[Samba-it] Problema autenticazione samba + winbind
Daniele Melosi
mailing2004 at melosi.it
Fri Nov 4 19:20:01 MST 2005
Salve a tutti,
ho un pdc con un altro server (entrambi samba ver. 3.0.14a-3 pacchetti
deb) che fa l'autenticazione con winbind, stamattina sul secondo sever
ho provato a fare l'aggiornamento alla 3.0.20 ed dai clienti non riesco
piu' ad accedere al server, sono ritornato alla versione 3.0.14a-3 ma
non riesco ancora ad accedere
da un client:
daniele at danielino:~$ smbclient -L segreteria -Udaniele
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
sul server (in calce ho messo i log a livello 5 mentre qui riporto
quello che secondo me e' il problema):
[2005/11/04 19:05:02, 4] auth/pampass.c:smb_pam_start(493)
smb_pam_start: PAM: Init passed for user: GINEVRAhdaniele
[2005/11/04 19:05:02, 4] auth/pampass.c:smb_pam_account(551)
smb_pam_account: PAM: Account Management for User: GINEVRAhdaniele
[2005/11/04 19:05:02, 0] auth/pampass.c:smb_pam_account(573)
smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: GINEVRAhdaniele
[2005/11/04 19:05:02, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Account Check Failed : Authentication
service cannot retrieve authentication info.
[2005/11/04 19:05:02, 0] auth/pampass.c:smb_pam_accountcheck(781)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
GINEVRAhdaniele!
Sembra un problema di PAM;
il file /etc/nsswitch.conf è:
passwd: compat winbind
group: compat winbind
shadow: compat
il file /etc/pam.d/samba è:
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
Il join al dominio funziona senza problemi e getent passwd e getent
group funzionano.
Che sarà successo ?
log completi (livello 5):
[2005/11/04 19:14:24, 5] smbd/reply.c:reply_special(283)
init msg_type=0x81 msg_flags=0x0
[2005/11/04 19:14:24, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 183
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(474)
size=179
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=55297
smb_tid=0
smb_pid=1271
smb_uid=0
smb_mid=2
smt_wct=0
smb_bcc=144
[2005/11/04 19:14:24, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 715) conn 0x0
[2005/11/04 19:14:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:24, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/11/04 19:14:24, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:24, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [MICROSOFT NETWORKS 1.03]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [DOS LANMAN2.1]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Samba]
[2005/11/04 19:14:24, 5] smbd/connection.c:claim_connection(170)
claiming 0
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(555)
Selected protocol NT LANMAN 1.0
[2005/11/04 19:14:24, 5] smbd/negprot.c:reply_negprot(561)
negprot index=7
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(474)
size=127
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=1271
smb_uid=0
smb_mid=2
smt_wct=17
smb_vwv[ 0]= 7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=51968 (0xCB00)
smb_vwv[ 8]= 2 (0x2)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]= 128 (0x80)
smb_vwv[12]=48896 (0xBF00)
smb_vwv[13]=27541 (0x6B95)
smb_vwv[14]=50657 (0xC5E1)
smb_vwv[15]=50177 (0xC401)
smb_vwv[16]=15103 (0x3AFF)
smb_bcc=58
[2005/11/04 19:14:27, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 168
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(474)
size=164
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=0
smb_pid=1271
smb_uid=0
smb_mid=3
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=65535 (0xFFFF)
smb_vwv[ 3]= 2 (0x2)
smb_vwv[ 4]= 1 (0x1)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 82 (0x52)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]=49244 (0xC05C)
smb_vwv[11]=32768 (0x8000)
smb_bcc=105
[2005/11/04 19:14:27, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 715) conn 0x0
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc801
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
Got OID 1 3 6 1 4 1 311 2 2 10
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
Got secblob of size 48
[2005/11/04 19:14:27, 5] auth/auth.c:make_auth_context_subsystem(467)
Making default auth method list for security=domain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend rhosts
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'rhosts'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend hostsequiv
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'hostsequiv'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend sam
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'sam'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend sam_ignoredomain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'sam_ignoredomain'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend unix
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'unix'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend winbind
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'winbind'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend smbserver
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'smbserver'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend trustdomain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'trustdomain'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend ntdomain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'ntdomain'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend guest
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'guest'
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match guest
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method guest has a valid init
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match sam
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method sam has a valid init
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match
winbind:ntdomain
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match ntdomain
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method ntdomain has a valid init
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method winbind has a valid init
[2005/11/04 19:14:27, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module guest did not want to specify a challenge
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module sam did not want to specify a challenge
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module winbind did not want to specify a challenge
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(135)
auth_context challenge created by random
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(136)
challenge is:
[2005/11/04 19:14:27, 5] lib/util.c:dump_data(1995)
[000] A2 1C DF 70 DD FD 46 C8 ...p..F.
