Samba 4 alpha and OpenLDAP
Christophe Thibault
christophe.thibault at planisware.com
Thu Jul 24 13:28:41 GMT 2008
Hi,
I tried to join a XP SP2 workstation to my test domain, but get the
following error messages:
* on the workstation, while getting the domain:
"The following error occurred attempting to join the domain 'XXXXXX':
Unable to update the password. The value provided as the current
password is incorrect."
* On the samba logs:
There are "netlogon request to XXXX<1c> from 172.16.15.11:138"
(172.16.15.11 is my XP workstation IP).
There is also these traces:
Kerberos: AS-REQ Administrator at XXXXX from 172.16.15.11 for
krbtgt/XXXXX at XXXXX
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- Administrator at XXXXX
Kerberos: Looking for ENC-TS pa-data -- Administrator at XXXXX
Kerberos: ENC-TS Pre-authentication succeeded -- Administrator at XXXXX
using arcfour-hmac-md5
Kerberos: Client supported enctypes: arcfour-hmac-md5, -133, -128,
des-cbc-md5, des-cbc-crc, 24, -135
Kerberos: Using arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable_ok, canonicalize, renewable,
forwardable
Kerberos: AS-REQ authtime: 2008-07-24T15:10:26 starttime: unset endtime:
2037-09-13T04:48:05 renew till: 2037-09-13T04:48:05
Kerberos: AS-REQ Administrator at XXXXX from 172.16.15.11 for
krbtgt/XXXXX at XXXXX
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- Administrator at XXXXX
Kerberos: Looking for ENC-TS pa-data -- Administrator at XXXXX
Kerberos: ENC-TS Pre-authentication succeeded -- Administrator at XXXXX
using arcfour-hmac-md5
Kerberos: Client supported enctypes: arcfour-hmac-md5, -133, -128,
des-cbc-md5, des-cbc-crc, 24, -135
Kerberos: Using arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable_ok, canonicalize, renewable,
forwardable
Kerberos: AS-REQ authtime: 2008-07-24T15:10:27 starttime: unset endtime:
2037-09-13T04:48:05 renew till: 2037-09-13T04:48:05
single_terminate: reason[NT_STATUS_END_OF_FILE]
Kerberos: TGS-REQ Administrator at XXXXX.MYCORP.COM from 172.16.15.11 for
cifs/CINDY at XXXXX.MYCORP.COM [renewable, forwardable]
Kerberos: TGS-REQ authtime: 2008-07-24T15:10:27 starttime:
2008-07-24T15:10:27 endtime: 2037-09-13T04:48:05 renew till: unset
Kerberos: TGS-REQ Administrator at XXXXX.MYCORP.COM from 172.16.15.11 for
krbtgt/XXXXX.MYCORP.COM at XXXXX.MYCORP.COM [renewable_ok, canonicalize,
renewable, forwarded, forwardable]
Kerberos: TGS-REQ authtime: 2008-07-24T15:10:27 starttime:
2008-07-24T15:10:27 endtime: 2037-09-13T04:48:05 renew till: unset
Kerberos: TGS-REQ Administrator at XXXXX.MYCORP.COM from 172.16.15.11 for
krbtgt/XXXXX.MYCORP.COM at XXXXX.MYCORP.COM [renewable_ok, canonicalize,
renewable, forwarded, forwardable]
Kerberos: TGS-REQ authtime: 2008-07-24T15:10:27 starttime:
2008-07-24T15:10:27 endtime: 2037-09-13T04:48:05 renew till: unset
single_terminate: reason[NT_STATUS_END_OF_FILE]
...
