Problems connecting to samba4 server

Michael Drüing michael at drueing.de
Mon Aug 28 20:18:06 GMT 2006 

Did some more testing, the funny thing is that everything works as expected
as soon as I add a user called "Administrator", UID=0, GID=0, to my
/etc/passwd file (the share I'm trying to access, and all files in it, are
owned by root)

Question: Is that expected behaviour? i.e. do I need to add a UNIX user for
every samba user I'm trying to connect with? I guess not, so why is the
username mapping broken for me?

Thanks,
--Michael

> -----Original Message-----
> From: 
> samba-technical-bounces+michael=drueing.net at lists.samba.org 
> [mailto:samba-technical-bounces+michael=drueing.net at lists.samb
a.org] On Behalf Of Michael Drüing
> Sent: Saturday, August 26, 2006 2:30 PM
> To: samba-technical at lists.samba.org
> Subject: Problems connecting to samba4 serber
> 
> Hi,
>  
> recently I'm having trouble connecting to my samba4 server. I kept it
> running and updated it about once a month or so, and since 
> about 1 month I
> can't connect to my shares anymore. Re-running 
> "setup/provision" didn't
> help, so I'm posting here. I think I might be doing something 
> terribly wrong
> which only worked by chance before and "broke" recently...
> 
> I can browse the shares of the server just fine (using 
> "Administrator" as
> account name and the password supplied through 
> setup/provision), however as
> soon as I connect to the only share I have on the server, I 
> get an error and
> samba prints this (AERIS is the client and LAVIE is the 
> samba4 server):
> 
> -------8<------8<-------8<------8<------
> Selected protocol [5][NT LM 0.12]
> Got NTLMSSP neg_flags=0xe2088297
> Got user=[Administrator] domain=[AERIS] workstation=[AERIS] 
> len1=24 len2=24
> auth_check_password_send:  Checking password for unmapped user
> [AERIS]\[Administrator]@[AERIS]
> auth_check_password_send:  mapped user is: 
> [AERIS]\[Administrator]@[AERIS]
> sAMAccountName 'Administrator' for sid
> S-1-5-21-266187598-2632415220-1058065203-500 does not exist 
> as a local user
> Got NTLMSSP neg_flags=0xe2088297
> Got user=[] domain=[] workstation=[AERIS] len1=1 len2=0
> auth_check_password_send:  Checking password for unmapped 
> user []\[]@[AERIS]
> auth_check_password_send:  mapped user is: [CYBERSTORM]\[]@[AERIS]
> sAMAccountName 'Administrator' for sid
> S-1-5-21-266187598-2632415220-1058065203-500 does not exist 
> as a local user
> sAMAccountName 'Administrator' for sid
> S-1-5-21-266187598-2632415220-1058065203-500 does not exist 
> as a local user
> sid_to_unixuid: no uidNumber, unixName or sAMAccountName for 
> sid S-1-5-7
> 192.168.0.1 closed connection to service IPC$
> -------8<------8<-------8<------8<------
> 
> the log looks slightly diffderent when I use "LAVIE\Administrator" as
> account, but the result is the same: no access
> 
> -------8<------8<-------8<------8<------
> Selected protocol [5][NT LM 0.12]
> Got NTLMSSP neg_flags=0xe2088297
> Got user=[Administrator] domain=[LAVIE] workstation=[AERIS] 
> len1=24 len2=24
> auth_check_password_send:  Checking password for unmapped user
> [LAVIE]\[Administrator]@[AERIS]
> auth_check_password_send:  mapped user is: 
> [LAVIE]\[Administrator]@[AERIS]
> sAMAccountName 'Administrator' for sid
> S-1-5-21-266187598-2632415220-1058065203-500 does not exist 
> as a local user
> Got NTLMSSP neg_flags=0xe2088297
> Got user=[] domain=[] workstation=[AERIS] len1=1 len2=0
> auth_check_password_send:  Checking password for unmapped 
> user []\[]@[AERIS]
> auth_check_password_send:  mapped user is: [CYBERSTORM]\[]@[AERIS]
> sAMAccountName 'Administrator' for sid
> S-1-5-21-266187598-2632415220-1058065203-500 does not exist 
> as a local user
> sAMAccountName 'Administrator' for sid
