[Samba] Samba 3beta3 and NETAPP filer - cannot join domain [long]

Ralph Angenendt ra at br-online.de
Fri Aug 8 12:48:28 GMT 2003


Hi,

when trying to get a Netapp filer (multi protocol) to join a domain
controlled by samba 3.0.0beta3 with ldapsam backend, I ran into a "small"
problem - the filer won't join the domain.

So we set up another server with samba 3.0.0beta3 using tdbsam(?) as the
passwd backend - and lo, the filer is able to join the domain.

Both "joins" are NT4 joins - as the filer doesn't (and can't) find a _ldap
service description in our DNS :)

The LDAP driven samba server is just working fine otherwise, leaving more
riddles for me.

The filer in question is a Netapp F810 with OS 6.3.1R1, OpenLDAP is at
version 2.1.22.

A user root with uid 0 and sambaSID S-1-5-21...-1000 is available in the
LDAP Directory, joining normal Workstations with root's credentials is
possible. 

The filer's root account has the same credentials, Administrator,
administrator and admin are mapped to the root account via user map in
smb.conf (which does not make any difference at all).

Sorry, this is going to be a long mail, I hope no one'll be angry because
of me flooding the mailing list. But as I've been searching for the last
week without getting *any* references to the problem I'm facing here, I hope
that you'll understand (and someone has at least a hint for me in which
direction further enlightenment might be found).

Here are the relevant config file sections and logs, both at log level 5. If
more information is needed I at least can offer logs from the ldapified
server with higher loglevels.

Because of length I edited the log files without leaving out relevant stuff
(at least I do hope so). I can make *full* logfiles available via web if
someone needs those.

This is the smb.conf of the "working" server:

| # Default setup to allow all from system to login if the account is
| # on the system or using service homes
| [global]
|    netbios name = TESTPDC
|    workgroup    = NETAPP
|    smb passwd file = /opt/private/smbpasswd
|    os level     = 65
|    preferred master = yes
|    domain master    = yes
|    local master     = yes
|    security         = User
|    encrypt passwords = yes
|    domain logons    = yes
|    logon path       = \\%N\profile\%u
|    logon drive      = H:
|    logon home       = \\testpdc\%u
|    logon script     = logon.cmd
|    add user script = /usr/sbin/useradd \
|    			-d /dev/null \
| 			-g 100 \
| 			-s /bin/false \
| 			-M %u
|    wins support    = yes
|    kernel oplocks = No
|    level2oplocks = No
| 
| [netlogon]
|     path = /opt/samba/netlogon
|     read only = yes
|     guest ok         = yes
|     write list = ntadmin,admin,root


And this is the one of the other server:


| [global]
|         workgroup = HAMMNEU
|         os level = 255
|         kernel oplocks = No
|         netbios name = kytherea
|         security = user
|         encrypt passwords = Yes
|         guest account = nobody
|         map to guest = Never
|         null passwords = yes
|         domain master = yes
|         domain logons = yes
|         preferred master = yes
|         passdb backend = ldapsam:ldap://kytherea.br.de/ guest
|         ldap suffix = dc=br-online,dc=de
|         ldap admin dn = cn=Admin,dc=br-online,dc=de
|         ldap ssl = start_tls
|         ldap user suffix = ou=People
|         ldap machine suffix = ou=Computers
| 	ldap group suffix = ou=Groups
|         ldap passwd sync = yes
|         log level = 5
| #         idmap backend     = ldap://kytherea.br.de/
| #         ldap idmap suffix = ou=idmap,dc=br-online,dc=de
| #         idmap uid = 10000-50000
|          idmap gid = 500-9999
| ;       add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -s /bin/false -g 1000 %u
|         interfaces = 10.65.33.52/255.255.255.0
|         wins support = Yes
|         server string = Domain-Controller HA-Multimedia
|         time server = Yes
| 	logon script = netlogon.bat
|         logon path = \\%L\profiles\%u
|         logon home = \\kytherea\%u
| [netlogon]
| 	comment = Network Logon Service
| 	path = /var/lib/samba/netlogon
| 	create mask = 0600
| 	directory mask = 0700
| 	browseable = No
| 	read only = No
| 	write list = ntadmin,admin,root

