[Samba] Server 2008 and Samba 3.0.25b
Alainna C. White
alainna at pha.jhu.edu
Thu Mar 19 15:31:49 GMT 2009
Hi folks -
Not fifteen minutes after I sent this message, I've solved the problem.
I've been fighting with this for a while now (over a year; I've been
delaying Vista deployments because of this). I never would've guessed
that taking the RPC out of the net join command would fix it.
But it did.
This is the fix (at least for me):
join the domain with, "net join -U administrator <domain>", not, "net
join RPC -U administrator <domain>".
Thanks and sorry for the spam!
Alainna
Alainna C. White wrote:
> Hi Folks -
>
> I'm experiencing a very strange problem with Server 2008 machines (for
> all intents and purposes related to Samba, it's Vista) connecting to a
> Samba Server. The Samba machine is a RHEL4.6 machine running Samba
> 3.0.25b. I am joined to the mixed mode AD domain via the command "net
> rpc join -U administrator <domain>". I am not using winbind or
> kerberos. Or at least, I am not trying to. The smb.conf file is at
> the bottom of this email. I've removed things like disallowed users
> from the file to keep it brief.
>
> I have another samba machine with the very same OS and release, and it
> works fine.
> When I try to connect to the Samba machine from the 2k8 machine using
> the UNC path, I get a "network path not found" message. Oddly, if I
> use '\\ipaddress' it works just fine.
>
> I used Wireshark to look at the packets, and there is one glaring
> difference between the working samba install and the non-working samba
> install: in the Session Setup andX Request packet (under the
> "security blob") that the client sends to the samba server, the
> working one lists one mechtype: NTLMSSP. The non-working one lists
> three mechtypes: MS KRB5, KRB5, NTLMSSP, in that order. The
> non-working one has a krb5 ticket further down in the packet.
>
> Samba logs show an error:
> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
> [2009/03/18 10:39:36, 1] libsmb/ntlmssp.c:ntlmssp_update(327)
>
> I don't think it should be able to parse the NTLMSSP packet, since it
> isn't an NTLMSSP packet. It's a KRB5 ticket. At least, to the best
> that I can understand
>
>
> I have tried copying the working SMB.CONF file to the non-working
> host, and that didn't help at all.
>
> To me it seems like the client is requesting KRB5 authentication. I'm
> not good enough with network packets to see if the server requested
> that type of session, but as far as I can tell it did not.
> Any help would be greatly appreciated.
> Thanks,
>
> Alainna
>
>
> --------SMB.CONF-----------
> [global]
> hosts allow = xxx.xxx.xxx.
> workgroup = dss
> security = domain
> password server = *
> encrypt passwords = yes
> wins support = no
> debug level = 1
> guest ok = no
> inherit permissions = yes
> username map = /etc/samba/smbusers
> -------------------------------------
>
>
>
--
Alainna C. White
Johns Hopkins University
Physics & Astronomy, 3701 San Martin Drive, Baltimore MD 21218
Voice: 410 516 4536 | Email: alainna at pha.jhu.edu
http://skysrv.pha.jhu.edu/~alainna
More information about the samba
mailing list