Login to domain still failing ...

ccoupal at justice.gov.sk.ca ccoupal at justice.gov.sk.ca
Thu Mar 9 14:59:08 GMT 2000 

I have quite a bit of experience with NT, and I thought I would confirm the
following:

If a connection attempt is made to an NT machine, the username is
authenticated as such:

1)	check the PDC (NT Domain) for an account which matches,   if found,
authenticate. if authentication fails, continue else break with succes. If
not found, continue.
2)	check all PDC of trusted domains for an account which matches, if
found, authenticate. if authentication fails, continue else break with
succes. If not found, continue.
3)	loop 2 until all trusted PDC are tried
4)	check local SAM database for an account which matches, if found,
authenticate. if authentication fails, continue else break with succes. If
not found, continue.
5)	stop with authentication failure

-----Original Message-----
From:	abrock at georgefox.edu [SMTP:abrock at georgefox.edu]
Sent:	Wednesday, March 08, 2000 9:06 PM
To:	Multiple recipients of list SAMBA-NTDOM
Subject:	Login to domain still failing ...

A few minutes ago (6:30 pm PST, 3/8/2000) I updated against the CVS tree,
and am still unable to login to the domain.  While I am unfamiliar with
the rpcclient command, I was able to do the following:

rpcclient -S \. -U abrock%pass
Added interface ip=10.0.0.10 bcast=10.0.0.255 nmask=255.255.255.0
[abrock at .]$ ntlogin IT\abrock pass
ntlogin IT\abrock fhm06l
socket connect to /tmp/.msrpc/.lsarpc/agent failed: Connection refused
socket connect to /tmp/.msrpc/.NETLOGON/agent failed: Connection refused
cli_nt_setup_creds: request challenge failed
cmd_nt_login: login (abrock) test succeeded: No
[abrock at .]$

Is there anything I can do to assist in fixing this problem?  Would it
help if I post a log at a certain level?  Post my smb.conf file again? 
Whatever it would take to get logins working again, I would GREATLY
appreciate any assistance!

Tony

lkcl at samba.org writes:
>scratch that, i just checked this over.  it would appear that this is the
>_correct_ behaviour.
>
>namely, that if a local workstation attempts to contact a machine, the
>local sam database should be used.
>
>i _think_ this may actually be, if the domain name is unrecognised, use
>the local sam database (including if the domain name is the local
>workstation).
>
>i'm going to code that up.
>
>On Thu, 9 Mar 2000, Luke Kenneth Casson Leighton wrote:
>
>> tom thx 4 bringing this to my attention.  i am being more strict about
>> what domain names are accepted etc.  i will fix this as a special case.
>> 
>> luke
>> 
>> 
>
><a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
><a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
><a href=" http://samba.org"      > Samba Web site                  </a>
><a href=" http://www.iss.net"    > Internet Security Systems, Inc. </a>
><a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
> 
>ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
>

More information about the samba-ntdom mailing list