[Samba] Problem with domain membership
Jochen Witte
devnull at alpha-lab.net
Wed Mar 23 19:27:33 GMT 2005
Just to be sure, I got it right: here is, what I do to get into the
domain and the dump the avaiable services:
---snip---
[531]root at hal~> /etc/init.d/samba stop
Shutting down SAMBA nmbd :
done
Shutting down SAMBA smbd :
done
[532]root at hal~> rm /opt/samba/private/s*
[533]root at hal~> smbpasswd -j <DOMAINNAME> -r <PDC> -U Administrator
Password:
Joined domain <DOMAINNAME>.
[534]root at hal~> /etc/init.d/samba start
Starting SAMBA nmbd :
done
Starting SAMBA smbd :
done
[535]root at hal~> smbclient -L //hal -U jwitte -W <DOMAIN>
added interface ip=10.128.0.23 bcast=10.128.0.255 nmask=255.255.255.0
Password: <RIGHT PASSWORD HERE>
session setup failed: NT_STATUS_LOGON_FAILURE
[536]root at hal~> smbpasswd -X hal # == localhost
SID for domain hal is: S-1-5-21-1600896514-926734994-3729081620
[537]root at hal~> smbpasswd -X Mundwerk
SID for domain Mundwerk is: S-1-5-21-1790986081-3911417905-1778689532
---snip---
If anybody has an idea, I would greatly appreciate it, since this is a
real blocker....
Regards
Jochen
Am Mittwoch, den 23.03.2005, 11:35 +0100 schrieb Jochen Witte:
> Hello - can anybody explain, what this means in detail?
>
> ---snip---
> 000010 smb_io_rpc_hdr_resp rpc_hdr_resp
> 0010 alloc_hint: 00000010
> 0014 context_id: 0000
> 0016 cancel_ct : 00
> 0017 reserved : 00
> rpc_api_pipe: len left: 0 smbtrans read: 40
> rpc_api_pipe: fragment first and last both set
> 000018 net_io_r_auth_2
> 000018 smb_io_chal
> 0018 data: c8 d8 ff bf 3b 5f 0e 08
> 000020 net_io_neg_flags
> 0020 neg_flags: 400001ff
> 0024 status: NT_STATUS_ACCESS_DENIED
> cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
> cli_nt_setup_creds: auth2 challenge failed
> connect_to_domain_password_server: unable to setup the PDC credentials
> to machine PDC-SERVER. Error was : NT_STATUS_OK.
> write_socket(19,45)
> write_socket(19,45) wrote 45
> ---snip---
>
>
>
>
>
> Am Dienstag, den 22.03.2005, 22:18 +0100 schrieb Jochen Witte:
> > OKOK no attachements here. On the PDC side I get:
> >
> > ---snip---
> >
> > account_policy_get: password history:0
> > pdb_set_user_sid: setting user sid
> > S-1-5-21-1790986081-3911417905-1778689532-132098
> > pdb_set_user_sid_from_rid:
> > setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 from
> > rid 132098
> > pdb_set_group_sid: setting group sid
> > S-1-5-21-1790986081-3911417905-1778689532-61001
> > pdb_set_group_sid_from_rid:
> > setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 from
> > rid 61001
> > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
> > [000] 4A 8C 6C 14 69 D1 72 B8 46 71 33 55 75 F8 01 C3 J.l.i.r.
> > Fq3Uu...
> > cred_session_key
> > clnt_chal: E166CA9056B37776
> > srv_chal : 5EC8E922D299E1CE
> > clnt+srv : 3F2FB4B3284D5945
> > sess_key : 629F7453EFF68A4B
> > cred_create
> > sess_key : 629F7453EFF68A4B
> > stor_cred: E166CA9056B37776
> > timestamp: 0
> > timecred : E166CA9056B37776
> > calc_cred: FE38AA70FD16006A
> > cred_assert
> > challenge : 4C87E9631DF688E5
> > calculated: FE38AA70FD16006A
> > credentials check wrong
> > 000000 net_io_r_auth_2
> > 000000 smb_io_chal
> > 0000 data: c8 d8 ff bf 3b 5f 0e 08
> > 000008 net_io_neg_flags
> > 0008 neg_flags: 400001ff
> > 000c status: NT_STATUS_ACCESS_DENIED
> > api_rpcTNP: called NETLOGON successfully
> > free_pipe_context: destroying talloc pool of size 78
> > write_to_pipe: data_used = 140
> > read_from_pipe: 712c name: NETLOGON len: 156
> > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0,
> > prs_offset(&p->out_data.rdata) = 16.
> > ---snip---
> >
> > Am Dienstag, den 22.03.2005, 22:07 +0100 schrieb Jochen Witte:
> > > Attached are the logs with the according log-level.
> > >
> > > ---snip---
> > > doing parameter workgroup = <DOMAINNAME>
> > > doing parameter netbios name = HAL
> > > 000018 smb_io_chal
> > > 0018 data: c8 d8 ff bf 3b 5f 0e 08
> > > 000020 net_io_neg_flags
> > > 0020 neg_flags: 400001ff
> > > 0024 status: NT_STATUS_ACCESS_DENIED
> > > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
> > > cli_nt_setup_creds: auth2 challenge failed
> > > connect_to_domain_password_server: unable to setup the PDC credentials
> > > to machine <PDCHOST>. Ewrite_socket(19,45)
> > > ---snip---
> > >
> > > Do I have a wrong secrets.tdb ? I deleted it completely and then joined
> > > the domain again (after removing the machine account in my ldap server).
> > >
> > > Am Dienstag, den 22.03.2005, 05:07 -0600 schrieb Gerald (Jerry) Carter:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Jochen Witte wrote:
> > > > | One update: when trying security=server
> > > > | on the fileserver side, I can log on
> > > > | to the fileserver. But i do not want
> > > > | security=server! Any hints out there?
> > > >
> > > > You need to look at a level 10 log on the server
> > > > (and set 'debug timestamp = no' for high debug logs).
> > > > There's not enough information here to really offer
> > > > sound advice.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > cheers, jerry
> > > > =====================================================================
> > > > Alleviating the pain of Windows(tm) ------- http://www.samba.org
> > > > GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
> > > > "I never saved anything for the swim back." Ethan Hawk in Gattaca
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.2.5 (GNU/Linux)
> > > > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> > > >
> > > > iD8DBQFCP/xZIR7qMdg1EfYRAsfVAJ9GqO/9UVgJpgTJmHdODPU+YO2x6gCg3bHl
> > > > STOznlGLrgKRJuZGUFH0h/E=
> > > > =Je16
> > > > -----END PGP SIGNATURE-----
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > --
> > Jochen Witte <devnull at alpha-lab.net>
> >
> --
> Jochen Witte <devnull at alpha-lab.net>
>
>
--
Jochen Witte <devnull at alpha-lab.net>
More information about the samba
mailing list