Problems connecting to samba4 serber

Michael Drüing michael at drueing.de
Sat Aug 26 12:29:31 GMT 2006 

Hi,
 
recently I'm having trouble connecting to my samba4 server. I kept it
running and updated it about once a month or so, and since about 1 month I
can't connect to my shares anymore. Re-running "setup/provision" didn't
help, so I'm posting here. I think I might be doing something terribly wrong
which only worked by chance before and "broke" recently...

I can browse the shares of the server just fine (using "Administrator" as
account name and the password supplied through setup/provision), however as
soon as I connect to the only share I have on the server, I get an error and
samba prints this (AERIS is the client and LAVIE is the samba4 server):

-------8<------8<-------8<------8<------
Selected protocol [5][NT LM 0.12]
Got NTLMSSP neg_flags=0xe2088297
Got user=[Administrator] domain=[AERIS] workstation=[AERIS] len1=24 len2=24
auth_check_password_send:  Checking password for unmapped user
[AERIS]\[Administrator]@[AERIS]
auth_check_password_send:  mapped user is: [AERIS]\[Administrator]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
Got NTLMSSP neg_flags=0xe2088297
Got user=[] domain=[] workstation=[AERIS] len1=1 len2=0
auth_check_password_send:  Checking password for unmapped user []\[]@[AERIS]
auth_check_password_send:  mapped user is: [CYBERSTORM]\[]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sid_to_unixuid: no uidNumber, unixName or sAMAccountName for sid S-1-5-7
192.168.0.1 closed connection to service IPC$
-------8<------8<-------8<------8<------

the log looks slightly diffderent when I use "LAVIE\Administrator" as
account, but the result is the same: no access

-------8<------8<-------8<------8<------
Selected protocol [5][NT LM 0.12]
Got NTLMSSP neg_flags=0xe2088297
Got user=[Administrator] domain=[LAVIE] workstation=[AERIS] len1=24 len2=24
auth_check_password_send:  Checking password for unmapped user
[LAVIE]\[Administrator]@[AERIS]
auth_check_password_send:  mapped user is: [LAVIE]\[Administrator]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
Got NTLMSSP neg_flags=0xe2088297
Got user=[] domain=[] workstation=[AERIS] len1=1 len2=0
auth_check_password_send:  Checking password for unmapped user []\[]@[AERIS]
auth_check_password_send:  mapped user is: [CYBERSTORM]\[]@[AERIS]
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sAMAccountName 'Administrator' for sid
S-1-5-21-266187598-2632415220-1058065203-500 does not exist as a local user
sid_to_unixuid: no uidNumber, unixName or sAMAccountName for sid S-1-5-7
192.168.0.1 closed connection to service IPC$
-------8<------8<-------8<------8<------

this is with fresh ldb databases created through "setup/provision
--realm=CYBERSTORM.COM --domain=CYBERSTORM --adminpass=<password>"

I checked the ldb databases for the unixName property of
S-1-5-21-266187598-2632415220-1058065203-500 and it all looks okay (and yes,
the password given to setup/provision matches the unix root password, not
sure if that's a requirement though...)

-------8<------8<-------8<------8<------
# record 5
dn: CN=Administrator,CN=Users,DC=cyberstorm,DC=com
cn: Administrator
description: Built-in account for administering the computer/domain
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=cyberstorm,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=cyberstorm,DC=com
userAccountControl: 66048
objectSid: S-1-5-21-266187598-2632415220-1058065203-500
adminCount: 1
accountExpires: -1
sAMAccountName: Administrator
isCriticalSystemObject: TRUE
instanceType: 4
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0 
primaryGroupID: 513
logonCount: 0
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=cyberstorm,DC=com
uSNCreated: 531 
ntPwdHash:: xo55nYAQ83prFnzEY87Brg==
lmPwdHash:: MTsgggN4msYdkaCB1LN4YQ==
krb5Key::
MD2hEzARoAMCAQOhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
 ZG1pbmlzdHJhdG9y
krb5Key::
MD2hEzARoAMCAQKhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
 ZG1pbmlzdHJhdG9y
krb5Key::
MD2hEzARoAMCAQGhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
 ZG1pbmlzdHJhdG9y
krb5Key::
MFWhKzApoAMCARKhIgQg3wkhn4wbptX+MUBHTZ0uuaqfM1z7L9hywMRlWWEh4PmiJjAk
 oAMCAQOhHQQbQ1lCRVJTVE9STS5DT01BZG1pbmlzdHJhdG9y
krb5Key::
ME2hIzAhoAMCARChGgQYetAqsCA9N1jqq2eb8YVUTKQp0BrBNw11oiYwJKADAgEDoR0E
 G0NZQkVSU1RPUk0uQ09NQWRtaW5pc3RyYXRvcg==
krb5Key:: MB2hGzAZoAMCARehEgQQxo55nYAQ83prFnzEY87Brg==
pwdLastSet: 128010495550000000
msDS-KeyVersionNumber: 1
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
name: Administrator
objectGUID: ca262b4e-b42c-401b-9533-71cdc0542931
whenCreated: 20060826070555.0Z
whenChanged: 20060826070555.0Z
unixName: root
uSNChanged: 605
distinguishedName: CN=Administrator,CN=Users,DC=cyberstorm,DC=com
-------8<------8<-------8<------8<------

for completeness, here's the entry for SID S-1-5-7 which is also mentioned
in the debug log:

-------8<------8<-------8<------8<------
# record 39
dn: CN=S-1-5-7,CN=ForeignSecurityPrincipals,DC=cyberstorm,DC=com
description: Anonymous
instanceType: 4
showInAdvancedViewOnly: TRUE
objectCategory:
CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=cy
 berstorm,DC=com
uSNCreated: 535
objectSid: S-1-5-7
objectClass: top
objectClass: foreignSecurityPrincipal
name: S-1-5-7
CN: S-1-5-7
objectGUID: 687dabe5-8b80-413a-aa79-47ebe9690a1f
whenCreated: 20060826070556.0Z
whenChanged: 20060826070556.0Z
unixName: nobody
uSNChanged: 596
distinguishedName:
CN=S-1-5-7,CN=ForeignSecurityPrincipals,DC=cyberstorm,DC=co
 m
-------8<------8<-------8<------8<------

Feel free to enlighten me on how I get back access to my share ;-)

Thanks
-Michael

P.S.: I'm on #samba-technical ocassionally, if you happen to catch me there,
I'm under the nick "Dark-Star"

More information about the samba-technical mailing list