[Samba] somebody please help

Thamara Wanigatunga thamara at jkcs.slt.lk
Fri May 10 00:29:10 GMT 2002 

Dear all,

I have a serious problem that I can't rectify. My smb.conf is as follows. I
use Solaris 2.6 on SPARC

# Global parameters
[global]
      workgroup = SOME_DOMAIN
      netbios name = 220R
      server string = Samba For Backup On Solaris
      security = SERVER
      encrypt passwords = Yes
      update encrypted = Yes
      obey pam restrictions = Yes
      password server = * 10.2.240.251
      socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
      os level = 50
      preferred master = False
      local master = No
      domain master = False
      dns proxy = No
      wins server = 10.2.240.251
      winbind uid = 10000-20000
      winbind gid = 10000-20000
      template homedir = /samba/shares/%D/%U
      template shell = /bin/sh
      guest account = ftp

The samba server is shown in the network neighborhood. When security is set
to domain users are prompted for the password that does not happen if
security is set to server.

Log.winbind

[2002/05/09 12:54:13, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/05/09 12:54:13, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/05/09 12:54:13, 0]
smbd/password.c:connect_to_domain_password_server(1336)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine SOMEMASTER. Error was : NT_STATUS_OK.
[2002/05/09 12:54:13, 0] smbd/password.c:domain_client_validate(1554)
  domain_client_validate: Domain password server not available.
[2002/05/09 13:14:39, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/05/09 13:14:39, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/05/09 13:14:39, 0] nsswitch/winbindd_cm.c:cm_get_netlogon_cli(692)
  error connecting to domain password server: NT_STATUS_ACCESS_DENIED
[2002/05/09 13:21:43, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/05/09 13:21:43, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/05/09 13:21:43, 0] nsswitch/winbindd_cm.c:cm_get_netlogon_cli(692)
  error connecting to domain password server: NT_STATUS_ACCESS_DENIED

log.smbd

2002/05/10 12:30:39, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/05/10 12:30:39, 0]
smbd/password.c:connect_to_domain_password_server(1336)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine SOMEMASTER. Error was : NT_STATUS_OK.
[2002/05/10 12:30:39, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/05/10 12:30:39, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
  cli_nt_setup_creds: auth2 challenge failed
[2002/05/10 12:30:39, 0]
smbd/password.c:connect_to_domain_password_server(1336)
  connect_to_domain_password_server: unable to setup the PDC credentials to
machine SOMEMASTER. Error was : NT_STATUS_OK.
[2002/05/10 12:30:39, 0] smbd/password.c:domain_client_validate(1554)
  domain_client_validate: Domain password server not available.
[2002/05/10 12:32:29, 0] smbd/server.c:main(698)
  smbd version 2.2.3a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002
[2002/05/10 12:32:29, 0] lib/pidfile.c:pidfile_create(86)
  ERROR: smbd is already running. File /usr/local/samba/var/locks/smbd.pid
exists and process id 1204 is running.
[2002/05/10 12:32:40, 0] smbd/server.c:main(698)
  smbd version 2.2.3a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2002

Also when I do a wbinfo ?t it says

Secret is bad
0xc0000022

wbinfo ?a output is

wbinfo -a SOME_DOMAIN\\guest%password
plaintext password authentication failed
Could not authenticate user SOME_DOMAIN\guest%password with plaintext
password
challenge/response password authentication failed
Could not authenticate user SOME_DOMAIN\guest%password with
challenge/response
and winbind in debug mode presents

[ 1370]: check machine account
resolve_lmhosts: Attempting lmhosts lookup for name SOMEMASTER<0x20>
resolve_hosts: Attempting host lookup for name SOMEMASTER<0x20>
resolve_wins: Attempting wins lookup for name SOMEMASTER<0x20>
resolve_wins: WINS server == <10.2.240.251>
bind succeeded on port 0
Got a positive name query response from 10.2.240.251 ( 10.2.240.251 )
IPC$ connections done anonymously
Connecting to 10.2.240.251 at port 445
error connecting to 10.2.240.251:445 (Connection refused)
Connecting to 10.2.240.251 at port 139
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
cli_nt_setup_creds: auth2 challenge failed
error connecting to domain password server: NT_STATUS_ACCESS_DENIED
could not open handle to NETLOGON pipe

To overcome this I did
Removed the machine from the server manager(PDC is win Nt4)
Stopped all samba daemons
Removed all files in the private dir
Created a computer account using useradd ?s /bin/false ?d /dev/null "220R$"
Used smbpasswd ?a ?m 220R$

Created the above smb.conf and started the services. Still prompts for the
username and password if I have security as domain. Also wbinfo ?t reports
a bad secret getent passwd reports all user details including NT users.
Users can connect to their shares using the security=server option in the
server.
I'm running samba 2.2.3a on Solaris with winbind

Thanks in advance

More information about the samba mailing list