[Samba-it] Urgente!!! Errore autenticazione 3.0.20
Rosario R.
nostradamus at libero.it
Thu Oct 13 16:18:01 MDT 2005
Ciao a tutti,
ho appena (accidenti a me!) aggiornato un smb dalla v. 3.0.8 alla v.
3.0.20 su un freebsd. E' un proxy con squid, ed autentica gli utenti che
navigano attraverso un server windows 2003.
Ho compilato i sorgenti con:
env CPPFLAGS="-I/usr/local/openldap/include/"
LDFLAGS="-L/usr/local/openldap/libraries" ./configure --with-winbind
--bindir=/usr/bin --sbindir=/usr/local/sbin --prefix=/usr/local
--sysconfdir=/etc/samba --libexecdir=/usr/local/libexec/samba
--with-ldap --with-pam --with-ldapsam --with-acl-support --with-quotas
--with-sys-quotas --with-automount --with-lockdir=/var/log/samba
--with-logfilebase=/var/log/samba
Nessun errore di compilazione (smbd -V restituisce correttamente
3.0.20). Ho disattivato i vecchi servizi e, al riavvio, ho provato a
fare un
# net rpc join -U Administrator -S Server2003
ma mi restituisce l'errore:
Error domain join verification (reused connection):
NT_STATUS_UNSUCCESSFUL
Unable to join domain XXXXX.
Fino alla vecchia versione andava tutto ok. Facendo un "-d 3" al comando
net join, mi da':
[2005/10/13 15:57:00, 3] param/loadparm.c:lp_load(4082)
lp_load: refreshing parameters
[2005/10/13 15:57:00, 3] param/loadparm.c:init_globals(1366)
Initialising global parameters
[2005/10/13 15:57:00, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file
"/usr/local/lib/smb.conf"
[2005/10/13 15:57:00, 3] param/loadparm.c:do_section(3542)
Processing section "[global]"
[2005/10/13 15:57:00, 2] lib/interface.c:add_interface(81)
added interface ip2.168.1.100 bcast2.168.1.255
nmask%5.255.255.0
[2005/10/13 15:57:00, 3] libsmb/namequery.c:resolve_lmhosts(855)
resolve_lmhosts: Attempting lmhosts lookup for name Server2003<0x20>
[2005/10/13 15:57:00, 3] libsmb/namequery.c:resolve_wins(752)
resolve_wins: Attempting wins lookup for name Server2003<0x20>
[2005/10/13 15:57:00, 3] libsmb/namequery.c:resolve_wins(755)
resolve_wins: WINS server resolution selected and no WINS servers
listed.
[2005/10/13 15:57:00, 3] libsmb/namequery.c:resolve_hosts(917)
resolve_hosts: Attempting host lookup for name Server2003<0x20>
[2005/10/13 15:57:00, 3] libsmb/cliconnect.c:cli_start_connection(1407)
Connecting to host=Server2003
[2005/10/13 15:57:00, 3] lib/util_sock.c:open_socket_out(867)
Connecting to 192.168.1.1 at port 445
[2005/10/13 15:57:00, 3]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(394)
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2005/10/13 15:57:00, 3]
libsmb/trusts_util.c:just_change_the_password(43)
just_change_the_password: unable to setup creds
(NT_STATUS_ACCESS_DENIED)!
[2005/10/13 15:57:00, 1] utils/net_rpc.c:run_rpc_command(140)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password:
[2005/10/13 15:57:13, 3] libsmb/cliconnect.c:cli_start_connection(1407)
Connecting to host=Server2003
[2005/10/13 15:57:13, 3] lib/util_sock.c:open_socket_out(867)
Connecting to 192.168.1.1 at port 445
[2005/10/13 15:57:13, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(709)
Doing spnego session setup (blob length1)
[2005/10/13 15:57:13, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(734)
got OID=1 2 840 48018 1 2 2
[2005/10/13 15:57:13, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(734)
got OID=1 2 840 113554 1 2 2
[2005/10/13 15:57:13, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(734)
got OID=1 2 840 113554 1 2 2 3
[2005/10/13 15:57:13, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(734)
got OID=1 3 6 1 4 1 311 2 2 10
[2005/10/13 15:57:13, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(743)
got principal=server2003$@XXXXXXX.LOCAL
[2005/10/13 15:57:13, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869)
Got challenge flags:
[2005/10/13 15:57:13, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x62890215
[2005/10/13 15:57:13, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891)
NTLMSSP: Set final flags:
[2005/10/13 15:57:13, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2005/10/13 15:57:13, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2005/10/13 15:57:13, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2005/10/13 15:57:13, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
lsa_io_sec_qos: length c does not match size 8
[2005/10/13 15:57:13, 3] rpc_client/cli_pipe.c:rpc_api_pipe(476)
Bind NACK received on pipe c003!
[2005/10/13 15:57:13, 2] rpc_client/cli_pipe.c:cli_nt_session_open(1508)
cli_nt_session_open: rpc bind to \PIPE\NETLOGON failed
[2005/10/13 15:57:13, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(318)
Error domain join verification (reused connection):
NT_STATUS_UNSUCCESSFUL
Unable to join domain XXXXXXX.
[2005/10/13 15:57:13, 2] utils/net.c:main(873)
return code = 1
Il mio file smb.conf e' il seguente:
[global]
workgroup = XXXXXXX.local
netbios name = PROXY
interfaces = 192.168.1.100 <---- Interfaccia verso la intranet
server string = Proxy
socket options = TCP_NODELAY SO_RCVBUF92 SO_SNDBUF92
log file = /var/log/samba/log.%m
##########
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind separator =+
winbind enum users = yes
winbind enum groups = yes
password server = *
##########
os level = 33
preferred master = no
domain master = no
local master = no
domain logons = no
passdb backend = ldapsam:ldap://192.168.1.1/ <---- Questo e' l'IP
del server 2003
syslog = 0
security = domain
encrypt passwords = yes
############ LDAP #############
ldap suffix = dc=KRIFI,dc=local
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap admin dn = cn=Manager,dc=KRIFI,dc=local
ldap ssl = no
ldap delete dn = no
ldap passwd sync = Yes
admin users = root, Administrator
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
Vi prego di aiutarmi!!!
Grazie!
--- StripMime Report -- processed MIME parts ---
multipart/alternative
text/plain (text body -- kept)
text/html
---
More information about the samba-it
mailing list