> S-1-5-21-266187598-2632415220-1058065203-500 does not exist 
> as a local user
> sid_to_unixuid: no uidNumber, unixName or sAMAccountName for 
> sid S-1-5-7
> 192.168.0.1 closed connection to service IPC$
> -------8<------8<-------8<------8<------
> 
> this is with fresh ldb databases created through "setup/provision
> --realm=CYBERSTORM.COM --domain=CYBERSTORM --adminpass=<password>"
> 
> I checked the ldb databases for the unixName property of
> S-1-5-21-266187598-2632415220-1058065203-500 and it all looks 
> okay (and yes,
> the password given to setup/provision matches the unix root 
> password, not
> sure if that's a requirement though...)
> 
> -------8<------8<-------8<------8<------
> # record 5
> dn: CN=Administrator,CN=Users,DC=cyberstorm,DC=com
> cn: Administrator
> description: Built-in account for administering the computer/domain
> memberOf: CN=Group Policy Creator Owners,CN=Users,DC=cyberstorm,DC=com
> memberOf: CN=Domain Admins,CN=Users,DC=cyberstorm,DC=com
> memberOf: CN=Enterprise Admins,CN=Users,DC=cyberstorm,DC=com
> memberOf: CN=Schema Admins,CN=Users,DC=cyberstorm,DC=com
> memberOf: CN=Administrators,CN=Builtin,DC=cyberstorm,DC=com
> userAccountControl: 66048
> objectSid: S-1-5-21-266187598-2632415220-1058065203-500
> adminCount: 1
> accountExpires: -1
> sAMAccountName: Administrator
> isCriticalSystemObject: TRUE
> instanceType: 4
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0 
> primaryGroupID: 513
> logonCount: 0
> sAMAccountType: 805306368
> objectCategory: 
> CN=Person,CN=Schema,CN=Configuration,DC=cyberstorm,DC=com
> uSNCreated: 531 
> ntPwdHash:: xo55nYAQ83prFnzEY87Brg==
> lmPwdHash:: MTsgggN4msYdkaCB1LN4YQ==
> krb5Key::
> MD2hEzARoAMCAQOhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
>  ZG1pbmlzdHJhdG9y
> krb5Key::
> MD2hEzARoAMCAQKhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
>  ZG1pbmlzdHJhdG9y
> krb5Key::
> MD2hEzARoAMCAQGhCgQIrtkctqiebd+iJjAkoAMCAQOhHQQbQ1lCRVJTVE9STS5DT01B
>  ZG1pbmlzdHJhdG9y
> krb5Key::
> MFWhKzApoAMCARKhIgQg3wkhn4wbptX+MUBHTZ0uuaqfM1z7L9hywMRlWWEh4PmiJjAk
>  oAMCAQOhHQQbQ1lCRVJTVE9STS5DT01BZG1pbmlzdHJhdG9y
> krb5Key::
> ME2hIzAhoAMCARChGgQYetAqsCA9N1jqq2eb8YVUTKQp0BrBNw11oiYwJKADAgEDoR0E
>  G0NZQkVSU1RPUk0uQ09NQWRtaW5pc3RyYXRvcg==
> krb5Key:: MB2hGzAZoAMCARehEgQQxo55nYAQ83prFnzEY87Brg==
> pwdLastSet: 128010495550000000
> msDS-KeyVersionNumber: 1
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> name: Administrator
> objectGUID: ca262b4e-b42c-401b-9533-71cdc0542931
> whenCreated: 20060826070555.0Z
> whenChanged: 20060826070555.0Z
> unixName: root
> uSNChanged: 605
> distinguishedName: CN=Administrator,CN=Users,DC=cyberstorm,DC=com
> -------8<------8<-------8<------8<------
> 
> for completeness, here's the entry for SID S-1-5-7 which is 
> also mentioned
> in the debug log:
> 
> -------8<------8<-------8<------8<------
> # record 39
> dn: CN=S-1-5-7,CN=ForeignSecurityPrincipals,DC=cyberstorm,DC=com
> description: Anonymous
> instanceType: 4
> showInAdvancedViewOnly: TRUE
> objectCategory:
> CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,DC=cy
>  berstorm,DC=com
> uSNCreated: 535
> objectSid: S-1-5-7
> objectClass: top
> objectClass: foreignSecurityPrincipal
> name: S-1-5-7
> CN: S-1-5-7
> objectGUID: 687dabe5-8b80-413a-aa79-47ebe9690a1f
> whenCreated: 20060826070556.0Z
> whenChanged: 20060826070556.0Z
> unixName: nobody
> uSNChanged: 596
> distinguishedName:
> CN=S-1-5-7,CN=ForeignSecurityPrincipals,DC=cyberstorm,DC=co
>  m
> -------8<------8<-------8<------8<------
> 
> Feel free to enlighten me on how I get back access to my share ;-)
> 
> Thanks
> -Michael
> 
> P.S.: I'm on #samba-technical ocassionally, if you happen to 
> catch me there,
> I'm under the nick "Dark-Star"
>

More information about the samba-technical mailing list