[Samba] samba - sql server authentication

McKeever Chris tech-mail at prupref.com
Tue Dec 9 20:18:20 GMT 2003 

samba 2.2.8a/LDAP backend
Red Hat 7.3
Windows 2000 server, connected to the samba controlled domain
Sql Server 7.0


It seems that my sql server does not want to run scheduled jobs as a domain user, I am needing to do this for a network share that I am 
saving to, otherwise I would just run as SA

Error from sql server:
The job failed.  Unable to determine if the owner (PRUPREF.COM\Administrator) of job Transaction Log Backup Job for DB Maintenance 
Plan 'Morning Database Backup' has server access (reason: Could not obtain information about Windows NT 
group/user 'PRUPREF.COM\Administrator'. [SQLSTATE 42000] (Error 8198)).

I have turned the samba debuglevel up to 10, and I can see where it fails, but I am not sure why.  Administrator is a proper username, and it 
logs into the domain no problem.  It is almost like the NT password is not correct, this happens for any account I use, same error. 
I have marked the failure location below

I am able to log into the machine using the domain accoutn and password no problem

Any ideas?  Thanks
Chris


SAMBA LOG:
[2003/12/09 14:02:51, 6] param/loadparm.c:lp_file_list_changed(2302)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Tue Dec  9 13:52:49 2003
  
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:ldap_open_connection(122)
  ldap_open_connection: starting...
[2003/12/09 14:02:51, 10] passdb/pdb_ldap.c:ldap_open_connection(148)
  Initializing connection to ldap.prupref.com on port 389
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(186)
  StartTLS issued: using a TLS connection
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
  ldap_open_connection: connection opened
[2003/12/09 14:02:51, 0] passdb/pdb_ldap.c:ldap_connect_system(315)
  ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
  ldap_connect_system: succesful connection to the LDAP server
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
  ldap_search_one_user: searching for:[(&(uid=administrator)(objectclass=sambaAccount))]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [uid] = [administrator]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
  Entry found for user: administrator
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [pwdLastSet] = [1068626880]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [logonTime] = [0]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [logoffTime] = [2147483647]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [kickoffTime] = [2147483647]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [pwdCanChange] = [0]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [pwdMustChange] = [2147483647]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [cn] = [administrator administrator]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [homeDrive] = [<does not exist>]
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626)
  homeDrive fell back to 
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [smbHome] = [<does not exist>]
[2003/12/09 14:02:51, 4] lib/substitute.c:automount_server(183)
  Home server: prupref-ldap
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635)
  smbHome fell back to \\prupref-ldap\administrator
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [scriptPath] = [<does not exist>]
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644)
  scriptPath fell back to 
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [profilePath] = [<does not exist>]
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653)
  profilePath fell back to 
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [description] = [<does not exist>]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [rid] = [98478]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [primaryGroupID] = [3005]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [lmPassword] = []
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [ntPassword] = ]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [acctFlags] = [[UX         ]]
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(475)


Here is where it starts to flake out:

  smb_password_ok: Checking SMB password for user administrator
[2003/12/09 14:02:51, 5] smbd/password.c:smb_password_ok(489)
  smb_password_ok: challenge received
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(499)
  smb_password_ok: Checking NT MD4 password
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(504)
  smb_password_ok: NT MD4 password check failed
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(518)
  smb_password_ok: Checking LM password
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(523)
  smb_password_ok: LM password check failed
[2003/12/09 14:02:51, 2] smbd/password.c:pass_check_smb(575)
  pass_check_smb failed - invalid password for user [administrator]
[2003/12/09 14:02:51, 2] smbd/reply.c:reply_sesssetup_and_X(997)
  NT Password did not match for user 'administrator'!
[2003/12/09 14:02:51, 2] smbd/reply.c:reply_sesssetup_and_X(1007)
  Defaulting to Lanman password for administrator
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:ldap_open_connection(122)
  ldap_open_connection: starting...
[2003/12/09 14:02:51, 10] passdb/pdb_ldap.c:ldap_open_connection(148)
  Initializing connection to ldap.prupref.com on port 389
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(186)
  StartTLS issued: using a TLS connection
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
  ldap_open_connection: connection opened
[2003/12/09 14:02:51, 0] passdb/pdb_ldap.c:ldap_connect_system(315)
  ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
  ldap_connect_system: succesful connection to the LDAP server
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
  ldap_search_one_user: searching for:[(&(uid=administrator)(objectclass=sambaAccount))]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [uid] = [administrator]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
  Entry found for user: administrator
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [pwdLastSet] = [1068626880]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [logonTime] = [0]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [logoffTime] = [2147483647]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [kickoffTime] = [2147483647]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [pwdCanChange] = [0]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [pwdMustChange] = [2147483647]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [cn] = [administrator administrator]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [homeDrive] = [<does not exist>]
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626)
  homeDrive fell back to 
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [smbHome] = [<does not exist>]
[2003/12/09 14:02:51, 4] lib/substitute.c:automount_server(183)
  Home server: prupref-ldap
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635)
  smbHome fell back to \\prupref-ldap\administrator
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [scriptPath] = [<does not exist>]
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644)
  scriptPath fell back to 
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [profilePath] = [<does not exist>]
[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653)
  profilePath fell back to 
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [description] = [<does not exist>]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [rid] = [98478]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [primaryGroupID] = [3005]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [lmPassword] = [949591E535F780E34234234234]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [ntPassword] = [9951F4C2FF5234234234234234234]
[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [acctFlags] = [[UX         ]]


Second Pass through it looks like, same results

[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(475)
  smb_password_ok: Checking SMB password for user administrator
[2003/12/09 14:02:51, 5] smbd/password.c:smb_password_ok(489)
  smb_password_ok: challenge received
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(499)
  smb_password_ok: Checking NT MD4 password
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(504)
  smb_password_ok: NT MD4 password check failed
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(518)
  smb_password_ok: Checking LM password
[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(523)
  smb_password_ok: LM password check failed
[2003/12/09 14:02:51, 2] smbd/password.c:pass_check_smb(575)
  pass_check_smb failed - invalid password for user [administrator]
[2003/12/09 14:02:51, 1] smbd/reply.c:reply_sesssetup_and_X(1023)
  Rejecting user 'administrator': authentication failed
[2003/12/09 14:02:51, 3] smbd/error.c:error_packet(109)

Here is the failure message back to NT

  error packet at smbd/reply.c(1025) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2003/12/09 14:02:51, 5] lib/util.c:show_msg(268)




-------------------------------------------
Chris McKeever
If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com
http://www.prupref.com




---- Prudential Preferred Properties   www.prupref.com

More information about the samba mailing list