Problems connecting to samba4 serber
Michael Drüing
michael at drueing.de
Sat Aug 26 12:29:31 GMT 2006
Hi,
recently I'm having trouble connecting to my samba4 server. I kept it
running and updated it about once a month or so, and since about 1 month I
can't connect to my shares anymore. Re-running "setup/provision" didn't
help, so I'm posting here. I think I might be doing something terribly wrong
which only worked by chance before and "broke" recently...
I can browse the shares of the server just fine (using "Administrator" as
account name and the password supplied through setup/provision), however as
soon as I connect to the only share I have on the server, I get an error and
samba prints this (AERIS is the client and LAVIE is the samba4 server):
-------8<------8<-------8<------8<------
Selected protocol [5][NT LM 0.12]
Got NTLMSSP neg_flags=0xe2088297
Got user=[Administrator] domain=[AERIS] workstation=[AERIS] len1=24 len2=24
auth_check_password_send: Checking password for unmapped user
[AERIS]\[Administrator]@[AERIS]
auth_check_password_send: mapped user is: [AERIS]\[Administrator]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
Got NTLMSSP neg_flags=0xe2088297
Got user=[] domain=[] workstation=[AERIS] len1=1 len2=0
auth_check_password_send: Checking password for unmapped user []\[]@[AERIS]
auth_check_password_send: mapped user is: [CYBERSTORM]\[]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sid_to_unixuid: no uidNumber, unixName or sAMAccountName for sid S-1-5-7
192.168.0.1 closed connection to service IPC$
-------8<------8<-------8<------8<------
the log looks slightly diffderent when I use "LAVIE\Administrator" as
account, but the result is the same: no access
-------8<------8<-------8<------8<------
Selected protocol [5][NT LM 0.12]
Got NTLMSSP neg_flags=0xe2088297
Got user=[Administrator] domain=[LAVIE] workstation=[AERIS] len1=24 len2=24
auth_check_password_send: Checking password for unmapped user
[LAVIE]\[Administrator]@[AERIS]
auth_check_password_send: mapped user is: [LAVIE]\[Administrator]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
Got NTLMSSP neg_flags=0xe2088297
Got user=[] domain=[] workstation=[AERIS] len1=1 len2=0
auth_check_password_send: Checking password for unmapped user []\[]@[AERIS]
auth_check_password_send: mapped user is: [CYBERSTORM]\[]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sid_to_unixuid: no uidNumber, unixName or sAMAccountName for sid S-1-5-7
192.168.0.1 closed connection to service IPC$
-------8<------8<-------8<------8<------
this is with fresh ldb databases created through "setup/provision
--realm=CYBERSTORM.COM --domain=CYBERSTORM --adminpass=<password>"
I checked the ldb databases for the unixName property of
S-1-5-21-266187598-2632415220-1058065203-500 and it all looks okay (and yes,
the password given to setup/provision matches the unix root password, not
sure if that's a requirement though...)
-------8<------8<-------8<------8<------
# record 5
dn: CN=Administrator,CN=Users,DC=cyberstorm,DC=com
cn: Administrator
description: Built-in account for administering the computer/domain
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=cyberstorm,DC=com
userAccountControl: 66048
objectSid: S-1-5-21-266187598-2632415220-1058065203-500
adminCount: 1
accountExpires: -1
sAMAccountName: Administrator
isCriticalSystemObject: TRUE
instanceType: 4
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
logonCount: 0
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=cyberstorm,DC=com
uSNCreated: 531
ntPwdHash:: xo55nYAQ83prFnzEY87Brg==
lmPwdHash:: MTsgggN4msYdkaCB1LN4YQ==
krb5Key::
MD2hEzARoAMCAQOhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
ZG1pbmlzdHJhdG9y
krb5Key::
MD2hEzARoAMCAQKhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
ZG1pbmlzdHJhdG9y
krb5Key::
MD2hEzARoAMCAQGhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
ZG1pbmlzdHJhdG9y
krb5Key::
MFWhKzApoAMCARKhIgQg3wkhn4wbptX+MUBHTZ0uuaqfM1z7L9hywMRlWWEh4PmiJjAk
oAMCAQOhHQQbQ1lCRVJTVE9STS5DT01BZG1pbmlzdHJhdG9y
krb5Key::
ME2hIzAhoAMCARChGgQYetAqsCA9N1jqq2eb8YVUTKQp0BrBNw11oiYwJKADAgEDoR0E
G0NZQkVSU1RPUk0uQ09NQWRtaW5pc3RyYXRvcg==
krb5Key:: MB2hGzAZoAMCARehEgQQxo55nYAQ83prFnzEY87Brg==
pwdLastSet: 128010495550000000
msDS-KeyVersionNumber: 1
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
name: Administrator
objectGUID: ca262b4e-b42c-401b-9533-71cdc0542931
whenCreated: 20060826070555.0Z
whenChanged: 20060826070555.0Z
unixName: root
uSNChanged: 605
distinguishedName: CN=Administrator,CN=Users,DC=cyberstorm,DC=com
-------8<------8<-------8<------8<------
for completeness, here's the entry for SID S-1-5-7 which is also mentioned
in the debug log:
-------8<------8<-------8<------8<------
# record 39
dn: CN=S-1-5-7,CN=ForeignSecurityPrincipals,DC=cyberstorm,DC=com
description: Anonymous
instanceType: 4
showInAdvancedViewOnly: TRUE
objectCategory:
CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=cy
berstorm,DC=com
uSNCreated: 535
objectSid: S-1-5-7
objectClass: top
objectClass: foreignSecurityPrincipal
name: S-1-5-7
CN: S-1-5-7
objectGUID: 687dabe5-8b80-413a-aa79-47ebe9690a1f
whenCreated: 20060826070556.0Z
whenChanged: 20060826070556.0Z
unixName: nobody
uSNChanged: 596
distinguishedName:
CN=S-1-5-7,CN=ForeignSecurityPrincipals,DC=cyberstorm,DC=co
m
-------8<------8<-------8<------8<------
Feel free to enlighten me on how I get back access to my share ;-)
Thanks
-Michael
P.S.: I'm on #samba-technical ocassionally, if you happen to catch me there,
I'm under the nick "Dark-Star"
More information about the samba-technical
mailing list