[Samba] Client Windows accessing Samba Share (krb5/ad2008/winbind)
Thiago Ferreira
thiagoferreira05 at gmail.com
Mon Jul 5 13:01:38 MDT 2010
I have a Samba server, its joinning on AD2008, the commands bellow has
sucess when I test:
# net ads testjoin
Join is OK
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -u
# wbinfo -g
# net ads user
# net ads group
# net ads user info administrator
# wbinfo -u
# wbinfo -g
However, I need to open your share on the Windows Client(WinXP), but it
doesn't work, stay asking login/passwd.
Follows the logs:
==> log.__ffff_10.215.0.232 <==
[2010/07/05 15:21:55, 3] smbd/oplock.c:init_oplocks(875)
init_oplocks: initializing messages.
[2010/07/05 15:21:55, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(241)
Linux kernel oplocks enabled
[2010/07/05 15:21:55, 3] smbd/process.c:process_smb(1570)
Transaction 0 of length 137 (0 toread)
[2010/07/05 15:21:55, 3] smbd/process.c:switch_message(1374)
switch message SMBnegprot (pid 6326) conn 0x0
[2010/07/05 15:21:55, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [LANMAN1.0]
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [Windows for Workgroups 3.1a]
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [LM1.2X002]
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [LANMAN2.1]
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [NT LM 0.12]
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_nt1(392)
using SPNEGO
[2010/07/05 15:21:55, 3] smbd/negprot.c:reply_negprot(673)
Selected protocol NT LM 0.12
[2010/07/05 15:21:55, 3] smbd/process.c:process_smb(1570)
Transaction 1 of length 240 (0 toread)
[2010/07/05 15:21:55, 3] smbd/process.c:switch_message(1374)
switch message SMBsesssetupX (pid 6326) conn 0x0
[2010/07/05 15:21:55, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/07/05 15:21:55, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
wct=12 flg2=0xc807
[2010/07/05 15:21:55, 2] smbd/sesssetup.c:setup_new_vc_session(1363)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2010/07/05 15:21:55, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
Doing spnego session setup
[2010/07/05 15:21:55, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2010/07/05 15:21:55, 3] smbd/sesssetup.c:reply_spnego_negotiate(800)
reply_spnego_negotiate: Got secblob of size 40
[2010/07/05 15:21:55, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088207
[2010/07/05 15:21:55, 3] smbd/process.c:process_smb(1570)
Transaction 2 of length 358 (0 toread)
[2010/07/05 15:21:55, 3] smbd/process.c:switch_message(1374)
switch message SMBsesssetupX (pid 6326) conn 0x0
[2010/07/05 15:21:55, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/07/05 15:21:55, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
wct=12 flg2=0xc807
[2010/07/05 15:21:55, 2] smbd/sesssetup.c:setup_new_vc_session(1363)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2010/07/05 15:21:55, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
Doing spnego session setup
[2010/07/05 15:21:55, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2010/07/05 15:21:55, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745)
Got user=[thiago.ferreira] domain=[GRANSAPORE] workstation=[TI-09] len1=24
len2=24
==> log.ti-09 <==
[2010/07/05 15:21:55, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[GRANSAPORE]\[thiago.ferreira]@[TI-09] with the new password interface
[2010/07/05 15:21:55, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is:
[GRANSAPORE]\[thiago.ferreira]@[TI-09]
[2010/07/05 15:21:55, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/07/05 15:21:55, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/07/05 15:21:55, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/07/05 15:21:55, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/07/05 15:21:55, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [thiago.ferreira] ->
[thiago.ferreira] FAILED with error NT_STATUS_NO_SUCH_USER
[2010/07/05 15:21:55, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2010/07/05 15:21:55, 3] smbd/process.c:smbd_process(2068)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2010/07/05 15:21:55, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/07/05 15:21:55, 3] smbd/connection.c:yield_connection(31)
Yielding connection to
[2010/07/05 15:21:55, 3] smbd/server.c:exit_server_common(949)
Server exit (normal exit)
==> log.wb-GRANSAPORE <==
[2010/07/05 15:21:55, 3]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1825)
[ 6311]: pam auth crap domain: GRANSAPORE user: thiago.ferreira
==> log.winbindd <==
[2010/07/05 15:21:55, 3]
winbindd/winbindd_misc.c:winbindd_interface_version(757)
[ 6326]: request interface version
[2010/07/05 15:21:55, 3]
winbindd/winbindd_misc.c:winbindd_priv_pipe_dir(790)
[ 6326]: request location of privileged pipe
[2010/07/05 15:21:55, 3] winbindd/winbindd_misc.c:winbindd_domain_info(657)
[ 6326]: domain_info [GRANSAPORE]
[2010/07/05 15:21:55, 3]
winbindd/winbindd_pam.c:winbindd_pam_auth_crap(1754)
[ 6326]: pam auth crap domain: [GRANSAPORE] user: thiago.ferreira
[2010/07/05 15:21:55, 3]
winbindd/winbindd_misc.c:winbindd_interface_version(757)
[ 6326]: request interface version
[2010/07/05 15:21:55, 3]
winbindd/winbindd_misc.c:winbindd_priv_pipe_dir(790)
[ 6326]: request location of privileged pipe
[2010/07/05 15:21:55, 3] winbindd/winbindd_user.c:winbindd_getpwnam(373)
[ 6326]: getpwnam gransapore\thiago.ferreira
[2010/07/05 15:21:55, 3] winbindd/winbindd_user.c:winbindd_getpwnam(373)
[ 6326]: getpwnam GRANSAPORE\thiago.ferreira
[2010/07/05 15:21:55, 3] winbindd/winbindd_user.c:winbindd_getpwnam(373)
[ 6326]: getpwnam GRANSAPORE\THIAGO.FERREIRA
[2010/07/05 15:21:55, 3] winbindd/winbindd_user.c:winbindd_getpwnam(373)
[ 6326]: getpwnam thiago.ferreira
[2010/07/05 15:21:55, 3] winbindd/winbindd_user.c:winbindd_getpwnam(373)
[ 6326]: getpwnam THIAGO.FERREIRA
[2010/07/05 15:21:55, 3] winbindd/winbindd_misc.c:winbindd_ping(736)
[ 6326]: ping
*I also tried with this command: *
CPSmonitor:/etc/pam.d# smbclient \\\\192.168.0.12\\share01 -U
administrator at password -k -d10
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = GRANSAPORE
doing parameter netbios name = cpsmonitor
handle_netbios_name: set global_myname to: CPSMONITOR
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 5
doing parameter log level = 3
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter security = ADS
doing parameter realm = GRANSAPORE.CORP.DC
doing parameter password server = gscpsvmad01.gransapore.corp.dc,
gsgcvmad01.gransapore.corp.dc, gsgcvmad02.gransapore.corp.dc
doing parameter idmap uid = 10000-20000
doing parameter idmap gid = 10000-20000
doing parameter template shell = /bin/bash
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind trusted domains only = Yes
doing parameter client use spnego = yes
doing parameter printing = cups
doing parameter printcap name = cups
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_MEMBER
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
added interface eth0 ip=fe80::218:8bff:fee6:c266%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.0.12 bcast=192.168.0.255
netmask=255.255.255.0
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Netbios name list:-
my_netbios_names[0]="CPSMONITOR"
Client started (version 3.2.5).