This is what happens on the filer when trying to join the domain (this is
the failure case, otherwise it just happily joins the domain) >:)

| filersin> cifs setup
| Enable CIFS access to the filer by a Windows(tm) PC
| 	Your filer is currently only visible to PCs on the same net.
| Do you wish to make the system visible via WINS? [no]: 
| 	This filer is currently configured as a Multiprotocol filer.
| Do you want to configure this filer as a NTFS-only filer? [no]: 
| 	This filer is currently a member of the domain 'FILER'
| 	If you want to change the name of the filer, or change
| 	the filer's domain membership, you must delete its
| 	existing account information.
| Do you want to delete the existing filer account information? [no]: yes
| 	The default name of this filer will be 'FILERSIN'.
| Do you want to modify this name? [no]: 
| 	CIFS supports three types of user authentication:
| 	1. Windows Domain authentication.
| 	2. Windows Workgroup authentication using the filer's user accounts.
| 	3. /etc/passwd and/or NIS based authentication.
| What type of authentication will this filer use? [1]: 
| 	The filer will use Windows Domain authentication.
| Enter the Windows Domain for the filer []:hammneu
| 	This seems to be a Windows 2000 domain, but CIFS cannot
| 	locate the '_ldap' services for HAMMNEU in DNS. CIFS cannot
| 	install as a native Windows 2000 server in this domain until
| 	this situation is rectified. If you continue with setup,
| 	this filer will attempt to join HAMMNEU as an NT4 server.
| Do you wish to continue and join HAMMNEU in NT4 mode? [yes]: 
| CIFS - Connecting filer to the NT4 domain.
| Fri Aug  8 12:32:38 CEST [CIFSAuditDaemon:info]: CIFS auditing started.
| Fri Aug  8 12:32:39 CEST [rc:info]: Connection with DC \\KYTHEREA established
| Fri Aug  8 12:32:39 CEST [rc:info]: Connection with \\KYTHEREA terminated
| Fri Aug  8 12:32:39 CEST [rc:info]: Connection with DC \\KYTHEREA established
| Fri Aug  8 12:32:39 CEST [rc:info]: CIFS - Filer retrying authentication with backup password.
| Fri Aug  8 12:32:39 CEST [rc:info]: Connection with \\KYTHEREA terminated
| Fri Aug  8 12:32:39 CEST [rc:info]: Connection with DC \\KYTHEREA established
| Fri Aug  8 12:32:39 CEST [rc:info]: CIFS - Filer retrying installation.
| Fri Aug  8 12:32:39 CEST [rc:info]: Connection with \\KYTHEREA terminated
| CIFS could not start. See log.

(There's nothing in the filer's log which would be of help otherwise)

Meet the (heavily edited) log of the working server, the filer just joined the
domain:


| [2003/07/31 14:07:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1418)
|   Requested \PIPE\NETLOGON
| [2003/07/31 14:07:43, 3] rpc_server/srv_pipe.c:api_pipe_request(1423)
|   Doing \PIPE\NETLOGON
| [2003/07/31 14:07:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1469)
|   api_rpcTNP: NETLOGON op 0x6 - api_rpcTNP: rpc command: NET_SRVPWSET
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_debug(81)
|   000000 net_io_q_srv_pwset 
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|               0000 undoc_buffer: 12345678
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   0004 uni_max_len: 0000000a
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   0008 undoc      : 00000000
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   000c uni_str_len: 0000000a
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806)
|                   0010 buffer     : \.\.T.E.S.T.P.D.C...
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   0024 uni_max_len: 0000000a
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   0028 undoc      : 00000000
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   002c uni_str_len: 0000000a
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806)
|                   0030 buffer     : F.I.L.E.R.S.I.N.$...
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint16(605)
|               0044 sec_chan: 0002
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   0048 uni_max_len: 00000009
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   004c undoc      : 00000000
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   0050 uni_str_len: 00000009
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806)
|                   0054 buffer     : F.I.L.E.R.S.I.N...
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
|                   0068 data: 45 79 fa 76 f4 9d c7 92 
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|                   0070 time: 3f29068f
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
|       0074 pwd: 6e ee e3 4a c9 8a d0 1f 6c 23 89 6f 00 fb 2b 8e 
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:deal_with_creds(182)
|   deal_with_creds: 182
| [2003/07/31 14:07:43, 4] libsmb/credentials.c:cred_create(90)
|   cred_create
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(92)
|   	sess_key : B5E1F53379E036B3
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(93)
|   	stor_cred: E42F8995DFF2087A
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(94)
|   	timestamp: 3f29068f
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(95)
|   	timecred : 7336B2D4DFF2087A
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(96)
|   	calc_cred: 4579FA76F49DC792
| [2003/07/31 14:07:43, 4] libsmb/credentials.c:cred_assert(121)
|   cred_assert
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_assert(123)
|   	challenge : 4579FA76F49DC792
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_assert(124)
|   	calculated: 4579FA76F49DC792
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_assert(128)
|   credentials check ok
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:deal_with_creds(198)
|   deal_with_creds: new_cred[0]=d4b23674
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:deal_with_creds(203)
|   deal_with_creds: new_clnt_time=3f290690
| [2003/07/31 14:07:43, 4] libsmb/credentials.c:cred_create(90)
|   cred_create
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(92)
|   	sess_key : B5E1F53379E036B3
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(93)
|   	stor_cred: E42F8995DFF2087A
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(94)
|   	timestamp: 3f290690
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(95)
|   	timecred : 7436B2D4DFF2087A
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:cred_create(96)
|   	calc_cred: 42A65869B9827077
| [2003/07/31 14:07:43, 5] libsmb/credentials.c:deal_with_creds(209)
|   deal_with_creds: clnt_cred=E42F8995DFF2087A
| [2003/07/31 14:07:43, 5] rpc_server/srv_netlog_nt.c:_net_srv_pwset(412)
|   _net_srv_pwset: 412
| [2003/07/31 14:07:43, 3] rpc_server/srv_netlog_nt.c:_net_srv_pwset(417)
|   Server Password Set by Wksta:[FILERSIN] on account [FILERSIN$]
| [2003/07/31 14:07:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
|   push_sec_ctx(1011, 100) : sec_ctx_stack_ndx = 1
| [2003/07/31 14:07:43, 3] smbd/uid.c:push_conn_ctx(287)
|   push_conn_ctx(100) : conn_ctx_stack_ndx = 0
| [2003/07/31 14:07:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
|   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2003/07/31 14:07:43, 5] auth/auth_util.c:debug_nt_user_token(486)
|   NT user token: (NULL)
| [2003/07/31 14:07:43, 5] auth/auth_util.c:debug_unix_user_token(505)
|   UNIX token of user 0
|   Primary group is 0 and contains 0 supplementary groups
| [2003/07/31 14:07:43, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(447)
|   getsmbfilepwent: returning passwd entry for user filersin$, uid 1004
| [2003/07/31 14:07:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
|   pop_sec_ctx (1011, 100) - sec_ctx_stack_ndx = 0
| [2003/07/31 14:07:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
|   push_sec_ctx(1011, 100) : sec_ctx_stack_ndx = 1
| [2003/07/31 14:07:43, 3] smbd/uid.c:push_conn_ctx(287)
|   push_conn_ctx(100) : conn_ctx_stack_ndx = 0
| [2003/07/31 14:07:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
|   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2003/07/31 14:07:43, 5] auth/auth_util.c:debug_nt_user_token(486)
|   NT user token: (NULL)
| [2003/07/31 14:07:43, 5] auth/auth_util.c:debug_unix_user_token(505)
|   UNIX token of user 0
|   Primary group is 0 and contains 0 supplementary groups
| [2003/07/31 14:07:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
|   pop_sec_ctx (1011, 100) - sec_ctx_stack_ndx = 0
| [2003/07/31 14:07:43, 5] rpc_server/srv_netlog_nt.c:init_net_r_srv_pwset(155)
|   init_net_r_srv_pwset: 155
| [2003/07/31 14:07:43, 5] rpc_server/srv_netlog_nt.c:init_net_r_srv_pwset(160)
|   init_net_r_srv_pwset: 160
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_debug(81)
|   000000 net_io_r_srv_pwset 
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
|               0000 data: 42 a6 58 69 b9 82 70 77 
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|               0008 time: 00000000
| [2003/07/31 14:07:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
|       000c status: NT_STATUS_OK
| [2003/07/31 14:07:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1516)
|   api_rpcTNP: called NETLOGON successfully
| [2003/07/31 14:07:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
|   free_pipe_context: destroying talloc pool of size 58


