[Samba-it] Problema autenticazione samba + winbind

Daniele Melosi mailing2004 at melosi.it
Fri Nov 4 19:20:01 MST 2005 

Salve a tutti,

ho un pdc con un altro server (entrambi samba ver. 3.0.14a-3 pacchetti 
deb) che fa l'autenticazione con winbind, stamattina sul secondo sever 
ho provato a fare l'aggiornamento alla 3.0.20 ed dai clienti non riesco 
piu' ad accedere al server, sono ritornato alla versione 3.0.14a-3 ma 
non riesco ancora ad accedere

da un client:

daniele at danielino:~$ smbclient -L segreteria -Udaniele
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

sul server (in calce ho messo i log a livello 5 mentre qui riporto 
quello che secondo me e' il problema):

[2005/11/04 19:05:02, 4] auth/pampass.c:smb_pam_start(493)
  smb_pam_start: PAM: Init passed for user: GINEVRAhdaniele
[2005/11/04 19:05:02, 4] auth/pampass.c:smb_pam_account(551)
  smb_pam_account: PAM: Account Management for User: GINEVRAhdaniele
[2005/11/04 19:05:02, 0] auth/pampass.c:smb_pam_account(573)
  smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management 
for User: GINEVRAhdaniele
[2005/11/04 19:05:02, 2] auth/pampass.c:smb_pam_error_handler(73)
  smb_pam_error_handler: PAM: Account Check Failed : Authentication 
service cannot retrieve authentication info.
[2005/11/04 19:05:02, 0] auth/pampass.c:smb_pam_accountcheck(781)
  smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User 
GINEVRAhdaniele!

Sembra un problema di PAM;
il file /etc/nsswitch.conf è:
passwd:         compat winbind
group:          compat winbind
shadow:         compat

il file /etc/pam.d/samba è:
auth       required   pam_unix.so
account    required   pam_unix.so
session    required   pam_unix.so

Il join al dominio funziona senza problemi e getent passwd e getent 
group funzionano.

Che sarà successo ?