Connecting to 192.168.0.12 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option TCP_KEEPCNT = 9
socket option TCP_KEEPIDLE = 7200
socket option TCP_KEEPINTVL = 75
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 50844
socket option SO_RCVBUF = 87712
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
session request ok
write_socket(4,194)
write_socket(4,194) wrote 194
got smb length of 198
size=198
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=6357
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=54784 (0xD600)
smb_vwv[ 8]= 24 (0x18)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]= 128 (0x80)
smb_vwv[12]=52296 (0xCC48)
smb_vwv[13]=28562 (0x6F92)
smb_vwv[14]=51996 (0xCB1C)
smb_vwv[15]=46081 (0xB401)
smb_vwv[16]= 0 (0x0)
smb_bcc=129
[000] 63 70 73 6D 6F 6E 69 74 6F 72 00 00 00 00 00 00 cpsmonit or......
[010] 60 6F 06 06 2B 06 01 05 05 02 A0 65 30 63 A0 24 `o..+... ...e0c.$
[020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......*
[030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+.....
[040] 37 02 02 0A A3 3B 30 39 A0 37 1B 35 63 69 66 73 7....;09 .7.5cifs
[050] 2F 63 70 73 6D 6F 6E 69 74 6F 72 2E 67 72 61 6E /cpsmoni tor.gran
[060] 73 61 70 6F 72 65 2E 63 6F 72 70 2E 64 63 40 47 sapore.c orp.dc at G
[070] 52 41 4E 53 41 50 4F 52 45 2E 43 4F 52 50 2E 44 RANSAPOR E.CORP.D
[080] 43 C
size=198
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=6357
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=54784 (0xD600)
smb_vwv[ 8]= 24 (0x18)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]= 128 (0x80)
smb_vwv[12]=52296 (0xCC48)
smb_vwv[13]=28562 (0x6F92)
smb_vwv[14]=51996 (0xCB1C)
smb_vwv[15]=46081 (0xB401)
smb_vwv[16]= 0 (0x0)
smb_bcc=129
[000] 63 70 73 6D 6F 6E 69 74 6F 72 00 00 00 00 00 00 cpsmonit or......
[010] 60 6F 06 06 2B 06 01 05 05 02 A0 65 30 63 A0 24 `o..+... ...e0c.$
[020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......*
[030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+.....
[040] 37 02 02 0A A3 3B 30 39 A0 37 1B 35 63 69 66 73 7....;09 .7.5cifs
[050] 2F 63 70 73 6D 6F 6E 69 74 6F 72 2E 67 72 61 6E /cpsmoni tor.gran
[060] 73 61 70 6F 72 65 2E 63 6F 72 70 2E 64 63 40 47 sapore.c orp.dc at G
[070] 52 41 4E 53 41 50 4F 52 45 2E 43 4F 52 50 2E 44 RANSAPOR E.CORP.D
[080] 43 C
*Doing spnego session setup (blob length=129)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=cifs/cpsmonitor.gransapore.corp.dc at GRANSAPORE.CORP.DC
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
Tue, 06 Jul 2010 01:20:34 BRT
ads_krb5_mk_req: Ticket
(cifs/cpsmonitor.gransapore.corp.dc at GRANSAPORE.CORP.DC) in ccache
(FILE:/tmp/krb5cc_0) is valid until: (Tue, 06 Jul 2010 01:20:34 BRT -
1278390034)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable
TGT
Got KRB5 session key of length 16
cli_session_setup_blob: Remaining (0) sending (3226) current (3226)*
write_socket(4,3312)
write_socket(4,3312) wrote 3312
got smb length of 35
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=6357
smb_uid=0
smb_mid=2
smt_wct=0
smb_bcc=0
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=6357
smb_uid=0
smb_mid=2
smt_wct=0
smb_bcc=0
*cli_session_setup_blob: receive failed (NT_STATUS_LOGON_FAILURE)
SPNEGO login failed: Logon failure
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory
session setup failed: NT_STATUS_LOGON_FAILURE*
*Someone has got any idea?*
More information about the samba
mailing list