524942452020
answers 30 char ...IOWASRV1 hex
202020201C8400494F57415352563120
answers 40 char ..IOWATRI hex
202020202020200400494F5741545249
answers 50 char BE ...IOWAT hex
42452020202020201B0400494F574154
answers 60 char RIBE ...IOW hex
524942452020202020201E8400494F57
answers 70 char ATRIBE .... hex
4154524942452020202020201D040001
answers 80 char .__MSBROWSE__... hex
025F5F4D5342524F5753455F5F020184
answers 90 char ...[............ hex
0000065BEEE1EB000000000000000000
answers a0 char ................ hex
00000000000000000000000000000000
answers b0 char ............... hex
000000000000000000000000000000
cli_establish_connection: IOWAWBSRV1<00> connecting to IOWASRV1<20>
(xxx.xx.x.x) - jlinderman [IOWATRIBE]
Connecting to xxx.xx.x.x at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(4,168)
write_socket(4,168) wrote 168
got smb length of 115
size=115
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=2591
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12815 (0x320F)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=499 (0x1F3)
smb_vwv[11]=52224 (0xCC00)
smb_vwv[12]=46089 (0xB409)
smb_vwv[13]=19799 (0x4D57)
smb_vwv[14]=50067 (0xC393)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=46
[000] C0 CC AD A1 0B FF 51 77 49 00 4F 00 57 00 41 00 ......Qw
I.O.W.A.
[010] 54 00 52 00 49 00 42 00 45 00 00 00 49 00 4F 00 T.R.I.B.
E...I.O.
[020] 57 00 41 00 53 00 52 00 56 00 31 00 00 00 W.A.S.R. V.1...
size=115
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=2591
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[0]=7 (0x7)
smb_vwv[1]=12815 (0x320F)
smb_vwv[2]=256 (0x100)
smb_vwv[3]=1024 (0x400)
smb_vwv[4]=65 (0x41)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=256 (0x100)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=64768 (0xFD00)
smb_vwv[10]=499 (0x1F3)
smb_vwv[11]=52224 (0xCC00)
smb_vwv[12]=46089 (0xB409)
smb_vwv[13]=19799 (0x4D57)
smb_vwv[14]=50067 (0xC393)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=2049 (0x801)
smb_bcc=46
[000] C0 CC AD A1 0B FF 51 77 49 00 4F 00 57 00 41 00 ......Qw
I.O.W.A.
[010] 54 00 52 00 49 00 42 00 45 00 00 00 49 00 4F 00 T.R.I.B.
E...I.O.
[020] 57 00 41 00 53 00 52 00 56 00 31 00 00 00 W.A.S.R. V.1...
write_socket(4,178)
write_socket(4,178) wrote 178
got smb length of 159
size=159
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=2591
smb_uid=45057
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=159 (0x9F)
smb_vwv[2]=0 (0x0)
smb_bcc=118
[000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s.
[010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r.
.2
[020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3.
.3.7.9.0
[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n
.d.o.w.s
[040] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r.
[050] 00 32 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 .2.0.0.3 .
.5...2
[060] 00 00 00 49 00 4F 00 57 00 41 00 54 00 52 00 49 ...I.O.W
.A.T.R.I
[070] 00 42 00 45 00 00 .B.E..
size=159
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=2591
smb_uid=45057
smb_mid=1
smt_wct=3
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=159 (0x9F)
smb_vwv[2]=0 (0x0)
smb_bcc=118
[000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s.
[010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r.
.2
[020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3.
.3.7.9.0
[030] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n
.d.o.w.s
[040] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r.
[050] 00 32 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 .2.0.0.3 .
.5...2
[060] 00 00 00 49 00 4F 00 57 00 41 00 54 00 52 00 49 ...I.O.W
.A.T.R.I
[070] 00 42 00 45 00 00 .B.E..
session setup ok
Domain=[IOWATRIBE] OS=[Windows Server 2003 3790] Server=[Windows Server
2003 5.2]
write_socket(4,62)
write_socket(4,62) wrote 62
got smb length of 35
size=35
smb_com=0x75
smb_rcls=34
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=2591
smb_uid=45057
smb_mid=1
smt_wct=0
smb_bcc=0
failed tcon_X
Error connecting to IOWASRV1 - NT_STATUS_ACCESS_DENIED
My smb.conf follows
#
#======================= Global Settings
=====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = iowatribe
# server string is the equivalent of the NT Description field
server string = iowawbsrv1
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 10.1.1.
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 0
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = domain
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
password server = *
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following is needed to keep smbclient from spouting spurious
errors
# when Samba is built with support for SSL.
; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
; unix password sync = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.
pam password change = no
# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /etc/samba/smb.conf.%m
# This parameter will control whether or not Samba should obey PAM's
# account and session management directives. The default behavior is
# to use PAM for clear text authentication only and to ignore any
# account or session management. Note that Samba always ignores PAM
# for authentication in the case of encrypt passwords = yes
obey pam restrictions = no
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
# interfaces 10.1.1.6
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.2.44
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on
startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT
both
wins server = 10.1.1.1
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = yes
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
preserve case = no
short preserve case = no
# Default case is normally upper case for all DOS files
default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user
# Un-comment the following and create the netlogon directory for Domain
Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in
fred's
# home directory. Note that fred must have write access to the spool
directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /home/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires
write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that
connects
# this allows you to tailor configurations to incoming machines. You
could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/local/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that
all files
# created in the directory by users will be owned by the default user,
so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of
course
# be specified, in which case all files would be owned by that user
instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that
two
# users can place files there that will be owned by the specific users.
In this
# setup, the directory should be writable by both users and should have
the
# sticky bit set on it to prevent abuse. Obviously this could be
extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
any help with this would be greatly appreciated.
I am a system administrator that is fixing to move from a company stuck
in windows due to cost already incurred to a company that is just
starting out needing a network going and am trying to learn in a short
period what most of you have spent years learning. I love the RedHat 9
enviro. And is fun to play with but now that is coming to crunch time is
hurting me bad.
Thanks in advance
James K Linderman
More information about the samba
mailing list