[Samba] samba winbind problem with trusted domains
****@ppu
appaji04cn002 at gmail.com
Thu Jun 24 06:15:14 MDT 2010
Hi TMS,
thanks for your reply .Those are trusted domains and wbinfo-m is showing all
the trusted domains.
Anyways I have resolved the problem with Likewise open backend
authentication tool. :) . But now I am facing another problem . i am not
able to access samba shares using netbios name even with full machine FQDN
wherears it is accessible with IP address. can you please help me ....
On Wed, Jun 23, 2010 at 6:16 PM, <tms3 at tms3.com> wrote:
>
>
>
> On Wednesday 23/06/2010 at 12:12 am, ****@ppu wrote:
>
> hi all
>
> i am new to samba and struggling with trusted domains authentication from
> many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain (
> testraju.ad) .
>
> i have joined samba server as a member to win2k8 domain (testraju.ad)
> using
> net ads join commands /
>
> i m able to access samba shares using testraju.ad user ID's successfully ,
> while authenticating with corp.raju.ad users i m unable to.....log is
> showing as NT_STATUS NO_SUCH USER
>
> In such situations, the forrest testaju.ad must have a trust with
> corp.raju.ad, which would be controlled by the Windoze DC's. Samba NT
> style domain trusts are not applicable to member servers. Member servers
> are little more than domain joined machines.
>
> Cheers,
>
> TMS III
>
>
>
> follwing is my smb.conf file
>
>
> [global]
> log file = /var/log/samba/%m
> load printers = yes
> idmap gid = 600-2000000
> interfaces = 127.0.0.1 eth0
> encrypt passwords = yes
> realm = testraju.ad
> winbind use default domain = true
> template shell = /bin/bash
> netbios name = slclinuxfs001
> winbind enum users = no
> idmap uid = 600-2000000
> password server = hsttestadc001.testraju.ad
> winbind nested groups = YeS
> workgroup = test
> winbind enum groups = no
> security = ADS
> max log size = 50000
> bind interfaces only = true
> log level = 3
>
>
> #winbind separator = \
>
>
> [raju]
> comment = test share
> path = /tmp/raju
> browsable = yes
> available = yes
> writable = yes
> readonly = no
> valid users = "@RAJU\domain users" "@TEST\domain users"
>
>
>
> wbinfo -m is listing all trusted domains .
>
> i m able to authenticate trusted domain user with wbinfo
> --authenticate=raju\\pa72635%password (2 back slashes)
>
>
> i have enabled logging on and following is the client log when i access
> with trusted domain user ID .
>
>
> [2010/06/23 12:47:38.010714, 3] auth/auth.c:216(check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user
> []\[]@[HICMBSA001] with the new password interface
> [2010/06/23 12:47:38.010761, 3] auth/auth.c:219(check_ntlm_password)
> check_ntlm_password: mapped user is: [SLCLINUXFS001]\[]@[HICMBSA001]
> [2010/06/23 12:47:38.011642, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.011670, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.011709, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.011812, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.011921, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.011946, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.011969, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.012000, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.012286, 3] auth/auth.c:265(check_ntlm_password)
> check_ntlm_password: guest authentication for user [] succeeded
> [2010/06/23 12:47:38.082054, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.082095, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.082119, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.082356, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.082422, 3] lib/privileges.c:63(get_privileges)
> get_privileges: No privileges assigned to SID
> [S-1-5-21-2180847254-3007464121-335579984-501]
> [2010/06/23 12:47:38.082464, 3] lib/privileges.c:63(get_privileges)
> get_privileges: No privileges assigned to SID [S-1-5-2]
> [2010/06/23 12:47:38.082503, 3] lib/privileges.c:63(get_privileges)
> get_privileges: No privileges assigned to SID [S-1-5-32-546]
> [2010/06/23 12:47:38.082587, 3]
> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
> NTLMSSP Sign/Seal - Initialising with flags:
> [2010/06/23 12:47:38.082624, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
> Got NTLMSSP neg_flags=0xa2088205
> [2010/06/23 12:47:38.082676, 3] smbd/password.c:282(register_existing_vuid)
> register_existing_vuid: User name: nobody Real name: Nobody
> [2010/06/23 12:47:38.082731, 3] smbd/password.c:292(register_existing_vuid)
> register_existing_vuid: UNIX uid 99 is UNIX user nobody, and will be
> vuid
> 100
> [2010/06/23 12:47:38.097021, 3] smbd/process.c:1485(process_smb)
> Transaction 3 of length 94 (0 toread)
> [2010/06/23 12:47:38.097084, 3] smbd/process.c:1294(switch_message)
> switch message SMBtconX (pid 13230) conn 0x0
> [2010/06/23 12:47:38.097120, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.097407, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.097438, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.097460, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.097502, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.097552, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.097577, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.097599, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.097631, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.097691, 3] smbd/service.c:807(make_connection_snum)
> Connect path is '/tmp' for service [IPC$]
> [2010/06/23 12:47:38.097843, 3] smbd/vfs.c:97(vfs_init_default)
> Initialising default vfs hooks
> [2010/06/23 12:47:38.097960, 3] smbd/vfs.c:122(vfs_init_custom)
> Initialising custom vfs hooks from [/[Default VFS]/]
> [2010/06/23 12:47:38.098162, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.098186, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.098208, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.098240, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.098277, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.098395, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.098418, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.098449, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.098494, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.098535, 3] smbd/service.c:1069(make_connection_snum)
> hicmbsa001 (172.16.203.119) connect to service IPC$ initially as user
> nobody (uid=99, gid=99) (pid 13230)
> [2010/06/23 12:47:38.098564, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.098595, 3] smbd/reply.c:846(reply_tcon_and_X)
> tconX service=IPC$
> [2010/06/23 12:47:38.117760, 3] smbd/process.c:1485(process_smb)
> Transaction 4 of length 116 (0 toread)
> [2010/06/23 12:47:38.117820, 3] smbd/process.c:1294(switch_message)
> switch message SMBtrans2 (pid 13230) conn 0x9a3ea28
> [2010/06/23 12:47:38.117855, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.118074, 3] smbd/msdfs.c:848(get_referred_path)
> get_referred_path: |RAJU| in dfs path \172.27.97.53\raju is not a dfs
> root.