log completi (livello 5):
[2005/11/04 19:14:24, 5] smbd/reply.c:reply_special(283)
  init msg_type=0x81 msg_flags=0x0
[2005/11/04 19:14:24, 3] smbd/process.c:process_smb(1091)
  Transaction 1 of length 183
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(474)
  size=179
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=55297
  smb_tid=0
  smb_pid=1271
  smb_uid=0
  smb_mid=2
  smt_wct=0
  smb_bcc=144
[2005/11/04 19:14:24, 3] smbd/process.c:switch_message(886)
  switch message SMBnegprot (pid 715) conn 0x0
[2005/11/04 19:14:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:24, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/11/04 19:14:24, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:24, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [MICROSOFT NETWORKS 1.03]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [MICROSOFT NETWORKS 3.0]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LANMAN1.0]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LM1.2X002]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [DOS LANMAN2.1]
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [Samba]
[2005/11/04 19:14:24, 5] smbd/connection.c:claim_connection(170)
  claiming  0
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_nt1(333)
  using SPNEGO
[2005/11/04 19:14:24, 3] smbd/negprot.c:reply_negprot(555)
  Selected protocol NT LANMAN 1.0
[2005/11/04 19:14:24, 5] smbd/negprot.c:reply_negprot(561)
  negprot index=7
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:24, 5] lib/util.c:show_msg(474)
  size=127
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=1271
  smb_uid=0
  smb_mid=2
  smt_wct=17
  smb_vwv[ 0]=    7 (0x7)
  smb_vwv[ 1]=12803 (0x3203)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=51968 (0xCB00)
  smb_vwv[ 8]=    2 (0x2)
  smb_vwv[ 9]=64768 (0xFD00)
  smb_vwv[10]=32995 (0x80E3)
  smb_vwv[11]=  128 (0x80)
  smb_vwv[12]=48896 (0xBF00)
  smb_vwv[13]=27541 (0x6B95)
  smb_vwv[14]=50657 (0xC5E1)
  smb_vwv[15]=50177 (0xC401)
  smb_vwv[16]=15103 (0x3AFF)
  smb_bcc=58
[2005/11/04 19:14:27, 3] smbd/process.c:process_smb(1091)
  Transaction 2 of length 168
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(474)
  size=164
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=0
  smb_pid=1271
  smb_uid=0
  smb_mid=3
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=65535 (0xFFFF)
  smb_vwv[ 3]=    2 (0x2)
  smb_vwv[ 4]=    1 (0x1)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=   82 (0x52)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=49244 (0xC05C)
  smb_vwv[11]=32768 (0x8000)
  smb_bcc=105
[2005/11/04 19:14:27, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 715) conn 0x0
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc801
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
  Got secblob of size 48
[2005/11/04 19:14:27, 5] auth/auth.c:make_auth_context_subsystem(467)
  Making default auth method list for security=domain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend rhosts
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'rhosts'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend hostsequiv
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'hostsequiv'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend sam
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'sam'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend sam_ignoredomain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'sam_ignoredomain'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend unix
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'unix'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend winbind
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'winbind'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend smbserver
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'smbserver'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend trustdomain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'trustdomain'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend ntdomain
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'ntdomain'
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend guest
[2005/11/04 19:14:27, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'guest'
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match guest
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method guest has a valid init
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match sam
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method sam has a valid init
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match 
winbind:ntdomain
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match ntdomain
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method ntdomain has a valid init
[2005/11/04 19:14:27, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method winbind has a valid init
[2005/11/04 19:14:27, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module guest did not want to specify a challenge
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module sam did not want to specify a challenge
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module winbind did not want to specify a challenge
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(135)
  auth_context challenge created by random
[2005/11/04 19:14:27, 5] auth/auth.c:get_ntlm_challenge(136)
  challenge is:
[2005/11/04 19:14:27, 5] lib/util.c:dump_data(1995)
  [000] A2 1C DF 70 DD FD 46 C8                           ...p..F.
[2005/11/04 19:14:27, 3] smbd/process.c:process_smb(1091)
  Transaction 3 of length 272
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(464)
[2005/11/04 19:14:27, 5] lib/util.c:show_msg(474)
  size=268
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=0
  smb_pid=1271
  smb_uid=0
  smb_mid=4
  smt_wct=12
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=65535 (0xFFFF)
  smb_vwv[ 3]=    2 (0x2)
  smb_vwv[ 4]=    1 (0x1)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=  186 (0xBA)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=49244 (0xC05C)
  smb_vwv[11]=32768 (0x8000)
  smb_bcc=209
[2005/11/04 19:14:27, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 715) conn 0x0
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc801
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2005/11/04 19:14:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2005/11/04 19:14:27, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
  Got user=[daniele] domain=[GINEVRA] workstation=[DANIELINO] len1=24 
len2=24
[2005/11/04 19:14:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
  auth_context challenge set by NTLMSSP callback (NTLM2)
[2005/11/04 19:14:27, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
  challenge is:
[2005/11/04 19:14:27, 5] lib/util.c:dump_data(1995)
  [000] A0 F9 7F 37 A5 8C C4 B2                           ...7....
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info_map(224)
  make_user_info_map: Mapping user [GINEVRA]\[daniele] from workstation 
[DANIELINO]
[2005/11/04 19:14:27, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
  no entry for trusted domain GINEVRA found.
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for daniele (daniele)
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info(142)
  making strings for daniele's user_info struct
[2005/11/04 19:14:27, 5] auth/auth_util.c:make_user_info(184)
  making blobs for daniele's user_info struct
[2005/11/04 19:14:27, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user 
[GINEVRA]\[daniele]@[DANIELINO] with the new password interface
[2005/11/04 19:14:27, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [GINEVRA]\[daniele]@[DANIELINO]
[2005/11/04 19:14:27, 5] lib/util.c:dump_data(1995)
  [000] A0 F9 7F 37 A5 8C C4 B2                           ...7....
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/11/04 19:14:27, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: winbind authentication for user [daniele] FAILED 
with error NT_STATUS_WRONG_PASSWORD
[2005/11/04 19:14:27, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [daniele] -> [daniele] 
FAILED with error NT_STATUS_WRONG_PASSWORD
[2005/11/04 19:14:27, 5] auth/auth_util.c:free_user_info(1380)
  attempting to free (and zero) a user_info structure
[2005/11/04 19:14:27, 3] smbd/process.c:timeout_processing(1334)
  timeout_processing: End of file from client (client has disconnected).
[2005/11/04 19:14:27, 5] lib/gencache.c:gencache_shutdown(88)
  Closing cache file
[2005/11/04 19:14:27, 5] libsmb/namecache.c:namecache_shutdown(79)
  namecache_shutdown: netbios namecache closed successfully.
[2005/11/04 19:14:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/11/04 19:14:27, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/11/04 19:14:27, 5] smbd/uid.c:change_to_root_user(296)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/04 19:14:27, 2] smbd/server.c:exit_server(609)
  Closing connections
[2005/11/04 19:14:27, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2005/11/04 19:14:27, 5] smbd/oplock.c:receive_local_message(107)
  receive_local_message: doing select with timeout of 1 ms
[2005/11/04 19:14:27, 3] smbd/server.c:exit_server(652)
  Server exit (normal exit)



-- 
Daniele Melosi

More information about the samba-it mailing list