And now the same with LDAP (I hope this is sufficient, I am able to show
more logs):


| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_nt_user_token(486)
|   NT user token: (NULL)
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_unix_user_token(505)
|   UNIX token of user 0
|   Primary group is 0 and contains 0 supplementary groups
| [2003/08/08 12:32:39, 5] smbd/uid.c:change_to_root_user(218)
|   change_to_root_user: now uid=(0,0) gid=(0,0)
| [2003/08/08 12:32:39, 4] smbd/reply.c:reply_tcon_and_X(260)
|   Client requested device type [IPC] for share [IPC$]
| [2003/08/08 12:32:39, 5] smbd/service.c:make_connection(855)
|   making a connection to 'normal' service ipc$
| [2003/08/08 12:32:39, 5] lib/username.c:Get_Pwnam(288)
|   Finding user nobody
| [2003/08/08 12:32:39, 5] lib/username.c:Get_Pwnam_internals(223)
|   Trying _Get_Pwnam(), username as lowercase is nobody
| [2003/08/08 12:32:39, 5] lib/username.c:Get_Pwnam_internals(251)
|   Get_Pwnam_internals did find user [nobody]!
| [2003/08/08 12:32:39, 3] smbd/service.c:make_connection_snum(536)
|   Connect path is '/tmp' for service [IPC$]
| [2003/08/08 12:32:39, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217)
|   get_share_security: using default secdesc for IPC$
| [2003/08/08 12:32:39, 3] lib/util_seaccess.c:se_access_check(267)
| [2003/08/08 12:32:39, 3] lib/util_seaccess.c:se_access_check(268)
|   se_access_check: user sid is S-1-5-21-752004543-2525487979-4294967295-501
|   se_access_check: also S-1-5-21-752004543-2525487979-4294967295-514
|   se_access_check: also S-1-1-0
|   se_access_check: also S-1-5-2
|   se_access_check: also S-1-5-32-546
| [2003/08/08 12:32:39, 5] lib/util_seaccess.c:se_access_check(325)
|   se_access_check: access (2) granted.
| [2003/08/08 12:32:39, 3] smbd/vfs.c:vfs_init_default(201)
|   Initialising default vfs hooks
| [2003/08/08 12:32:39, 5] smbd/connection.c:claim_connection(170)
|   claiming IPC$ 0
| [2003/08/08 12:32:39, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217)
|   get_share_security: using default secdesc for IPC$
| [2003/08/08 12:32:39, 3] lib/util_seaccess.c:se_access_check(267)
| [2003/08/08 12:32:39, 3] lib/util_seaccess.c:se_access_check(268)
|   se_access_check: user sid is S-1-5-21-752004543-2525487979-4294967295-501
|   se_access_check: also S-1-5-21-752004543-2525487979-4294967295-514
|   se_access_check: also S-1-1-0
|   se_access_check: also S-1-5-2
|   se_access_check: also S-1-5-32-546
| [2003/08/08 12:32:39, 5] lib/util_seaccess.c:se_access_check(325)
|   se_access_check: access (1) granted.
| [2003/08/08 12:32:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
|   setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_nt_user_token(491)
|   NT user token of user S-1-5-21-752004543-2525487979-4294967295-501
|   contains 5 SIDs
|   SID[  0]: S-1-5-21-752004543-2525487979-4294967295-501
|   SID[  1]: S-1-5-21-752004543-2525487979-4294967295-514
|   SID[  2]: S-1-1-0
|   SID[  3]: S-1-5-2
|   SID[  4]: S-1-5-32-546
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_unix_user_token(505)
|   UNIX token of user 65534
|   Primary group is 65534 and contains 2 supplementary groups
|   Group[  0]: 65534
|   Group[  1]: 546
| [2003/08/08 12:32:39, 5] smbd/uid.c:change_to_user(203)
|   change_to_user uid=(0,65534) gid=(0,65534)
| [2003/08/08 12:32:39, 3] smbd/service.c:make_connection_snum(692)
|   filersin (10.65.33.201) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 4422)
| [2003/08/08 12:32:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
|   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_nt_user_token(486)
|   NT user token: (NULL)
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_unix_user_token(505)
|   UNIX token of user 0
|   Primary group is 0 and contains 0 supplementary groups
| [2003/08/08 12:32:39, 5] smbd/uid.c:change_to_root_user(218)
|   change_to_root_user: now uid=(0,0) gid=(0,0)
| [2003/08/08 12:32:39, 3] smbd/reply.c:reply_tcon_and_X(308)
|   tconX service=IPC$ 
| [2003/08/08 12:32:39, 3] smbd/process.c:switch_message(673)
|   switch message SMBntcreateX (pid 4422)
| [2003/08/08 12:32:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
|   setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_nt_user_token(491)
