WINS problem and NT Domain authentication

Andrew Seabolt andrew.seabolt at prudential.com
Tue Aug 18 20:14:51 GMT 1998 

My user authentication through our PDC was working great until two weeks
ago.  At this time, we weren't doing WINS replication and our PDC was our
WINS server.   All I did was use these values in the smb.conf file:

WORKGROUP = PRUDENTIAL_BANK

# Authentication Options
# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = server
# Use password server option only with security = server
   password server = WARLORD
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT
both
   wins server = 158.221.111.199
#  WARLORD is IP address 158.221.111.199

The password authentication was passed off to WARLORD and once
authenticated (provided the user had an account on
the UNIX SAMBA server (not in smbpasswd file), the shares were doled out
based on that user's user and group
permissions.

Now, suddenly, this doesn't work unless a SMB

(few others deleted)

Nothing else changed in the UNIX environment until our NT administrators
wanted to create a PUSH-PULL relationship
between the PDC and a BDC (don't ask me why -- they just decided to and it
didn't break any NT stuff apparantly).

Now, this is what I'm getting in the logs: (log level 10)

resolve_name: Attempting broadcast lookup for name WARLORD<0x20>
bind succeeded on port 0
nmb packet from 158.221.111.255(137) header: id=11884 opcode=Query(0)
response=No
    header: flags: bcast=Yes rec_avail=No rec_des=No trunc=No auth=No
    header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
    question: q_name=WARLORD<20> q_type=32 q_class=1
1998/08/18 14:06:10 sending a packet of len 50 to (158.221.111.255) on port
 137
nmb packet from 158.221.111.255(137) header: id=11884 opcode=Query(0)
response=No
    header: flags: bcast=Yes rec_avail=No rec_des=No trunc=No auth=No
    header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
    question: q_name=WARLORD<20> q_type=32 q_class=1
1998/08/18 14:06:11 sending a packet of len 50 to (158.221.111.255) on port
 137
nmb packet from 158.221.111.255(137) header: id=11884 opcode=Query(0)
response=No
    header: flags: bcast=Yes rec_avail=No rec_des=No trunc=No auth=No
    header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
    question: q_name=WARLORD<20> q_type=32 q_class=1
1998/08/18 14:06:11 sending a packet of len 50 to (158.221.111.255) on port
 137
server_cryptkey: Can't resolve address for WARLORD
password server not available
Selected protocol NT LM 0.12
......
Domain=[SPUNKY]  NativeOS=[Windows NT 1381] NativeLanMan=[]
sesssetupX:name=[aseabolt]
lp_file_list_changed()
file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf  last
mod_time: Tue Aug 18 14:00:06 1998

password server  is not connected
SMB Password - pwlen = 24, challenge_done = 1
Checking SMB password for user aseabolt (l=24)
get_smbpwd_entry: opening file /usr/local/samba/private/smbpasswd
get_smbpwd_entry: search by name: aseabolt
get_smbpwd_entry: skipping comment or blank line
get_smbpwd_entry: skipping comment or blank line
get_smbpwd_entry: skipping comment or blank line
get_smbpwd_entry: found by name: aseabolt
get_smbpwd_entry: returning passwd entry for user aseabolt, uid 8626
Checking NT MD4 password
Updated database with aseabolt Yes
lp_servicenumber: couldn't find aseabolt
adding home directory aseabolt at /export/home/sysadmin/aseabolt


So I decided to try to do an nmblookup WARLORD at the UNIX box and got that
 it couldn't resolve the name.

Can someone help?

Thanks!

Andy Seabolt
UNIX Systems Administrator
The Prudential Bank and Trust Company
andrew.seabolt at prudential.com

More information about the samba-ntdom mailing list