domain logon and 3_0 CVS

Joerg Pulz Joerg.Pulz at frm2.tum.de
Mon May 12 08:12:49 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello,

friday i tried to join a domain with a PDC running SAMBA_3_0 CVS from
friday.
i've configured my LDAP directory with user- and machine accounts.
everything looks fine and i could access the PDC normal to copy some
files.
but when i trie to join the domain with a Windows 2000 SP2 computer i
always get the error message:
"No mapping between account names and security IDs was done"

i've never seen this error before.
the samba logs ( level 10 ) show the following:

- ---
[2003/05/09 22:40:14, 5] rpc_server/srv_pipe.c:api_pipe_request(1412)
  Requested \PIPE\samr
[2003/05/09 22:40:14, 3] rpc_server/srv_pipe.c:api_pipe_request(1417)
  Doing \PIPE\samr
[2003/05/09 22:40:14, 4] rpc_server/srv_pipe.c:api_rpcTNP(1463)
  api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES
[2003/05/09 22:40:14, 6] rpc_server/srv_pipe.c:api_rpcTNP(1489)
  api_rpc_cmds[19].fn == 0x810087c
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_debug(81)
  000000 samr_io_q_lookup_names
[2003/05/09 22:40:14, 6] rpc_parse/parse_prs.c:prs_debug(81)
      000000 smb_io_pol_hnd pol
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          0000 data1: 00000000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          0004 data2: 00000007
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint16(605)
          0008 data3: 0000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint16(605)
          000a data4: 0000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
          000c data5: 2e 12 bc 3e 92 ff 00 00
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0014 num_names1: 00000001
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0018 flags     : 000003e8
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      001c ptr       : 00000000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0020 num_names2: 00000001
[2003/05/09 22:40:14, 6] rpc_parse/parse_prs.c:prs_debug(81)
      000024 smb_io_unihdr
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint16(605)
          0024 uni_str_len: 0010
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint16(605)
          0026 uni_max_len: 0012
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          0028 buffer     : 00074098
[2003/05/09 22:40:14, 6] rpc_parse/parse_prs.c:prs_debug(81)
      00002c smb_io_unistr2
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          002c uni_max_len: 00000009
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          0030 undoc      : 00000000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          0034 uni_str_len: 00000008
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806)
          0038 buffer     : T.E.S.T.L.A.P.$.
[2003/05/09 22:40:14, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1450)
  _samr_lookup_names: 1450
[2003/05/09 22:40:14, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(16
2)
  Found policy hnd[0] [000] 00 00 00 00 07 00 00 00  00 00 00 00 2E 12 BC 3E  ..
...... .......>
  [010] 92 FF 00 00                                       ....
[2003/05/09 22:40:14, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106
)
  _samr_lookup_names: access check ((granted: 0x00000200;  required: 0000000000)
[2003/05/09 22:40:14, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1469)
  _samr_lookup_names: looking name on SID S-1-5-21-658248427-402428528-371192968
3
[2003/05/09 22:40:14, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1
[2003/05/09 22:40:14, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/05/09 22:40:14, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/05/09 22:40:14, 5] auth/auth_util.c:debug_nt_user_token(494)
  NT user token: (NULL)
[2003/05/09 22:40:14, 5] auth/auth_util.c:debug_unix_user_token(513)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2003/05/09 22:40:14, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0
[2003/05/09 22:40:14, 5]
rpc_parse/parse_samr.c:init_samr_r_lookup_names(4749)
  init_samr_r_lookup_names
[2003/05/09 22:40:14, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1512)
  _samr_lookup_names: 1512
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_debug(81)
  000000 samr_io_r_lookup_names
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0000 num_rids1: 00000000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0004 ptr_rids : 00000000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0008 num_types1: 00000000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      000c ptr_types : 00000000
[2003/05/09 22:40:14, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
      0010 status: NT_STATUS_NONE_MAPPED
[2003/05/09 22:40:14, 5] rpc_server/srv_pipe.c:api_rpcTNP(1510)
  api_rpcTNP: called samr successfully
- ---

so it seems for me, that the name lookup isn't done right.
the current lookup is only done on the domain SID and not on the ntSID of
the machine account.
or am i thinking in the wrong way there??

any hints are welcome

regards
Joerg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+v1eESPOsGF+KA+MRAlKWAKCSUZCpKLq7e1LGs3krcYdwt6a7GgCgo4mj
e2iVx/0oVqJLu8yRtU5ajjI=
=QfRJ
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list