user authentication issues with samba4-beta5 as a member server
Jean Raby
jraby at inverse.ca
Thu Aug 30 08:58:08 MDT 2012
Hi all,
I'm trying to setup samba4 (beta5) as a member server in a 2003 domain
and I'm struggling to get the user authentication to work.
I ran the provision script with '--server-role=member' and then joined
the domain using 'samba-tool domain join domainname MEMBER'.
At that point, 'wbinfo -u', 'wbinfo -g' and 'wbinfo -i username' all
work fine, but 'wbinfo -a' and 'wbinfo -K' both return
NT_STATUS_ACCESS_DENIED.
I tested with a few users and the result is the same.
The passwords have been verified to work using kinit.
Am I missing something obvious?
Here's the logs when trying to authenticate a user.
using wbinfo -a:
Received winbind TCP packet of length 2096 from unix:
Got winbind samba3 request 0
Received winbind TCP packet of length 2096 from unix:
Got winbind samba3 request 47
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0.25
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Received winbind TCP packet of length 2096 from unix:
Got winbind samba3 request 13
wbsrv_samba3_pam_auth called
wb_sid2domain_send called
seed 3b4de947:390b0479
seed+time 8b8c4822:390b0479
CLIENT 2563a53a:2eaf01b3
seed+time+1 8b8c4823:390b0479
SERVER 85a57e26:04e81ba1
rpc request data:
[0000] 00 00 02 00 1B 00 00 00 00 00 00 00 1B 00 00 00 ........ ........
[0010] 5C 00 5C 00 79 00 76 00 6F 00 6E 00 2D 00 61 00 \.\.y.v. o.n.-.a.
[0020] 64 00 2E 00 6F 00 70 00 65 00 6E 00 63 00 68 00 d...o.p. e.n.c.h.
[0030] 61 00 6E 00 67 00 65 00 2E 00 6C 00 6F 00 63 00 a.n.g.e. ..l.o.c.
[0040] 61 00 6C 00 00 00 00 00 04 00 02 00 05 00 00 00 a.l..... ........
[0050] 00 00 00 00 05 00 00 00 53 00 4F 00 47 00 4F 00 ........ S.O.G.O.
[0060] 00 00 00 00 08 00 02 00 3A A5 63 25 B3 01 AF 2E ........ :.c%....
[0070] DB 5E 3E 50 0C 00 02 00 00 00 00 00 00 00 00 00 .^>P.... ........
[0080] 00 00 00 00 02 00 02 00 10 00 02 00 14 00 14 00 ........ ........
[0090] 14 00 02 00 20 08 00 00 00 00 00 00 00 00 00 00 .... ... ........
[00A0] 16 00 16 00 18 00 02 00 08 00 08 00 1C 00 02 00 ........ ........
[00B0] 02 99 AD D4 78 CE 77 20 54 00 54 00 20 00 02 00 ....x.w T.T. ...
[00C0] 18 00 18 00 24 00 02 00 0A 00 00 00 00 00 00 00 ....$... ........
[00D0] 0A 00 00 00 4F 00 50 00 45 00 4E 00 43 00 48 00 ....O.P. E.N.C.H.
[00E0] 41 00 4E 00 47 00 45 00 0B 00 00 00 00 00 00 00 A.N.G.E. ........
[00F0] 0B 00 00 00 6F 00 70 00 65 00 6E 00 63 00 68 00 ....o.p. e.n.c.h.
[0100] 61 00 6E 00 67 00 65 00 31 00 00 00 04 00 00 00 a.n.g.e. 1.......
[0110] 00 00 00 00 04 00 00 00 53 00 4F 00 47 00 4F 00 ........ S.O.G.O.
[0120] 54 00 00 00 00 00 00 00 54 00 00 00 46 38 AF 28 T....... T...F8.(
[0130] 0E D1 5D FC F6 47 69 6A 16 3E C3 C6 01 01 00 00 ..]..Gij .>......
[0140] 00 00 00 00 00 88 E4 43 18 86 CD 01 8B C3 26 59 .......C ......&Y
[0150] 7B FB 52 FD 00 00 00 00 02 00 14 00 4F 00 50 00 {.R..... ....O.P.
[0160] 45 00 4E 00 43 00 48 00 41 00 4E 00 47 00 45 00 E.N.C.H. A.N.G.E.
[0170] 01 00 08 00 53 00 4F 00 47 00 4F 00 00 00 00 00 ....S.O. G.O.....
[0180] 18 00 00 00 00 00 00 00 18 00 00 00 A0 3A 7E E9 ........ .....:~.
[0190] DF 6D B9 66 CD C6 D3 DA 43 2A 9B 5D 0F 1A F2 50 .m.f.... C*.]...P
[01A0] 38 F1 8E 7C 03 00 8..|..
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=496, this_data=496, max_data=4280, param_offset=84,
param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
smb_signing_md5: sequence number 206
smb_signing_sign_pdu: sent SMB signature of
[0000] 1D F5 C4 89 64 27 AB D9 ....d'..
smb_signing_md5: sequence number 207
smb_signing_check_pdu: seq 207: got good SMB signature of
[0000] EA 25 E6 27 1C F2 40 0D .%.'.. at .
