AW: [Samba] Login from win2k client to samba PDC
Markus PISTAUER (CISC)
m.pistauer at cisc.at
Wed Apr 2 18:10:09 GMT 2003
Yes, I have set allready the value to zero ....
I have now (as proposed) deleted my old log file and tried to login to the
domain using the win2k client (which is a win2k server with SP3) Don't
wonder about time stamps (I have seen that the time has to be adjusted ...)
For test reasons I have renamed the domain to "PIST" (here is the global
section and the log file), joined the client again (now to domain "PIST").
The login-try I did was with a user name in the smbpasswd (but not "nobody"
what shows up allways) Also the protocol negociation seems to be OK, the
domain name (PIST) seems to be missing/empty when passing the info from the
client to the samba server.
Client:
name: win2k1
IP: 192.168.xx.y
---------------------8<---------- log file -------------------------
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 1 of length 137
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBnegprot (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
Requested protocol [LANMAN1.0]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
Requested protocol [Windows for Workgroups 3.1a]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
Requested protocol [LM1.2X002]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
Requested protocol [LANMAN2.1]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
Requested protocol [NT LM 0.12]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(426)
Selected protocol NT LM 0.12
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 2 of length 137
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBsesssetupX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/reply.c:reply_sesssetup_and_X(858)
Domain=[] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
[2002/01/05 19:45:49, 3] smbd/reply.c:reply_sesssetup_and_X(868)
sesssetupX:name=[]
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:push_sec_ctx(297)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/uid.c:push_conn_ctx(286)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] smbd/password.c:register_vuid(336)
uid 65534 registered to name nobody
[2002/01/05 19:45:49, 3] smbd/password.c:register_vuid(338)
Clearing default real name
[2002/01/05 19:45:49, 3] smbd/password.c:register_vuid(340)
User name: nobody Real name: nobody
[2002/01/05 19:45:49, 3] smbd/process.c:chain_reply(1023)
Chained message
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBtconX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/password.c:authorise_login(855)
authorise_login: ACCEPTED: guest account and guest ok (nobody)
[2002/01/05 19:45:49, 3] smbd/service.c:make_connection(491)
Connect path is /var/tmp
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:push_sec_ctx(297)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/uid.c:push_conn_ctx(286)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(269)
se_access_check: user sid is
S-1-5-21-4082881408-3458373132-3265765068-132068
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
se_access_check: also S-1-5-21-4082881408-3458373132-3265765068-132067
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
se_access_check: also S-1-5-21-4082881408-3458373132-3265765068-132069
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
se_access_check: also S-1-1-0
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
se_access_check: also S-1-5-2
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
se_access_check: also S-1-5-32-546
[2002/01/05 19:45:49, 3] smbd/vfs.c:vfs_init_default(122)
Initialising default vfs hooks
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(334)
2 user groups:
65533 65534
[2002/01/05 19:45:49, 3] smbd/vfs.c:vfs_ChDir(569)
vfs_ChDir to /var/tmp
[2002/01/05 19:45:49, 3] smbd/service.c:make_connection(640)
win2k1 (192.168.xx.y) connect to service IPC$ as user nobody (uid=65534,
gid=65533) (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/reply.c:reply_tcon_and_X(396)
tconX service=ipc$ user=nobody
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 3 of length 97
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBntcreateX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(334)
2 user groups:
65533 65534
[2002/01/05 19:45:49, 3] smbd/nttrans.c:nt_open_pipe(559)
nt_open_pipe: Known pipe NETLOGON opening.