> [2010/06/23 12:47:38.118118, 3] smbd/error.c:80(error_packet_set)
> error packet at smbd/trans2.c(8002) cmd=50 (SMBtrans2)
> NT_STATUS_NOT_FOUND
> [2010/06/23 12:47:38.147166, 3] smbd/process.c:1485(process_smb)
> Transaction 5 of length 270 (0 toread)
> [2010/06/23 12:47:38.147235, 3] smbd/process.c:1294(switch_message)
> switch message SMBsesssetupX (pid 13230) conn 0x0
> [2010/06/23 12:47:38.147264, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.147297, 3]
> smbd/sesssetup.c:1435(reply_sesssetup_and_X)
> wct=12 flg2=0xc807
> [2010/06/23 12:47:38.147321, 3]
> smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
> Doing spnego session setup
> [2010/06/23 12:47:38.147376, 3]
> smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
> NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[]
> PrimaryDomain=[Windows Server 2003 5.2]
> [2010/06/23 12:47:38.147451, 3]
> smbd/sesssetup.c:805(reply_spnego_negotiate)
> reply_spnego_negotiate: Got secblob of size 40
> [2010/06/23 12:47:38.147493, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
> Got NTLMSSP neg_flags=0xa2088207
> [2010/06/23 12:47:38.293953, 3]
> ../lib/util/util_net.c:68(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> slclinuxfs001
> [Name or service not known]
> [2010/06/23 12:47:38.298064, 3] lib/util_sock.c:1796(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name slclinuxfs001 [Unknown
> error]
> [2010/06/23 12:47:38.309704, 3]
> ../lib/util/util_net.c:68(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> slclinuxfs001
> [Name or service not known]
> [2010/06/23 12:47:38.309860, 3] lib/util_sock.c:1796(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name slclinuxfs001 [Unknown
> error]
> [2010/06/23 12:47:38.337483, 3] smbd/process.c:1485(process_smb)
> Transaction 6 of length 378 (0 toread)
> [2010/06/23 12:47:38.337555, 3] smbd/process.c:1294(switch_message)
> switch message SMBsesssetupX (pid 13230) conn 0x0
> [2010/06/23 12:47:38.337583, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.337623, 3]
> smbd/sesssetup.c:1435(reply_sesssetup_and_X)
> wct=12 flg2=0xc807
> [2010/06/23 12:47:38.337780, 3]
> smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
> Doing spnego session setup
> [2010/06/23 12:47:38.337812, 3]
> smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
> NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[]
> PrimaryDomain=[Windows Server 2003 5.2]
> [2010/06/23 12:47:38.337856, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
> Got user=[BK72598_S] domain=[raju] workstation=[HICMBSA001] len1=24
> len2=24
> [2010/06/23 12:47:38.338582, 3] auth/auth.c:216(check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user
> [RAJU]\[BK72598_S]@[HICMBSA001] with the new password interface
> [2010/06/23 12:47:38.338624, 3] auth/auth.c:219(check_ntlm_password)
> check_ntlm_password: mapped user is: [RAJU]\[BK72598_S]@[HICMBSA001]
> [2010/06/23 12:47:38.338659, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.338684, 3] smbd/uid.c:429(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.338708, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2010/06/23 12:47:38.383705, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:38.485606, 2] auth/auth.c:314(check_ntlm_password)
> check_ntlm_password: Authentication for user [BK72598_S] -> [BK72598_S]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2010/06/23 12:47:38.485672, 3] smbd/error.c:80(error_packet_set)
> error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2010/06/23 12:47:48.362075, 3] smbd/process.c:1485(process_smb)
> Transaction 7 of length 43 (0 toread)
> [2010/06/23 12:47:48.362301, 3] smbd/process.c:1294(switch_message)
> switch message SMBulogoffX (pid 13230) conn 0x0
> [2010/06/23 12:47:48.362360, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:48.362605, 3] smbd/reply.c:2055(reply_ulogoffX)
> ulogoffX vuid=100
> [2010/06/23 12:47:48.372969, 3] smbd/process.c:1485(process_smb)
> Transaction 8 of length 39 (0 toread)
> [2010/06/23 12:47:48.372999, 3] smbd/process.c:1294(switch_message)
> switch message SMBtdis (pid 13230) conn 0x9a3ea28
> [2010/06/23 12:47:48.373023, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:48.373073, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:48.373104, 3] smbd/service.c:1250(close_cnum)
> hicmbsa001 (172.16.203.119) closed connection to service IPC$
> [2010/06/23 12:47:48.373204, 3] smbd/connection.c:31(yield_connection)
> Yielding connection to IPC$
> [2010/06/23 12:47:48.373415, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:48.392269, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/06/23 12:47:48.392370, 3] smbd/connection.c:31(yield_connection)
> Yielding connection to
> [2010/06/23 12:47:48.392613, 3] smbd/server.c:902(exit_server_common)
> Server exit (failed to receive smb request)
>
>
>
>
> please help me :(
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
More information about the samba
mailing list