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
rpc reply data:
[0000] 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 03 00 00 00 00 00 00 00 00 00 00 00 22 00 00 C0 ........ ...."...
--------------
Using wbinfo -K :
Received winbind TCP packet of length 2096 from unix:
Got winbind samba3 request 0
Received winbind TCP packet of length 2096 from unix:
Got winbind samba3 request 47
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0.25
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Received winbind TCP packet of length 2096 from unix:
Got winbind samba3 request 13
wbsrv_samba3_pam_auth called
wb_sid2domain_send called
seed eb0f8a6d:390b0479
seed+time 3b4de946:390b0479
CLIENT e56fef5b:8ecb172c
seed+time+1 3b4de947:390b0479
SERVER a9dbce02:50ea667b
rpc request data:
[0000] 00 00 02 00 1B 00 00 00 00 00 00 00 1B 00 00 00 ........ ........
[0010] 5C 00 5C 00 79 00 76 00 6F 00 6E 00 2D 00 61 00 \.\.y.v. o.n.-.a.
[0020] 64 00 2E 00 6F 00 70 00 65 00 6E 00 63 00 68 00 d...o.p. e.n.c.h.
[0030] 61 00 6E 00 67 00 65 00 2E 00 6C 00 6F 00 63 00 a.n.g.e. ..l.o.c.
[0040] 61 00 6C 00 00 00 00 00 04 00 02 00 05 00 00 00 a.l..... ........
[0050] 00 00 00 00 05 00 00 00 53 00 4F 00 47 00 4F 00 ........ S.O.G.O.
[0060] 00 00 00 00 08 00 02 00 5B EF 6F E5 2C 17 CB 8E ........ [.o.,...
[0070] D9 5E 3E 50 0C 00 02 00 00 00 00 00 00 00 00 00 .^>P.... ........
[0080] 00 00 00 00 02 00 02 00 10 00 02 00 14 00 14 00 ........ ........
[0090] 14 00 02 00 20 08 00 00 00 00 00 00 00 00 00 00 .... ... ........
[00A0] 16 00 16 00 18 00 02 00 08 00 08 00 1C 00 02 00 ........ ........
[00B0] 88 D3 79 26 CE B6 69 40 54 00 54 00 20 00 02 00 ..y&..i@ T.T. ...
[00C0] 18 00 18 00 24 00 02 00 0A 00 00 00 00 00 00 00 ....$... ........
[00D0] 0A 00 00 00 4F 00 50 00 45 00 4E 00 43 00 48 00 ....O.P. E.N.C.H.
[00E0] 41 00 4E 00 47 00 45 00 0B 00 00 00 00 00 00 00 A.N.G.E. ........
[00F0] 0B 00 00 00 6F 00 70 00 65 00 6E 00 63 00 68 00 ....o.p. e.n.c.h.
[0100] 61 00 6E 00 67 00 65 00 31 00 00 00 04 00 00 00 a.n.g.e. 1.......
[0110] 00 00 00 00 04 00 00 00 53 00 4F 00 47 00 4F 00 ........ S.O.G.O.
[0120] 54 00 00 00 00 00 00 00 54 00 00 00 17 1C 06 D2 T....... T.......
[0130] 25 F4 C9 30 CD 0A C4 89 DD 82 AC 30 01 01 00 00 %..0.... ...0....
[0140] 00 00 00 00 80 E1 ED E3 17 86 CD 01 66 83 64 78 ........ ....f.dx
[0150] CB 66 C2 21 00 00 00 00 02 00 14 00 4F 00 50 00 .f.!.... ....O.P.
[0160] 45 00 4E 00 43 00 48 00 41 00 4E 00 47 00 45 00 E.N.C.H. A.N.G.E.
[0170] 01 00 08 00 53 00 4F 00 47 00 4F 00 00 00 00 00 ....S.O. G.O.....
[0180] 18 00 00 00 00 00 00 00 18 00 00 00 65 88 12 D3 ........ ....e...
[0190] 2A C5 49 57 C5 5A 24 E2 33 BA 09 7E 25 00 3F 7C *.IW.Z$. 3..~%.?|
[01A0] B2 2B 1F 4E 03 00 .+.N..
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=496, this_data=496, max_data=4280, param_offset=84,
param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
smb_signing_md5: sequence number 204
smb_signing_sign_pdu: sent SMB signature of
[0000] 62 CE 10 4A E2 85 B4 AC b..J....
smb_signing_md5: sequence number 205
smb_signing_check_pdu: seq 205: got good SMB signature of
[0000] 81 CD 53 47 A2 70 80 CD ..SG.p..
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
rpc reply data:
[0000] 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 03 00 00 00 00 00 00 00 00 00 00 00 22 00 00 C0 ........ ...."...
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0.65
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Thanks.
--
Jean
More information about the samba-technical
mailing list