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 4 of length 152
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBtrans (pid 5412)
[2002/01/05 19:45:49, 3] smbd/ipc.c:reply_trans(520)
trans <\PIPE\> data=72 params=0 setup=2
[2002/01/05 19:45:49, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2002/01/05 19:45:49, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "NETLOGON" (pnum 74f9)api_pipe_bind_req:
\PIPE\NETLOGON -> \PIPE\lsass
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 5 of length 164
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBwriteX (pid 5412)
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_pipe_request(1148)
Doing \PIPE\NETLOGON
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_rpcTNP(1180)
api_rpcTNP: pipe 29945 rpc command: NET_REQCHAL
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:push_sec_ctx(297)
push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/uid.c:push_conn_ctx(286)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
free_pipe_context: destroying talloc pool of size 36
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
writeX-IPC pnum=74f9 nwritten=96
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 6 of length 63
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBreadX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
readX-IPC pnum=74f9 min=1024 max=1024 nread=36
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 7 of length 200
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBwriteX (pid 5412)
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_pipe_request(1148)
Doing \PIPE\NETLOGON
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
writeX-IPC pnum=74f9 nwritten=132
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 8 of length 63
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBreadX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
readX-IPC pnum=74f9 min=1024 max=1024 nread=32
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 9 of length 200
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBwriteX (pid 5412)
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_pipe_request(1148)
Doing \PIPE\NETLOGON
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_rpcTNP(1180)
api_rpcTNP: pipe 29945 rpc command: NET_AUTH2
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
free_pipe_context: destroying talloc pool of size 54
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
writeX-IPC pnum=74f9 nwritten=132
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 10 of length 63
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBreadX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
readX-IPC pnum=74f9 min=1024 max=1024 nread=40
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
Transaction 11 of length 45
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
switch message SMBclose (pid 5412)
[2002/01/05 19:46:00, 3] smbd/process.c:process_smb(878)
Transaction 12 of length 39
[2002/01/05 19:46:00, 3] smbd/process.c:switch_message(685)
switch message SMBtdis (pid 5412)
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/service.c:close_cnum(681)
win2k1 (192.168.xx.y) closed connection to service IPC$
[2002/01/05 19:46:00, 3] smbd/connection.c:yield_connection(48)
Yielding connection to IPC$
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/vfs.c:vfs_ChDir(569)
vfs_ChDir to /
[2002/01/05 19:46:00, 3] smbd/process.c:process_smb(878)
Transaction 13 of length 43
[2002/01/05 19:46:00, 3] smbd/process.c:switch_message(685)
switch message SMBulogoffX (pid 5412)
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/reply.c:reply_ulogoffX(1779)
ulogoffX vuid=100
[2002/01/05 19:47:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
---------------------8<---------- log file end ---------------------
---------------------8<----------- smb.conf ------------------------
[global]
workgroup = PIST
encrypt passwords = Yes
log level = 3
log file = /data/samba/log/samba.log.%m
max log size = 100
max xmit = 17384
domain admin group = @root
logon script = logon.bat %U %G %L
logon path = \\sambasrv\profiles\%U
logon home = /data/samba/data/users/%U
domain logons = Yes
os level = 34
preferred master = True
domain master = True
map system = Yes
map hidden = Yes
--------------------8<----------------------------------------------
"John H Terpstra" <jht at samba.org> schrieb im Newsbeitrag
news:<20030402174026$3f9f at gated-at.bofh.it>...
> Markus,
>
> Have you disabled sign-or-seal on your workstation? You will need to check
> the security settings on your Win2K SP3 client to make sure that
> "RequiresSignOrSeal is turned off.
>
> Failing that, you will need to collect the samba log file as you try to
> log onto the workstation so we can see what is going on.
>
> - John T.
>
> On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
>
> > John,
> >
> > thanks for that hint. It did not kill the server by you are perfectly
right.
> > I changed this and restarted the "smb" and "nmb" deamons - unfortunately
> > with the same result.
> >
> > When I watch e.g. the status with "swat" I see as follows after trying
with:
> >
> > smbclient -U <user> -L win2k1
> >
> > (what is strange since I connect as different user and not "nobody") The
> > connectiosn seems to be up, no errro in the logs but all is referring to
> > that user "nobody". I even have added "nobody" to the smbpasswd (but as
you
> > can guess this did not help either).
> >
> > Also I get the well known message "session setup failed:
> > NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE"
> >
> > Cut from SWAT (Status page):
> >
> > ------------8<--------------
> >
> > Active Connections
> > PID Client IP address
> > --------------------------------------
> > 4654 win2k1 192.168.xx.xx .....
> >
> > Active Shares
> > Share User Group PID Client Date
> > --------------------------------------
> > IPC$ nobody nobody 4654 win2k1 .....
> >
> > ------------8<---------------
> >
> >
> >
> > Do you have an other idea?
> >
> > Thank you
> > Markus
> >
> >
> >
> >
> >
> > "John H Terpstra" <jht at samba.org> schrieb im Newsbeitrag
> > news:<20030402162023$4954 at gated-at.bofh.it>...
