samba-tng-alpha-1.1.tar.gz
Anthony Brock
abrock at georgefox.edu
Wed Mar 22 23:26:05 GMT 2000
Okay, I have just hit a point here at work where I have to get this working
soon. So, I am once more looking into samba ... :)
While I am not entirely familiar with the history behind this other
message, I am experiencing what appears to be similar problems on my
Sparc/Solaris 2.7 machine.
Initially, we have a machine setup as both PDC and WINS server running
Samba 2.0.6. Obviously, this is only good for Win95 machines. So, I
wanted to leave WINS on the original machine (since I ran into VERY weird
behavior the last time I moved it to TNG), but need to move the PDC to
another machine.
So I copied the sid files, smbpasswd, and smb.conf files to the new
installation (cvs from around 3pm this afternoon, 3/22/2000). Edited both
configs in accordance with the Samba TNG Faq, and started them
up. Everything seemed to be working fine, until some people tried to login
that I had not yet created UNIX accounts for. However, myself and several
others who already had UNIX accounts (and identical uids to the original
PDC) had no problems.
I thought, this should be easy. So I deleted the unknown people from the
smbpasswd file, and created their UNIX accounts. Next, I used rcpclient to
create them. So far so good.
However, when I attempted to change their password, I receive the following
error:
[root at .]$ samuserset helpdsk -p anything57
samuserset helpdsk -p anything57
SAM Set User Info: helpdsk
Password: ÿ¾æ
Set User Info: Failed
[root at .]$
When I looked in the logs, the only thing that seems to make any sense at
all is found in log.samr and I have enclosed it below.
Let me know if you want me to increase the logging level or do something
else. Thanks in advance,
Tony
*** START /opt/samba-tng/var/log.samr ***
[2000/03/22 16:29:16, 1] msrpc/msrpcd.c:main(460)
samrd version TNG-prealpha started.
Copyright Andrew Tridgell 1992-1999
create_pipe_socket: /opt/samba-tng/var/locks/.msrpc perms=448
/opt/samba-tng/var/locks/.msrpc/samr perms=448
*** Please someone examine create_pipe_socket and fix it ***
*** if used other than for exclusive root access ***
*** (see perms, which should be 0700 and 0600) ***
*** there is a race condition to be exploited. ***
remove on /opt/samba-tng/var/locks/.msrpc/samr failed
TODO: verify that the rid exists
ERROR: setgroups call failed!
TODO: verify that the rid exists
ERROR: setgroups call failed!
ERROR: setgroups call failed!
TODO: verify that the rid exists
ERROR: setgroups call failed!
TODO: verify that the rid exists
ERROR: setgroups call failed!
ERROR: setgroups call failed!
TODO: verify that the rid exists
decode_pw_buffer: incorrect password length (954580735).
ERROR: setgroups call failed!
TODO: verify that the rid exists
ERROR: setgroups call failed!
ERROR: setgroups call failed!
TODO: verify that the rid exists
decode_pw_buffer: incorrect password length (954580735).
TODO: verify that the rid exists
ERROR: setgroups call failed!
TODO: verify that the rid exists
ERROR: setgroups call failed!
ERROR: setgroups call failed!
TODO: verify that the rid exists
decode_pw_buffer: incorrect password length (954580735).
*** END /opt/samba-tng/var/log.samr ***
At 12:51 PM 3/19/00 -0800, lkcl at samba.org wrote:
>ok, firstly, make sure that there is read-permission to everyone all the
>way up to domainuser.map.
>
>secondly, try just "root" username, removing the domainuser.map.
>
>i just tried smbclient myself, and it worked fine, with _and_ without the
>domainuser.map, by the way.
>
>sooo.... how about this:
>
>try:
>
>samedit -S . -U root% -l lo
>[$] samuserset mg -p test
>
>then examine the mg line in smbpasswd, it should be like this:
>mg:0:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U
>]:LCT-38D2E810:
>
>check that the password is correct, ok?
>
>also, try this:
>
>samedit -S . -U root% -l log
>[$ ] ntlogin DOMAINNAME\username password
>
>this should respond yes or no.
>
>try a correct password as well as an incorrect one.
>
>try an incorrect usename, too.
>
>On Sun, 19 Mar 2000, Michael Glauche wrote:
>
> >> Michael Glauche wrote:
> >> >
> >> > Michael Glauche wrote:
> >> > >
> >> > > Have some troubles connecting to shares (did not test domain logons
> >yet)
> >> > > from nt5. lsarpcd tells me about missing sockets (that in the other
> >> > > post).
> >> >
> >> > ahh .. had some trouble reconnecting drives, when using a fresh logon
> >> > to alpha1.1 it works, but when nt5 has mapped a share, then you can't
> >> > switch from 2.0.6 to TNG ... *grin*
> >>
> >> oops .. wait .. that was another thing ... 2.0.6 was running when it
> >> worked.
> >>
> >> Now .. some more information :
> >>
> >> nt5 connect to share as "mg" : works
> >> nt5 connect to share as "adminstrator" : fails
> >> smbclient //server/share -U administrator : works
> >>
> >> I have a line
> >> domain user map = /opt/samba-tng/private/domainuser.map
> >> with
> >> root=Administrator
> >>
> >> in it, so it should work. (according to smbclient it does !?)
> >>
> >> in the logfile I got:
> >> load_name_map: Scanning name map /opt/samba-tng/private/domainuser.map
> >> make_name_entry:,administrator,root
> >> unix_name_to_nt_name_info: unix_name:root
> >> unix_name_to_nt_name_info: unix gid:0
> >> unixname = root, ntname = TESTWG\administrator type = 1
> >>
> >> but later I got:
> >> domain_client_validate: check lockout / pwd expired!
> >> No such user administrator - using guest account
> >>
> >> TIA,
> >> Michael
> >>
>
><a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
><a href=" http://cb1.com/~lkcl" > Samba and Network Development </a>
><a href=" http://samba.org" > Samba Web site </a>
><a href=" http://mcp.com" > Macmillan Technical Publishing </a>
>
>ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
******************************************************************************
* Anthony Brock abrock at georgefox.edu *
* Director of Network Services George Fox University *
******************************************************************************
More information about the samba-ntdom
mailing list