inconsistent drive mappings + many other errors
Grimes, David
david.grimes at belointeractive.com
Wed Jul 21 16:31:35 GMT 2004
Seems to be the case. I swear I've been pounding on this all week. I have
several odd entries in my debug logs... I might as well bounce them off the
list... I've built a Gentoo box and used the latest builds of ldap samba and
krb5 and below are the errors im getting. I'm betting a dead horse which is
a bug or am I stuck in conf file hell???
>From log.machine:
[2004/07/21 11:06:28, 6] auth/auth_sam.c:check_samstrict_security(310)
check_samstrict_security: OURDOMAIN is not one of my local names
(ROLE_DOMAIN_MEMBER)
and...
[2004/07/21 11:06:27, 2] smbd/service.c:make_connection_snum(311)
user 'dgrimes' (from session setup) not permitted to access this share
(DGRIMES)
now why did it translate it to uppercase???
[2004/07/21 11:06:26, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[CORPDOMAIN]\[dgrimes]@[LS1Z71] with the new password interface
[2004/07/21 11:06:26, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [CORPDOMAIN]\[dgrimes]@[LS1Z71]
[2004/07/21 11:06:26, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by NTLMSSP callback
(NTLM2)
[2004/07/21 11:06:26, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2004/07/21 11:06:26, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: guest had nothing to say
Is this proper formatting of the domain+username???
Now from log.winbind:
[2004/07/21 11:16:39, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737)
got principal=dc-01$@CORPDOMAIN.COM
[2004/07/21 11:16:39, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(535)
Doing kerberos session setup
[2004/07/21 11:16:39, 4] libsmb/clikrb5.c:ads_krb5_mk_req(322)
Advancing clock by 69 seconds to cope with clock skew
[2004/07/21 11:16:39, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(245)
Ticket in ccache[MEMORY:cliconnect] expiration Wed, 21 Jul 2004 21:17:48
GMT
[2004/07/21 11:16:39, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(261)
Using cleartext machine password
[2004/07/21 11:16:39, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
cli_net_req_chal: LSA Request Challenge from SAMBA to DC-01:
70017548D31400F2
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_session_key(59)
cred_session_key
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:16:39, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
cli_net_auth2: srv:\\ DC-01 acct:SAMBA$ sc:2 mc: SAMBA chal
4F54CBEE6F6CC416 neg: 400701ff
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
[2004/07/21 11:16:39, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
cli_net_req_chal: LSA Request Challenge from SAMBA to DC-01:
D6ACE333BFAA182F
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_session_key(59)
cred_session_key
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:16:39, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
cli_net_auth2: srv:\\ DC-01 acct:SAMBA$ sc:2 mc: SAMBA chal
31C7C950CFB8B99D neg: 400701ff
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:16:39, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
[2004/07/21 11:16:39, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[11861]: getpwnam corpdomain+dgrimes
[2004/07/21 11:16:39, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1003)
[11861]: getgroups CORPDOMAIN+dgrimes
[2004/07/21 11:16:39, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
[11861]: gid to sid 10000
[2004/07/21 11:16:39, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
[11861]: gid to sid 10192
[2004/07/21 11:16:39, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
[11861]: gid to sid 10218
[2004/07/21 11:16:39, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
[11861]: gid to sid 10219
[2004/07/21 11:16:39, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
[11861]: gid to sid 10883
[2004/07/21 11:16:39, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
[11861]: gid to sid 11456
[2004/07/21 11:16:39, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[11861]: getpwnam corpdomain+dgrimes
[2004/07/21 11:18:22, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[11863]: request interface version
[2004/07/21 11:18:22, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[11863]: request location of privileged pipe
[2004/07/21 11:18:22, 3] nsswitch/winbindd_misc.c:winbindd_ping(238)
[11863]: ping
[2004/07/21 11:18:22, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
[11863]: gid to sid 65534
[2004/07/21 11:18:22, 3] nsswitch/winbindd_misc.c:winbindd_ping(238)
[11863]: ping
[2004/07/21 11:18:22, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429)
[11863]: pam auth crap domain: CORPDOMAIN user: dgrimes
[2004/07/21 11:18:22, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(261)
Using cleartext machine password
[2004/07/21 11:18:22, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:18:22, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/07/21 11:18:22, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
[2004/07/21 11:18:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[11863]: getpwnam corpdomain+dgrimes
[2004/07/21 11:18:22, 3] nsswitch/winbindd_ads.c:query_user(391)
ads: query_user
[2004/07/21 11:18:22, 1] nsswitch/winbindd_ads.c:query_user(412)
query_user(sid=S-1-5-21-630355997-898334187-311576647-1982): Not found
[2004/07/21 11:18:22, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(182)
error getting user info for user '[CORPDOMAIN]\[dgrimes]'
[2004/07/21 11:18:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[11863]: getpwnam CORPDOMAIN+dgrimes
[2004/07/21 11:18:22, 3] nsswitch/winbindd_ads.c:query_user(391)
ads: query_user
[2004/07/21 11:18:22, 1] nsswitch/winbindd_ads.c:query_user(412)
query_user(sid=S-1-5-21-630355997-898334187-311576647-1982): Not found
[2004/07/21 11:18:22, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(182)
error getting user info for user '[CORPDOMAIN]\[dgrimes]'
[2004/07/21 11:18:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[11863]: getpwnam CORPDOMAIN+DGRIMES
[2004/07/21 11:18:22, 3] nsswitch/winbindd_ads.c:query_user(391)
ads: query_user
[2004/07/21 11:18:22, 1] nsswitch/winbindd_ads.c:query_user(412)
query_user(sid=S-1-5-21-630355997-898334187-311576647-1982): Not found
[2004/07/21 11:18:22, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(182)
error getting user info for user '[CORPDOMAIN]\[DGRIMES]'
[2004/07/21 11:18:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[11863]: getpwnam dgrimes
[2004/07/21 11:18:22, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(243)
[11863]: getgrnam CORPDOMAIN+Domain Users
So what's up with it finding identifying a SID and then "not found"???
Furthermore given the Kerberos handshaking above is it or is it not using
Kerberos for auth? Is it correct to assume that ads does not support NTLM
or? Probably a stupid question that does not warrant answer. Is there a way
to disable sambas use of NTLM allowing only Kerberos?
-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org]
Sent: Monday, July 19, 2004 12:11 PM
To: Grimes, David
Cc: Phil Mayers; samba-technical at lists.samba.org; Jeremy Allison
Subject: Re: inconsistent drive mappings + many other errors
On Mon, Jul 19, 2004 at 10:11:06AM -0500, Grimes, David wrote:
> My question then is how is this working? And why is it only a problem with
> 2000 users? I'm concerned the symptoms have me barking up the wrong tree.
It may be working only using NTLM fallback. Which Windows will do if it
can't get kerberos working. Silently of course.... (after all, who needs
to care about details like that :-).
Jeremy.
More information about the samba-technical
mailing list