using SPNEGO
Selected protocol [5][NT LM 0.12]
Kerberos: AS-REQ Administrator at XXXXX from 172.16.15.11 for
krbtgt/XXXXX at XXXXX
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- Administrator at XXXXX
Kerberos: Looking for ENC-TS pa-data -- Administrator at XXXXX
Kerberos: ENC-TS Pre-authentication succeeded -- Administrator at XXXXX
using arcfour-hmac-md5
Kerberos: Client supported enctypes: arcfour-hmac-md5, -133, -128,
des-cbc-md5, des-cbc-crc, 24, -135
Kerberos: Using arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable_ok, canonicalize, renewable,
forwardable
Kerberos: AS-REQ authtime: 2008-07-24T15:10:36 starttime: unset endtime:
2037-09-13T04:48:05 renew till: 2037-09-13T04:48:05
Kerberos: AS-REQ Administrator at XXXXX from 172.16.15.11 for
krbtgt/XXXXX at XXXXX
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- Administrator at XXXXX
Kerberos: Looking for ENC-TS pa-data -- Administrator at XXXXX
Kerberos: ENC-TS Pre-authentication succeeded -- Administrator at XXXXX
using arcfour-hmac-md5
Kerberos: Client supported enctypes: arcfour-hmac-md5, -133, -128,
des-cbc-md5, des-cbc-crc, 24, -135
Kerberos: Using arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable_ok, canonicalize, renewable,
forwardable
Kerberos: AS-REQ authtime: 2008-07-24T15:10:36 starttime: unset endtime:
2037-09-13T04:48:05 renew till: 2037-09-13T04:48:05
single_terminate: reason[NT_STATUS_END_OF_FILE]
Kerberos: TGS-REQ Administrator at XXXXX.MYCORP.COM from 172.16.15.11 for
cifs/cindy.xxxxx.mycorp.com at XXXXX.MYCORP.COM [renewable, forwardable]
Kerberos: TGS-REQ authtime: 2008-07-24T15:10:36 starttime:
2008-07-24T15:10:36 endtime: 2037-09-13T04:48:05 renew till: unset
Kerberos: TGS-REQ Administrator at XXXXX.MYCORP.COM from 172.16.15.11 for
cifs/cindy.xxxxx.mycorp.com at XXXXX.MYCORP.COM [renewable, forwardable]
Kerberos: TGS-REQ authtime: 2008-07-24T15:10:36 starttime:
2008-07-24T15:10:36 endtime: 2037-09-13T04:48:05 renew till: unset
single_terminate: reason[NT_STATUS_END_OF_FILE]
Kerberos: TGS-REQ Administrator at XXXXX.MYCORP.COM from 172.16.15.11 for
krbtgt/XXXXX.MYCORP.COM at XXXXX.MYCORP.COM [renewable_ok, canonicalize,
renewable, forwarded, forwardable]
Kerberos: TGS-REQ authtime: 2008-07-24T15:10:36 starttime:
2008-07-24T15:10:36 endtime: 2037-09-13T04:48:05 renew till: unset
Kerberos: TGS-REQ Administrator at XXXXX.MYCORP.COM from 172.16.15.11 for
krbtgt/XXXXX.MYCORP.COM at XXXXX.MYCORP.COM [renewable_ok, canonicalize,
renewable, forwarded, forwardable]
Kerberos: TGS-REQ authtime: 2008-07-24T15:10:36 starttime:
2008-07-24T15:10:36 endtime: 2037-09-13T04:48:05 renew till: unset
single_terminate: reason[NT_STATUS_END_OF_FILE]
Found account name from PAC: Administrator []
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
added interface ip=172.16.0.2 nmask=255.255.0.0
added interface ip=172.16.0.2 nmask=255.255.0.0
Got challenge flags:
Got NTLMSSP neg_flags=0x00028205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x00008205
172.16.15.11 closed connection to service IPC$
single_terminate: reason[NT_STATUS_END_OF_FILE]
Received dgram packet of length 201 from 172.16.15.11:138
(I tried to remove other Samba announcements)
Any idea?
thanks,
chris
Christophe Thibault a écrit :
> oops,
>
> I saw what I missed ;)
>
> I have to specify to the slapcat command the database number to dump it,
> since there are multiple databases ;)
>
> Thanks for the info, I continue to play !
>
> chris
>
> Andrew Bartlett a écrit :
>> On Tue, 2008-07-22 at 10:38 +0200, Christophe Thibault wrote:
>>
>>> Hi,
>>>
>>> The OpenLDAP server starts fine, Samba also starts fine, but after
>>> running the scripts, the database seems to be quite empty.
>>>
>>> It only contains the following objects (dumped with the "openldap
>>> slapcat command):
>>>
>>>
>>> ## start -----
>>> dn: cn=Samba
>>>
>>
>> This is the Samba 'management partitition' (for want of a better
>> description). It contains just enough so that we can do a SASL bind to
>> OpenLDAP, and create the rest with the actual provision script, against
>> a 'live' openldap instance.
>>
>> The rest will be under dc=example,dc=com (or whatever you selected).
>> Andrew Bartlett
>>
>>
>
>
More information about the samba-technical
mailing list