[2005/11/04 19:14:27, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 272
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(474)
size=268
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=51201
smb_tid=0
smb_pid=1271
smb_uid=0
smb_mid=4
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=65535 (0xFFFF)
smb_vwv[ 3]= 2 (0x2)
smb_vwv[ 4]= 1 (0x1)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 186 (0xBA)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]=49244 (0xC05C)
smb_vwv[11]=32768 (0x8000)
smb_bcc=209
[2005/11/04 19:14:27, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 715) conn 0x0
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=12 flg2=0xc801
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
Doing spnego session setup
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2005/11/04 19:14:27, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
Got user=[daniele] domain=[GINEVRA] workstation=[DANIELINO] len1=24
len2=24
[2005/11/04 19:14:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
auth_context challenge set by NTLMSSP callback (NTLM2)
[2005/11/04 19:14:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
challenge is:
[2005/11/04 19:14:27, 5] lib/util.c:dump_data(1995)
[000] A0 F9 7F 37 A5 8C C4 B2 ...7....
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info_map(224)
make_user_info_map: Mapping user [GINEVRA]\[daniele] from workstation
[DANIELINO]
[2005/11/04 19:14:27, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain GINEVRA found.
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for daniele (daniele)
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info(142)
making strings for daniele's user_info struct
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info(184)
making blobs for daniele's user_info struct
[2005/11/04 19:14:27, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[GINEVRA]\[daniele]@[DANIELINO] with the new password interface
[2005/11/04 19:14:27, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [GINEVRA]\[daniele]@[DANIELINO]
[2005/11/04 19:14:27, 5] lib/util.c:dump_data(1995)
[000] A0 F9 7F 37 A5 8C C4 B2 ...7....
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/04 19:14:27, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: winbind authentication for user [daniele] FAILED
with error NT_STATUS_WRONG_PASSWORD
[2005/11/04 19:14:27, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [daniele] -> [daniele]
FAILED with error NT_STATUS_WRONG_PASSWORD
[2005/11/04 19:14:27, 5] auth/auth_util.c:free_user_info(1380)
attempting to free (and zero) a user_info structure
[2005/11/04 19:14:27, 3] smbd/process.c:timeout_processing(1334)
timeout_processing: End of file from client (client has disconnected).
[2005/11/04 19:14:27, 5] lib/gencache.c:gencache_shutdown(88)
Closing cache file
[2005/11/04 19:14:27, 5] libsmb/namecache.c:namecache_shutdown(79)
namecache_shutdown: netbios namecache closed successfully.
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:27, 2] smbd/server.c:exit_server(609)
Closing connections
[2005/11/04 19:14:27, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/11/04 19:14:27, 5] smbd/oplock.c:receive_local_message(107)
receive_local_message: doing select with timeout of 1 ms
[2005/11/04 19:14:27, 3] smbd/server.c:exit_server(652)
Server exit (normal exit)
--
Daniele Melosi
More information about the samba-it
mailing list