[Samba] Authenticating Samba on NT4 SRV

fonteneau fonteneau at dynetcom.fr
Tue Feb 21 14:12:52 GMT 2006 

Hi,

I'm just using samba for few weeks and i'm triing to migrate all NT4 SAM 
base to Samba Linux.
I'm working with Red Hat enterprise Linux ES 4.0 updated, openldap 
2.2.13-4, samba samba-3.0.10-1.4E.2 and i've followed IDEALX migration 
procedure with smbldap-tools-0.9.3-1.

Every configuration seems to be clean but not ;o)))))

I'm using cleartext password in slapd.conf and smbldap.conf no md5, sha 
or ssha. I'm just using IDEALX procedure and when triing to pass the 
command :
net rpc join -S PDC-NT4 -Uroot i've got :

[2006/02/21 15:05:29, 3] param/loadparm.c:lp_load(3911)
  lp_load: refreshing parameters
[2006/02/21 15:05:29, 3] param/loadparm.c:init_globals(1312)
  Initialising global parameters
[2006/02/21 15:05:29, 3] param/params.c:pm_process(566)
  params.c:pm_process() - Processing configuration file 
"/etc/samba/smb.conf"
[2006/02/21 15:05:29, 3] param/loadparm.c:do_section(3404)
  Processing section "[global]"
[2006/02/21 15:05:29, 2] lib/interface.c:add_interface(79)
  added interface ip=192.168.2.13 bcast=192.168.2.255 nmask=255.255.255.0
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_lmhosts(855)
  resolve_lmhosts: Attempting lmhosts lookup for name PDC-NT4<0x20>
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_wins(752)
  resolve_wins: Attempting wins lookup for name PDC-NT4<0x20>
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_wins(755)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_hosts(917)
  resolve_hosts: Attempting host lookup for name PDC-NT4<0x20>
[2006/02/21 15:05:29, 3] libsmb/cliconnect.c:cli_start_connection(1388)
  Connecting to host=PDC-NT4
[2006/02/21 15:05:29, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 445
[2006/02/21 15:05:29, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:05:29, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 139
[2006/02/21 15:05:29, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2006/02/21 15:05:29, 3] libsmb/trusts_util.c:just_change_the_password(43)
  just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2006/02/21 15:05:29, 1] utils/net_rpc.c:run_rpc_command(142)
  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password:

seems to be password, credential problem but can't investigate which one.

Then entered password and :

[2006/02/21 15:06:45, 3] libsmb/cliconnect.c:cli_start_connection(1388)
  Connecting to host=PDC-NT4
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 445
[2006/02/21 15:06:45, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 139
[2006/02/21 15:06:45, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
  lsa_io_sec_qos: length c does not match size 8
[2006/02/21 15:06:45, 3] libsmb/cliconnect.c:cli_start_connection(1388)
  Connecting to host=PDC-NT4
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 445
[2006/02/21 15:06:45, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 139
Joined domain MONDOMAINE.FR.
[2006/02/21 15:06:45, 2] utils/net.c:main(859)
  return code = 0

command : net rpc testjoin -S PDC-NT4
Join to 'MONDOMAINE.FR' is OK

triing  wbinfo -t
checking the trust secret via RPC calls failed
error code was  (0x0)
Could not check secret

Bye the way using all smbldap-<scripts> and every things goes well with 
openldap.

command :  net rpc vampire -S PDC-NT4 -d3
[2006/02/21 15:09:12, 3] param/loadparm.c:lp_load(3911)
  lp_load: refreshing parameters
[2006/02/21 15:09:12, 3] param/loadparm.c:init_globals(1312)
  Initialising global parameters
[2006/02/21 15:09:12, 3] param/params.c:pm_process(566)
  params.c:pm_process() - Processing configuration file 
"/etc/samba/smb.conf"
[2006/02/21 15:09:12, 3] param/loadparm.c:do_section(3404)
  Processing section "[global]"
[2006/02/21 15:09:12, 2] lib/interface.c:add_interface(79)
  added interface ip=192.168.2.13 bcast=192.168.2.255 nmask=255.255.255.0
[2006/02/21 15:09:12, 3] libsmb/cliconnect.c:cli_start_connection(1388)
  Connecting to host=PDC-NT4
[2006/02/21 15:09:12, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 445
[2006/02/21 15:09:12, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:09:12, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.2.17 at port 139
Fetching DOMAIN database
Failed to fetch domain database: NT_STATUS_ACCESS_DENIED
[2006/02/21 15:09:12, 1] utils/net_rpc.c:run_rpc_command(142)
  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2006/02/21 15:09:12, 2] utils/net.c:main(859)
  return code = 1

In NT4 srv Evenments i've got NETLOGON message : triing to log with 
BDC-SAMBA which is not valid b'cause named base referencde is BDC-SAMBA$ 
access refused.

Where is the problem ?

Can someone could help me please ?

Thanks
Vincent

More information about the samba mailing list