> > > On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
> > >
> > > > Dear Eric,
> > > >
> > > > thanks for your answer. I have non of the items you defined in the
> > global
> > > > section. There is also no error in the log file. So I'm realy at the
end
> > of
> > > > my "know-how" (if any ...)
> > > >
> > > > My global section is:
> > > > ---------8<---------
> > > > [global]
> > > > workgroup = TEST
> > > > netbios aliases = TEST
> > >
> > > The above will kill your server! You can NOT have the workgroup name
and a
> > > machine name that are the same.
> > >
> > > - John T.
> > >
> > > > encrypt passwords = Yes
> > > > log level = 3
> > > > log file = /data/samba/log/samba.log.%m
> > > > max log size = 100
> > > > max xmit = 17384
> > > > domain admin group = @root
> > > > logon script = logon.bat %U %G %L
> > > > logon path = \\sambasrv\profiles\%U
> > > > logon home = /data/samba/data/users/%U
> > > > domain logons = Yes
> > > > os level = 34
> > > > preferred master = True
> > > > domain master = True
> > > > map system = Yes
> > > > map hidden = Yes
> > > > ---------8<---------
> > > >
> > > > Thanks, any other hint is very welcome
> > > >
> > > > Markus
> > > >
> > > >
> > > >
> > > > > -----Ursprüngliche Nachricht-----
> > > > > Von: Eric Halverson [mailto:ehalverson at dchs.us]
> > > > > Gesendet: Mittwoch, 02. April 2003 18:48
> > > > > An: Markus PISTAUER (CISC)
> > > > > Cc: Samba List
> > > > > Betreff: Re: [Samba] Login from win2k client to samba PDC
> > > > >
> > > > >
> > > > > Do you have either of the following defined in your global
section:
> > > > >
> > > > > write list
> > > > > valid users
> > > > >
> > > > > also look in your log files for that machine to see if you're
getting
> > an
> > > > > error about invalid user nobody. I was getting the same error
because
> > I
> > > > > defined those variables in the global section, which of course
made
> > the
> > > > > user nobody invalid as well as whoever else was undefined
(including
> > the
> > > > > machine account).
> > > > >
> > > > > On Wed, 2003-04-02 at 02:58, Markus PISTAUER (CISC) wrote:
> > > > > > I have joined my win2k client machines (win2k professional or
win2k
> > > > > > professional server) to my PDC. This worked fine and I did all
> > > > > recommended
> > > > > > as e.g. in the HOWTO
> > > > > > http://hr.uoregon.edu/davidrl/samba/samba-pdc.html#joining.
> > > > > >
> > > > > > So far I can also login localy to the win2k client machines
> > > > > using a local
> > > > > > account and connect a network drive from the PDC using a valid
> > > > > account on
> > > > > > the PDC (as given in the "smbpasswd" file)
> > > > > >
> > > > > > I have done all major steps:
> > > > > >
> > > > > > passwd file:
> > > > > > added users and machine accounts (as user <machine>$)
> > > > > > smbpasswd file:
> > > > > > added users with 'smbpasswd -a <user>'
> > > > > > added machines with 'smbpasswd -a <machine>
> > > > > > added user 'root' to smbpasswd
> > > > > > smb.conf:
> > > > > > all the necessary settings done (I can post the smb.conf if
> > > > > requested)
> > > > > >
> > > > > >
> > > > > > The problem:
> > > > > > ------------
> > > > > > If I try to login on the domain using the win2k client machine
> > > > > (selecting
> > > > > > the domain instead of the local machine name the login window) I
> > cannot
> > > > > > connect to the domain and get the error message:
> > > > > > The system cannot log you on to this domain because the
system's
> > > > > > computer account in its primary domain is missing or the
password
> > on
> > > > > > that account is incorrect
> > > > > >
> > > > > >
> > > > > > My environments settings:
> > > > > > -------------------------
> > > > > > I'm using Samba 2.2.5 (release 160), win2k prof with SP3 or no
> > > > > SP, classic
> > > > > > authentication on the PDC. Linux Kernel is 2.4.19 (Build 174).
> > > > > > I have also tried 2.2.8 with same failure.
> > > > > >
> > > > > > Any help would be VERY appreciated.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Markus Pistauer
> > > > > > mailto:m.pistauer at cisc.at
> > > > > >
> > > > > >
> > > >
> > > >
> > >
> > > --
> > > John H Terpstra
> > > Email: jht at samba.org
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> John H Terpstra
> Email: jht at samba.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list