|   NT user token of user S-1-5-21-752004543-2525487979-4294967295-501
|   contains 5 SIDs
|   SID[  0]: S-1-5-21-752004543-2525487979-4294967295-501
|   SID[  1]: S-1-5-21-752004543-2525487979-4294967295-514
|   SID[  2]: S-1-1-0
|   SID[  3]: S-1-5-2
|   SID[  4]: S-1-5-32-546
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_unix_user_token(505)
|   UNIX token of user 65534
|   Primary group is 65534 and contains 2 supplementary groups
|   Group[  0]: 65534
|   Group[  1]: 546
| [2003/08/08 12:32:39, 5] smbd/uid.c:change_to_user(203)
|   change_to_user uid=(0,65534) gid=(0,65534)
| [2003/08/08 12:32:39, 3] smbd/ipc.c:api_fd_reply(288)
|   Got API command 0x26 on pipe "NETLOGON" (pnum 7501)000000 smb_io_rpc_hdr 
| [2003/08/08 12:32:39, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(862)
|   api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
| [2003/08/08 12:32:39, 3] rpc_server/srv_pipe.c:check_bind_req(730)
|   check_bind_req for \PIPE\NETLOGON
| [2003/08/08 12:32:39, 3] smbd/process.c:switch_message(673)
|   switch message SMBtrans (pid 4422)
| [2003/08/08 12:32:39, 4] smbd/uid.c:change_to_user(122)
|   change_to_user: Skipping user change - already user
| [2003/08/08 12:32:39, 3] smbd/ipc.c:reply_trans(512)
|   trans <\PIPE\> data=102 params=0 setup=2
| [2003/08/08 12:32:39, 3] smbd/ipc.c:named_pipe(326)
|   named pipe command on <> name
| [2003/08/08 12:32:39, 3] smbd/ipc.c:api_fd_reply(288)
|   Got API command 0x26 on pipe "NETLOGON" (pnum 7501)000000 smb_io_rpc_hdr 
| [2003/08/08 12:32:39, 3] rpc_server/srv_pipe.c:api_pipe_request(1423)
|   Doing \PIPE\NETLOGON
| [2003/08/08 12:32:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1469)
|   api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL
| [2003/08/08 12:32:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
|   free_pipe_context: destroying talloc pool of size 40
| [2003/08/08 12:32:39, 3] smbd/process.c:switch_message(673)
|   switch message SMBtrans (pid 4422)
| [2003/08/08 12:32:39, 4] smbd/uid.c:change_to_user(122)
|   change_to_user: Skipping user change - already user
| [2003/08/08 12:32:39, 3] smbd/ipc.c:reply_trans(512)
|   trans <\PIPE\> data=144 params=0 setup=2
| [2003/08/08 12:32:39, 3] rpc_server/srv_pipe.c:api_pipe_request(1423)
|   Doing \PIPE\NETLOGON
| [2003/08/08 12:32:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(1469)
|   api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2
| [2003/08/08 12:32:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
|   push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
| [2003/08/08 12:32:39, 3] smbd/uid.c:push_conn_ctx(287)
|   push_conn_ctx(100) : conn_ctx_stack_ndx = 0
| [2003/08/08 12:32:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
|   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_nt_user_token(486)
|   NT user token: (NULL)
| [2003/08/08 12:32:39, 5] auth/auth_util.c:debug_unix_user_token(505)
|   UNIX token of user 0
|   Primary group is 0 and contains 0 supplementary groups
| [2003/08/08 12:32:39, 2] lib/smbldap.c:smbldap_search_suffix(1056)
|   smbldap_search_suffix: searching for:[(&(uid=FILERSIN$)(objectclass=sambaSamAccount))]
| [2003/08/08 12:32:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(456)
|   Entry found for user: FILERSIN$
| [2003/08/08 12:32:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
|   pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
| [2003/08/08 12:32:39, 0] rpc_server/srv_netlog_nt.c:get_md4pw(218)
|   get_md4pw: Workstation FILERSIN$: no account in domain
| [2003/08/08 12:32:39, 5] rpc_parse/parse_prs.c:prs_debug(81)
|   000000 net_io_r_auth_2 
| [2003/08/08 12:32:39, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
|           0000 data: 00 f0 ff bf fc 03 36 08 
| [2003/08/08 12:32:39, 5] rpc_parse/parse_prs.c:prs_uint32(634)
|           0008 neg_flags: 400001ff
| [2003/08/08 12:32:39, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
|       000c status: NT_STATUS_ACCESS_DENIED

As said I'd be more than happy if someone could at least point me into the
right direction for further testing.

Thanks in advance,

Ralph Angenendt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 192 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20030808/1a185209/attachment.bin


More information about the samba mailing list