[Samba] Problem authenticating with Samba (security=domain) + Windows 2000 PDC

Javier Castillo Alcibar javier.castillo at euroview-spain.com
Mon Dec 16 17:20:01 GMT 2002 

	I'm doing more tests.....with the Microsoft Network Monitor, I
capture a packet which contains:

.......................
TCP: .AP..., len:  438, seq:3042228556-3042228994, ack:3265237668,
win:64240, src:  445  dst:35027 
NBT: SS: Session Message, Len: 434
SMB: R transact - NT error, System, Warning, Code = (5)
STATUS_BUFFER_OVERFLOW
MSRPC: c/o RPC Response:     call 0x4  context 0x0  hint 0x16C  cancels
0x0
R_LOGON: RPC Server response logon:NetrLogonSamLogon(..)
	R_LOGON: PNETLOGON_AUTHENTICATOR ReturnAuthenticator {..}
		R_LOGON: NETLOGON_CREDENTIAL Credential {..}
		R_LOGON: DWORD timestamp = 1040057871 (0x3DFE060F)
	R_LOGON: PNETLOGON_VALIDATION ValidationInformation {..}
		R_LOGON: Switch Value = 3 (0x3)
		R_LOGON: PNETLOGON_VALIDATION_SAM_INFO2 ValidationSam2
{..}
			R_LOGON: OLD_LARGE_INTEGER LogonTime {..}
.........................
.........................


	so, is possible that samba fails to interpret the pdc's answer
because of the smb warning??

	Thx a lot.
	Javier.

-----Mensaje original-----
De: Javier Castillo Alcibar 
Enviado el: lunes 16 de diciembre de 2002 8:33
Para: 'John H Terpstra'
CC: 'samba at lists.samba.org'
Asunto: RE: [Samba] Problem authenticating with Samba (security=domain)
+ Windows 2000 PDC


Sure, I did it without problem.....

-----Mensaje original-----
De: John H Terpstra [mailto:jht at samba.org] 
Enviado el: viernes, 13 de diciembre de 2002 18:44
Para: Javier Castillo Alcibar
CC: samba at lists.samba.org
Asunto: Re: [Samba] Problem authenticating with Samba (security=domain)
+ Windows 2000 PDC

On Fri, 13 Dec 2002, Javier Castillo Alcibar wrote:

> I'd set up my samba 2.2.7 to auth with "security=domain" mode, but my
> clients cannot auth successfully never because the samba server cannot
> "talk" correctly with my PDC(w2k adv. Server).
>
> In the computer manager event, I see authentication request but with
> empty usernames......so the PDC reject the authentication request.

Did you use "smbpasswd -j mydomain -r pdc_name" to join the domain?

> Is this a know behaviour??

Yes, if your samba server did not join the domain.

> Here is my config:
> [global]
>    workgroup = MYDOMAIN
>    netbios name = DEBIANXFS
>    server string = %h server (Samba %v)
>    guest account = nobody
>    invalid users = root
>    security = domain
>    max log size = 100000
>    password server = *
>    syslog = 0
>    encrypt passwords = Yes
>    socket options = TCP_NODELAY
>    wins support = no
>    wins server = 192.168.4.12
>    dns proxy = yes
>    name resolve order = wins lmhosts host bcast
>    unix password sync = false
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
>    pam password change = no
>    obey pam restrictions = yes
>    winbind uid = 10000-20000
>    winbind gid = 10000-20000
>    winbind use default domain = yes

- John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list