[Samba-it] Vampire e NT_STATUS_ACCESS_DENIED
Marco Gaiarin
gaio at sv.lnf.it
Fri Oct 29 09:34:49 MDT 2010
Devo migrare un vecchissimo dominio samba3 su pdbsam, in condizioni
abbastanza pietose, su una nuova installazione debian lenny (samba 3.2,
ldapsam).
Siccome non ho nessuna intenzione di rifare il join al dominio delle
macchine, pensavo di usare molto semplicemente vampire per recuperare
almeno gli account macchina.
Sono riuscito a fare il join del server nuovo al server vecchio:
jacob:~# net rpc testjoin
Join to 'DOMINIO' is OK
[root at plsamba root]# pdbedit -vL jacob$
Unix username: jacob$
NT username:
Account Flags: [S ]
User SID: S-1-5-21-1220865620-3797846372-2496342287-3166
Primary Group SID: S-1-5-21-1220865620-3797846372-2496342287-1201
Full Name: Server Jacob
Home Directory:
HomeDir Drive: (null)
Logon Script:
Profile Path:
Domain: DOMINIO
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: ven, 13 dic 1901 21:45:51 GMT
Kickoff time: ven, 13 dic 1901 21:45:51 GMT
Password last set: ven, 29 ott 2010 17:00:01 GMT
Password can change: ven, 29 ott 2010 17:00:01 GMT
Password must change: ven, 13 dic 1901 21:45:51 GMT
Last bad password : 0
Bad password count : 0
ma se cerco di fare il vampire ottengo solo:
jacob:~# net -d 4 -I PLSAMBA -U root rpc vampire
[2010/10/29 17:24:48, 3] param/loadparm.c:lp_load_ex(8783)
lp_load_ex: refreshing parameters
[2010/10/29 17:24:48, 3] param/loadparm.c:init_globals(4621)
Initialising global parameters
[2010/10/29 17:24:48, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[...]
[2010/10/29 17:24:48, 3] lib/util_sock.c:open_socket_out(1400)
Connecting to 192.0.0.76 at port 445
[2010/10/29 17:24:48, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
rpc_pipe_bind: Remote machine 192.0.0.76 pipe \lsarpc fnum 0x72c7 bind request returned ok.
[2010/10/29 17:24:48, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
rpc_pipe_bind: Remote machine 192.0.0.76 pipe \NETLOGON fnum 0x72c8 bind request returned ok.
[2010/10/29 17:24:48, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
rpc_pipe_bind: Remote machine 192.0.0.76 pipe \NETLOGON fnum 0x72c9 bind request returned ok.
Fetching DOMAIN database
[2010/10/29 17:24:48, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(624)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine 192.0.0.76 pipe \NETLOGON fnum 0x72c9!
[2010/10/29 17:24:48, 0] libsmb/credentials.c:netlogon_creds_client_check(331)
netlogon_creds_client_check: credentials check failed.
[2010/10/29 17:24:48, 0] utils/net_rpc_samsync.c:fetch_database(1248)
credentials chain check failed
Failed to fetch domain database: NT_STATUS_ACCESS_DENIED
[2010/10/29 17:24:48, 1] utils/net_rpc.c:run_rpc_command(181)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2010/10/29 17:24:48, 2] utils/net.c:main(1172)
return code = 1
Lato server non vedo nulla di particolare.
Cosa posso aver sbagliato?
Mi sono accorto che non usa tdb, ma smbpasswd. fico.
Posso prendere le stringhe con le password che trovo in smbpasswd e
schiaffarle papaple papale dentro LDAP?
...due righe di perl e passa la paura... ;-)))
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba-it
mailing list