Unable to setup the PDC credentials to machine NTPDC

Hallvard ¯strem hallvard at npk.no
Fri Feb 2 14:30:50 GMT 2001 

I understand that winbind and Samba appliance is kind of left
alone for the moment, but I still chose to install winbind in
order to get a compiled binary version. I'm not very
experienced when it comes to compiling on my own.

Winbind seems to do what its supposed to do in a lot of ways on
my system. I get all NT users and groups on my Windows NT4 PDC
with getent, but winbindd still fails to authenticate users
when they open restricted Samba shares. It seems that the
problem is that Samba logs on to the NT PDC (NTPDC) without a
password and is refused loging on to port 445:

resolve_lmhosts: Attempting lmhosts lookup for name NTPDC<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
getlmhostsent: lmhost entry: 195.139.94.140 SAMBASERVER 
getlmhostsent: lmhost entry: 195.139.94.170 NTPDC 
cli_establish_connection: SAMBASERVER<00> connecting to
NTPDC<20> (195.139.94.170) -  [] with NTLMv1, nopw: Yes
Connecting to 195.139.94.170 at port 445
error connecting to 195.139.94.170:445 (Oppkobling nektes)   #
Connection refused
Connecting to 195.139.94.170 at port 139
Sent session request

As a result the user (NT-user: asgeir) is treated as a guest
user and the connection to the share (Public) is finally
refused. (From the client log file:)

cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
cli_nt_setup_creds: auth2 challenge failed
connect_to_domain_password_server: unable to setup the PDC
credentials to machine NTPDC. Error was :
NT_STATUS_ACCESS_DENIED.
[...]
domain_client_validate: Domain password server not available.
getsmbfilepwent: returning passwd entry for user hallvard, uid
500
getsmbfilepwent: returning passwd entry for user root, uid 0
getsmbfilepwent: returning passwd entry for user gdm, uid 42
getsmbfilepwent: returning passwd entry for user mysql, uid 27
getsmbfilepwent: returning passwd entry for user nscd, uid 28
getsmbfilepwent: returning passwd entry for user pvm, uid 24
getsmbfilepwent: returning passwd entry for user NTDOMAIN+?,
uid 10000
getsmbfilepwent: returning passwd entry for user
NTDOMAIN+Administrator, uid 10001
getsmbfilepwent: returning passwd entry for user NTDOMAIN+anne,
uid 10002
getsmbfilepwent: returning passwd entry for user
NTDOMAIN+arneivar, uid 10003
getsmbfilepwent: returning passwd entry for user
NTDOMAIN+asgeir, uid 10004
Checking SMB password for user NTDOMAIN+asgeir
challenge received
Checking LM MD4 password
no password required for user NTDOMAIN+asgeir
push_sec_ctx() : sec_ctx_stack_ndx = 1
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
uid 10004 registered to name NTDOMAIN+asgeir
Clearing default real name
User name: NTDOMAIN+asgeir	Real name: Asgeir Olden
Chained message
[...]
switch message SMBtconX (pid 17554)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
unbecome_user now uid=(0,0) gid=(0,0)
Got device type ?????
ACCEPTED: guest account and guest ok
rejected invalid user nobody
Invalid username/password for public [nobody]
error packet at line 162 cmd=117 (SMBtconX) eclass=2 ecode=2
error string = Ingen slik fil eller filkatalog

----

I had no problem joining the domain with samedit (except a
codepage error in the samedit logfile: missing codepage_000),
but I can't find any file named DOMAIN.MACHINE.mac, only a
MACHINE.SID-file. Is this the source of the problem?

I was i little confused by the PAM configuration section in the
winbindd man page when it comes to which PAM-files to change. I
ended up changing passwd, samba and rlogin according to the man
page.

Any hints on where to go form here, would be appreciated. My
smb.conf below.

Hallvard Østrem

[global]
	client code page = 850
	workgroup = NOREG
	netbios name = SIVLE
	server string = Samba appliance %v
	security = DOMAIN
	encrypt passwords = Yes
	min passwd length = 7
	password server = AASEN
	smb passwd file = /etc/samba/smbpasswd
	passwd program = /usr/bin/passwd %u
	passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
	username map = /etc/samba/smbusers.map
	unix password sync = Yes
	log level = 5
	log file = /usr/local/samba/var/%m.log
	max log size = 50
	name resolve order = lmhosts host wins bcast
	socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
	os level = 0
	preferred master = no
	local master = Yes
	domain master = no
	dns proxy = No
	wins server = 195.139.94.200
	lock dir = /usr/local/samba/var/locks
	winbind uid = 10000-20000
	winbind gid = 10000-20000
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind separator = +
	winbind cache time = 15
	guest account = nobody

[tmp]
	comment = Temporary file space
	path = /tmp
	read only = No
	guest ok = Yes

[public]
	comment = Public Stuff
	path = /home/samba
	valid users = asgeir
	read only = No
	guest ok = Yes

More information about the samba-ntdom mailing list