LDAP-PDC (--with-ldap) broken from the TNG > 0.x?

Ignacio Coupeau icoupeau at unav.es
Thu Apr 27 17:20:31 GMT 2000


Luke Kenneth Casson Leighton wrote:
> 
> On Tue, 25 Apr 2000, Ignacio Coupeau wrote:
> 
> > I tested "--with-ldap" stuff across 10 TNG versions (from the 1.0 to
> > 2.5), and join a WS to the domain is almost impossible; instead, the
> > account maintenance (samedit/*user) runs well.
> > I think the "LSA Open Secret" stuff is broken: don't connects/talks to
> > ldap server at all...
> 
...
> dat unfinished.


I added a lot of DEBUG lines in the code for tracking.
The log below shows pretty well how the negotiation fails in the
tdb_read/fetch. I suppose this is because:
1. or need an extra <option> in "./configure --with-ldap
--with-sam-pwdb=<option>",
2. or the tdb<-->ldap is broken/unplugged

Any suggestion?

---------------------------------------
Scenario:
NT WS name: ICB
user logged: icoupeau
share/user in the PDC/SAMBA: www
the negotiation shows the connection (failed) to a share in the
CTI-SMB-DEV samba(TNG 2.5/linux) server:

LOG+
-----snip------

==> password_ok: www--ICB--
password_ok: check SMB auth
CTI-domain_client_validate: acct_type = SEC_CHAN_DOMAIN
check_domain_security: CTI-SMB-DEV(4)
domain_client_validate: www ICB
domain_client_validate: could not find domain ICB, using local SAM
tdb_find
tdb_read
tdb_read: RETURN
...
tdb_read: RETURN
tdb_find: memcmp FAILED
tdb_read
tdb_read: RETURN
tdb_fetch: rec_ptr=NULL
...
tdb_read: RETURN
tdb_fetch: rec_ptr=NULL
tdb_fetch
tdb_find
...
tdb_find: memcmp FAILED
tdb_read
tdb_fetch: rec_ptr=NULL
msrpc_lsa_query_secret: lsa_open_policy2=1
LSA Open Secret
make_q_open_secret
make_q_open_secret: secret_name=G$$ICB
make_q_open_secret: TRUE
     --->lsa_io_q_open_secret: TRUE 
tdb_fetch
tdb_find
tdb_fetch: rec_ptr=NULL
     --->lsa_io_q_open_secret: TRUE 
_lsa_open_secret
tdb_lookup_secret
tdb_lookup_secret: lookup secret G$$ICB
tdb_fetch
tdb_find
tdb_read
tdb_read: RETURN
tdb_find: RETURN
tdb_lookup_secret: prs_buf_len(&data) = 0x0 (prs_tdb_fetch) 
_lsa_open_secret: !tdb_lookup_secret
     --->lsa_io_r_open_secret: TRUE
lsa_open_secret: turnning parameters into data stream
     --->lsa_io_r_open_secret: TRUE
lsa_open_secret: rbuf.offset?1 r_o.status?1
LSA_OPENSECRET: unknown error
msrpc_lsa_query_secret: lsa_open_secret=0
msrpc_lsa_query_secret: lsa_query_secret=0
msrpc_lsa_query_secret: lsa_close=0
...
tdb_read: RETURN
tdb_find: memcmp FAILED
tdb_read
tdb_read: RETURN
tdb_fetch: rec_ptr=NULL
_lsa_open_secret
tdb_lookup_secret
tdb_lookup_secret: lookup secret $MACHINE.ACC
tdb_fetch
tdb_find
tdb_read
tdb_read: RETURN
tdb_find: RETURN
tdb_lookup_secret: prs_buf_len(&data) = 0x0 (prs_tdb_fetch) 
_lsa_open_secret: !tdb_lookup_secret
_lsa_open_secret failed with 0xc0000034
msrpc_lsa_query_secret: lsa_close=0
msrpc_lsa_query_trust_passwd: msrpc_lsa_query_secret=0
domain_client_validate: !msrpc_lsa_query_trust_passwd G$$ICB P–P–     
€·@
password_ok: domain auth failed, ICB
password_ok: smb_apasslen:24, lp_encrypted_passwords:1
lp_null_passwords:1
SMB LM/NT Password did not match!
Rejecting user 'www': authentication failed



-- 
____________________________________________________
Ignacio Coupeau, Ph.D.     e-mail: icoupeau at unav.es
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN            http://www.unav.es/cti/


More information about the samba-technical mailing list