[Samba] need help running samba 3.0.11 with security=domain
Whitaker, Adrian N
adrian.whitaker at uk.bp.com
Thu Mar 23 17:40:30 GMT 2006
> I am having problems getting security=domain to work properly with
> Samba 3.0.11 (this seems to be the recommended configuration for the
> application which I use - ClearCase)
>
> We are running on a Solaris 10 server.
>
> We created a machine account for the server and then ran the command
> to join the domain :
> net rpc join -S domain_controller -U user%pass
> Joined domain BP1.
>
> The fact that we got the "joined domain" message looked encouraging.
>
> I thought that this would update /usr/local/samba/private/secrets.tdb
> - but the timestamp of this file didn't change. Is this normal ? Maybe
> it is because we can now access the samba share from a client PC.
> However - it takes too long (around 15 seconds). Occasionally it fails
> altogether. If we set "password server" to "*" rather than hard coding
> a domain controller then it fails every time with access denied
> errors.
>
> If we switch to security=server it works OK.
>
> The smb.conf file contains the following
>
> [global]
> workgroup = BP1
> security = DOMAIN
> password server = bp1xeudc042.bp1.ad.bp.com
> username map = /usr/local/samba/lib/username.map
> lm announce = No
> preferred master = No
> local master = No
> domain master = No
> kernel oplocks = No
> ldap ssl = no
> invalid users = root, bin, daemon, adm, sync, shutdown, halt,
> mail, news, uucp
> create mask = 0775
> directory mask = 0775
> case sensitive = No
> oplocks = No
> include = /usr/local/samba/lib/smb.conf.%m
> dos filemode = Yes
>
> [export]
> comment = ClearCase VOBs
> path = /export
> read only = No
> level2 oplocks = No
>
>
> The log file contains the following :
> added interface ip=149.184.200.182 bcast=149.184.200.255
> nmask=255.255.255.0
> [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79)
> added interface ip=149.184.200.181 bcast=149.184.200.255
> nmask=255.255.255.0
> [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79)
> added interface ip=149.184.200.27 bcast=149.184.200.255
> nmask=255.255.255.0
> [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79)
> added interface ip=172.28.17.231 bcast=172.28.17.255
> nmask=255.255.255.0
> [2006/03/23 16:41:57, 3]
> libsmb/trusts_util.c:enumerate_domain_trusts(149)
> enumerate_domain_trusts: can't locate a DC for domain BP1
> [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(219)
> check_ntlm_password: Checking password for unmapped user
> [BP1]\[WHITAKAN]@[BP
> 1LSTL211684] with the new password interface
> [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(222)
> check_ntlm_password: mapped user is:
> [BP1]\[WHITAKAN]@[BP1LSTL211684]
> [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2006/03/23 16:41:57, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/03/23 16:42:01, 2] auth/auth.c:check_ntlm_password(312)
> check_ntlm_password: Authentication for user [WHITAKAN] ->
> [WHITAKAN] FAILED
> with error NT_STATUS_NO_LOGON_SERVERS
> [2006/03/23 16:42:01, 3] smbd/process.c:timeout_processing(1334)
> timeout_processing: End of file from client (client has
> disconnected).
> ...
> ...
> [2006/03/23 16:42:01, 2] lib/interface.c:add_interface(79)
> added interface ip=172.28.17.231 bcast=172.28.17.255
> nmask=255.255.255.0
> [2006/03/23 16:42:05, 3]
> libsmb/trusts_util.c:enumerate_domain_trusts(149)
> enumerate_domain_trusts: can't locate a DC for domain BP1
> [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(219)
> check_ntlm_password: Checking password for unmapped user
> [BP1]\[WHITAKAN]@[BP
> 1LSTL211684] with the new password interface
> [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(222)
> check_ntlm_password: mapped user is:
> [BP1]\[WHITAKAN]@[BP1LSTL211684]
> [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2006/03/23 16:42:05, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/03/23 16:42:05, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
> rpc_dc_name: Returning DC BP1XEUDC042 (149.184.209.253) for domain
> BP1
> [2006/03/23 16:42:05, 3]
> libsmb/cliconnect.c:cli_start_connection(1389)
> Connecting to host=BP1XEUDC042
> [2006/03/23 16:42:05, 3] lib/util_sock.c:open_socket_out(752)
> Connecting to 149.184.209.253 at port 445
> [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2006/03/23 16:42:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> ...
> ...
> [2006/03/23 16:42:06, 3] auth/auth.c:check_ntlm_password(268)
> check_ntlm_password: winbind authentication for user [WHITAKAN]
> succeeded
> [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2006/03/23 16:42:06, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/03/23 16:42:06, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [WHITAKAN] ->
> [WHITAKAN] -> [whi
> takan] succeeded
>
>
> Any help would be appreciated
>
> Thanks
>
More information about the samba
mailing list