Trust between Windows 2003 and Samba 3

Joao Fraga jfraga at dq.fct.unl.pt
Thu Feb 26 18:47:03 GMT 2004


Volker.Lendecke at SerNet.DE wrote:
> On Thu, Feb 26, 2004 at 06:14:31AM +0000, Joao Fraga wrote:
> 
>>Also the Samba PDC is configured to use LDAP as its SAM. On the LDAP
>>related log entries on the Samba there is a search for
>>       sambaSID=sambaSID=S-1-5-21-1052267596-438558487-3958513425-501
>>but there is no object with this SID on my LDAP. Could this be the problem?
> 
> 
> Can we get a bit more log around that search?

Here goes all the log entries of slapd when a login attempt (with a Samba
user) is made on Win2003:

==========================================================================
slapd[2515]: conn=62 fd=39 ACCEPT from IP=127.0.0.1:33244 (IP=0.0.0.0:389)
slapd[2606]: conn=62 op=0 BIND dn="cn=Manager,dc=DQ,dc=FCT,dc=UNL,dc=PT"
method=128
slapd[2606]: conn=62 op=0 BIND dn="cn=Manager,dc=DQ,dc=FCT,dc=UNL,dc=PT"
mech=simple ssf=0
slapd[2606]: conn=62 op=0 RESULT tag=97 err=0 text=
slapd[2606]: conn=62 op=1 SRCH base="dc=DQ,dc=FCT,dc=UNL,dc=PT" scope=2
filter="(&(objectClass=sambaDomain)(sambaDomainName=QUIMICAS))"
slapd[2606]: conn=62 op=1 SRCH attr=sambaDomainName sambaNextRid
sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase
objectClass
slapd[2606]: conn=62 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[2606]: conn=62 op=2 SRCH base="dc=DQ,dc=FCT,dc=UNL,dc=PT" scope=2
filter="(&(sambaSID=S-1-5-21-1536239534-601122054-2498370202-501)(objectClass=sambaSamAccount))"
slapd[2606]: conn=62 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
slapd[2606]: conn=62 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[2515]: conn=63 fd=41 ACCEPT from IP=127.0.0.1:33245 (IP=0.0.0.0:389)
slapd[2606]: conn=63 op=0 BIND dn="" method=128
slapd[2606]: conn=63 op=0 RESULT tag=97 err=0 text=
slapd[2606]: conn=63 op=1 SRCH base="dc=DQ,dc=FCT,dc=UNL,dc=PT" scope=2
filter="(uid=nobody)"
slapd[2606]: conn=63 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[2606]: conn=63 op=2 SRCH base="dc=DQ,dc=FCT,dc=UNL,dc=PT" scope=2
filter="(&(objectClass=posixGroup)(memberUid=nobody))"
slapd[2606]: conn=63 op=2 SRCH attr=cn userPassword memberUid uniqueMember
gidNumber
slapd[2606]: conn=63 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[2606]: conn=62 op=3 SRCH base="ou=Groups,dc=DQ,dc=FCT,dc=UNL,dc=PT"
scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
slapd[2606]: conn=62 op=3 SRCH attr=gidNumber sambaSID sambaGroupType
description displayName cn objectClass
slapd[2606]: conn=62 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[2606]: conn=62 op=4 SRCH base="ou=Groups,dc=DQ,dc=FCT,dc=UNL,dc=PT"
scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
slapd[2606]: conn=62 op=4 SRCH attr=gidNumber sambaSID sambaGroupType
description displayName cn objectClass
slapd[2606]: conn=62 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[2606]: conn=62 op=5 SRCH base="ou=Groups,dc=DQ,dc=FCT,dc=UNL,dc=PT"
scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=222))"
slapd[2606]: conn=62 op=5 SRCH attr=gidNumber sambaSID sambaGroupType
description displayName cn objectClass
slapd[2606]: conn=62 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[2606]: conn=62 op=6 SRCH base="dc=DQ,dc=FCT,dc=UNL,dc=PT" scope=2
filter="(&(uid=ALUNOS$)(objectClass=sambaSamAccount))"
slapd[2606]: conn=62 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
slapd[2606]: conn=62 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[2606]: conn=62 op=7 SRCH base="dc=DQ,dc=FCT,dc=UNL,dc=PT" scope=2
filter="(&(uid=ALUNOS$)(objectClass=sambaSamAccount))"
slapd[2606]: conn=62 op=7 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
slapd[2606]: conn=62 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
==========================================================================

I have removed and added the trust on both sides several times, and joined
and disjoined workstations to/from the Win2003 domain several times too,
but to no avail. The error "The authentication service is unknown" remains.

Interdomain trusts is a very useful feature of Samba 3. And I really need
it working :-(


Joao




More information about the samba-technical mailing list