[Samba] Re: ADS valid users can't map share

Greg Adams gadams at gmail.com
Tue Nov 9 22:49:44 GMT 2004 

On Fri, 22 Oct 2004 18:11:10 -0400, Igor Belyi
<sambauser at katehok.ac93.org> wrote:
I'd guess it's a good idea to check if DNS
> name -> IP -> DNS name gives consistent result on all 3 participants:
> Samba server, XP client, and ADS.
> 
> Hope it's not useless,
> Igor
> 

Not sure if this covers it:

Samba Server : maul(.ddm.apm.bpm.eds.com)
ADS Server: ucosddm001(.edsadddm.ddm.apm.bpm.eds.com)
WinXP Client: mule(.edsadddm.ddm.apm.bpm.eds.com)
================================================================================
SAMBA SERVER DNS lookups
================================================================================
> maul
Server:  uscosddm001
Address:  199.42.192.103

Non-authoritative answer:
Name:    maul.DDM.APM.BPM.EDS.COM
Address:  199.42.192.180

# ping -s 199.42.192.180
PING 199.42.192.180: 56 data bytes
64 bytes from maul (199.42.192.180): icmp_seq=0. time=0. ms


> mule.edsadddm.ddm.apm.bpm.eds.com
Server:  uscosddm001
Address:  199.42.192.103

Name:    mule.edsadddm.ddm.apm.bpm.eds.com
Address:  199.42.192.45

# ping -s 199.42.192.45
PING 199.42.192.45: 56 data bytes
64 bytes from mule (199.42.192.45): icmp_seq=0. time=0. ms


> uscosddm001.edsadddm.ddm.apm.bpm.eds.com
Server:  uscosddm001
Address:  199.42.192.103

Name:    uscosddm001.edsadddm.ddm.apm.bpm.eds.com
Address:  199.42.192.103

# ping -s 199.42.192.103
PING 199.42.192.103: 56 data bytes
64 bytes from uscosddm001 (199.42.192.103): icmp_seq=0. time=0. ms

================================================================================
ADS SERVER lookups
================================================================================
> maul
Server:  uscosddm001
Address:  199.42.192.103

Non-authoritative answer:
Name:    maul.DDM.APM.BPM.EDS.COM
Address:  199.42.192.180

> mule
Server:  uscosddm001
Address:  199.42.192.103

Name:    mule.EDSADDDM.DDM.APM.BPM.EDS.COM
Address:  199.42.192.45

> uscosddm001
Server:  uscosddm001
Address:  199.42.192.103

Name:    uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM
Address:  199.42.192.103


================================================================================
Windows XP Client lookups
================================================================================
> maul
Server:  uscosddm001
Address:  199.42.192.103

Non-authoritative answer:
Name:    maul.DDM.APM.BPM.EDS.COM
Address:  199.42.192.180

> mule
Server:  uscosddm001
Address:  199.42.192.103

Name:    mule.EDSADDDM.DDM.APM.BPM.EDS.COM
Address:  199.42.192.45

> uscosddm001
Server:  uscosddm001
Address:  199.42.192.103

Name:    uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM
Address:  199.42.192.103
================================================================================

Here's the section of a level 10 log from samba 3.0.7 when connecting
from the Windows XP client, and I think it's here that samba decides
to choose the NT LM protocol. The question is why?

================================================================================
[2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681)
  lp_file_list_changed()
  file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf  last
mod_time: Tue Nov  9 14:21:42 2004
  
[2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1302)
  open_oplock_ipc: opening loopback UDP socket.
[2004/11/09 14:21:57, 10] lib/util_sock.c:open_socket_in(717)
  bind succeeded on port 0
[2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1333)
  open_oplock ipc: pid = 27221, global_oplock_port = 55305
[2004/11/09 14:21:57, 4] lib/time.c:get_serverzone(122)
  Serverzone is 28800
[2004/11/09 14:21:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(505)
  got smb length of 133
[2004/11/09 14:21:57, 6] smbd/process.c:process_smb(1091)
  got message type 0x0 of len 0x85
[2004/11/09 14:21:57, 3] smbd/process.c:process_smb(1092)
  Transaction 0 of length 137
[2004/11/09 14:21:57, 5] lib/util.c:show_msg(439)
[2004/11/09 14:21:57, 5] lib/util.c:show_msg(449)
  size=133
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=51283
  smb_tid=0
  smb_pid=65279
  smb_uid=0
  smb_mid=0
  smt_wct=0
  smb_bcc=98
[2004/11/09 14:21:57, 10] lib/util.c:dump_data(1835)
  [000] 02 50 43 20 4E 45 54 57  4F 52 4B 20 50 52 4F 47  .PC NETW ORK PROG
  [010] 52 41 4D 20 31 2E 30 00  02 4C 41 4E 4D 41 4E 31  RAM 1.0. .LANMAN1
  [020] 2E 30 00 02 57 69 6E 64  6F 77 73 20 66 6F 72 20  .0..Wind ows for 
  [030] 57 6F 72 6B 67 72 6F 75  70 73 20 33 2E 31 61 00  Workgrou ps 3.1a.
  [040] 02 4C 4D 31 2E 32 58 30  30 32 00 02 4C 41 4E 4D  .LM1.2X0 02..LANM
  [050] 41 4E 32 2E 31 00 02 4E  54 20 4C 4D 20 30 2E 31  AN2.1..N T LM 0.1
  [060] 32 00                                             2. 
[2004/11/09 14:21:57, 3] smbd/process.c:switch_message(887)
  switch message SMBnegprot (pid 27221) conn 0x0
[2004/11/09 14:21:57, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/11/09 14:21:57, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2004/11/09 14:21:57, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2004/11/09 14:21:57, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
  Requested protocol [LANMAN1.0]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
  Requested protocol [Windows for Workgroups 3.1a]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
  Requested protocol [LM1.2X002]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
  Requested protocol [LANMAN2.1]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
  Requested protocol [NT LM 0.12]
[2004/11/09 14:21:57, 10] lib/util.c:set_remote_arch(1810)
  set_remote_arch: Client arch is 'Win2K'
[2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681)
  lp_file_list_changed()
  file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf  last
mod_time: Tue Nov  9 14:21:42 2004
  
[2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681)
  lp_file_list_changed()
  file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf  last
mod_time: Tue Nov  9 14:21:42 2004
  
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_nt1(329)
  using SPNEGO
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(545)
  Selected protocol NT LM 0.12
[2004/11/09 14:21:57, 5] smbd/negprot.c:reply_negprot(551)
  negprot index=5
================================================================================

Do you think that Samba 3.0.8 would fix the problem? I see that there
are some changes in user mapping concerning NTLM, but I'd rather
figure out why Samba is using that protocol, when I'm convinced it
should be using Kerberos authentication.

Greg

More information about the samba mailing list