[Samba] samba - sql server authentication

Wed Dec 10 05:00:24 GMT 2003

On Tue, 9 Dec 2003 14:18 , McKeever Chris tech-mail at prupref.com> sent:

>samba 2.2.8a/LDAP backend
>Red Hat 7.3
>Windows 2000 server, connected to the samba controlled domain
>Sql Server 7.0
>
>
>It seems that my sql server does not want to run scheduled jobs as a domain user, I am needing to do this for a network share that I am 
>saving to, otherwise I would just run as SA
>
>Error from sql server:
>The job failed.  Unable to determine if the owner (PRUPREF.COM\Administrator) of job Transaction Log Backup Job for DB Maintenance 
>Plan 'Morning Database Backup' has server access (reason: Could not obtain information about Windows NT 
>group/user 'PRUPREF.COM\Administrator'. [SQLSTATE 42000] (Error 8198)).
>
>I have turned the samba debuglevel up to 10, and I can see where it fails, but I am not sure why.  Administrator is a proper username, and 
it 
>logs into the domain no problem.  It is almost like the NT password is not correct, this happens for any account I use, same error. 
>I have marked the failure location below
>
>I am able to log into the machine using the domain accoutn and password no problem
>
>Any ideas?  Thanks
>Chris
>
>
>SAMBA LOG:
>[2003/12/09 14:02:51, 6] param/loadparm.c:lp_file_list_changed(2302)
>  lp_file_list_changed()
>  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Tue Dec  9 13:52:49 2003
>  
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:ldap_open_connection(122)
>  ldap_open_connection: starting...
>[2003/12/09 14:02:51, 10] passdb/pdb_ldap.c:ldap_open_connection(148)
>  Initializing connection to ldap.prupref.com on port 389
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(186)
>  StartTLS issued: using a TLS connection
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
>  ldap_open_connection: connection opened
>[2003/12/09 14:02:51, 0] passdb/pdb_ldap.c:ldap_connect_system(315)
>  ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
>  ldap_connect_system: succesful connection to the LDAP server
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
>  ldap_search_one_user: searching for:[(&(uid=administrator)(objectclass=sambaAccount))]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [uid] = [administrator]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
>  Entry found for user: administrator
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [pwdLastSet] = [1068626880]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [logonTime] = [0]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [logoffTime] = [2147483647]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [kickoffTime] = [2147483647]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [pwdCanChange] = [0]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [pwdMustChange] = [2147483647]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [cn] = [administrator administrator]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [homeDrive] = []
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626)
>  homeDrive fell back to 
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [smbHome] = []
>[2003/12/09 14:02:51, 4] lib/substitute.c:automount_server(183)
>  Home server: prupref-ldap
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635)
>  smbHome fell back to \\prupref-ldap\administrator
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [scriptPath] = []
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644)
>  scriptPath fell back to 
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [profilePath] = []
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653)
>  profilePath fell back to 
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [description] = []
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [userWorkstations] = []
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [rid] = [98478]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [primaryGroupID] = [3005]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [lmPassword] = []
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [ntPassword] = ]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [acctFlags] = [[UX         ]]
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(475)
>
>
>Here is where it starts to flake out:
>
>  smb_password_ok: Checking SMB password for user administrator
>[2003/12/09 14:02:51, 5] smbd/password.c:smb_password_ok(489)
>  smb_password_ok: challenge received
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(499)
>  smb_password_ok: Checking NT MD4 password
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(504)
>  smb_password_ok: NT MD4 password check failed
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(518)
>  smb_password_ok: Checking LM password
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(523)
>  smb_password_ok: LM password check failed
>[2003/12/09 14:02:51, 2] smbd/password.c:pass_check_smb(575)
>  pass_check_smb failed - invalid password for user [administrator]
>[2003/12/09 14:02:51, 2] smbd/reply.c:reply_sesssetup_and_X(997)
>  NT Password did not match for user 'administrator'!
>[2003/12/09 14:02:51, 2] smbd/reply.c:reply_sesssetup_and_X(1007)
>  Defaulting to Lanman password for administrator
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:ldap_open_connection(122)
>  ldap_open_connection: starting...
>[2003/12/09 14:02:51, 10] passdb/pdb_ldap.c:ldap_open_connection(148)
>  Initializing connection to ldap.prupref.com on port 389
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(186)
>  StartTLS issued: using a TLS connection
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
>  ldap_open_connection: connection opened
>[2003/12/09 14:02:51, 0] passdb/pdb_ldap.c:ldap_connect_system(315)
>  ldap_connect_system: Binding to ldap server as "cn=root,dc=prupref,dc=com"
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
>  ldap_connect_system: succesful connection to the LDAP server
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
>  ldap_search_one_user: searching for:[(&(uid=administrator)(objectclass=sambaAccount))]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [uid] = [administrator]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:init_sam_from_ldap(576)
>  Entry found for user: administrator
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [pwdLastSet] = [1068626880]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [logonTime] = [0]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [logoffTime] = [2147483647]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [kickoffTime] = [2147483647]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [pwdCanChange] = [0]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [pwdMustChange] = [2147483647]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [cn] = [administrator administrator]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [homeDrive] = []
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(626)
>  homeDrive fell back to 
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [smbHome] = []
>[2003/12/09 14:02:51, 4] lib/substitute.c:automount_server(183)
>  Home server: prupref-ldap
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(635)
>  smbHome fell back to \\prupref-ldap\administrator
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [scriptPath] = []
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(644)
>  scriptPath fell back to 
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [profilePath] = []
>[2003/12/09 14:02:51, 5] passdb/pdb_ldap.c:init_sam_from_ldap(653)
>  profilePath fell back to 
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [description] = []
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(435)
>  get_single_attribute: [userWorkstations] = []
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [rid] = [98478]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [primaryGroupID] = [3005]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [lmPassword] = [949591E535F780E34234234234]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [ntPassword] = [9951F4C2FF5234234234234234234]
>[2003/12/09 14:02:51, 2] passdb/pdb_ldap.c:get_single_attribute(441)
>  get_single_attribute: [acctFlags] = [[UX         ]]
>
>
>Second Pass through it looks like, same results
>
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(475)
>  smb_password_ok: Checking SMB password for user administrator
>[2003/12/09 14:02:51, 5] smbd/password.c:smb_password_ok(489)
>  smb_password_ok: challenge received
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(499)
>  smb_password_ok: Checking NT MD4 password
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(504)
>  smb_password_ok: NT MD4 password check failed
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(518)
>  smb_password_ok: Checking LM password
>[2003/12/09 14:02:51, 4] smbd/password.c:smb_password_ok(523)
>  smb_password_ok: LM password check failed
>[2003/12/09 14:02:51, 2] smbd/password.c:pass_check_smb(575)
>  pass_check_smb failed - invalid password for user [administrator]
>[2003/12/09 14:02:51, 1] smbd/reply.c:reply_sesssetup_and_X(1023)
>  Rejecting user 'administrator': authentication failed
>[2003/12/09 14:02:51, 3] smbd/error.c:error_packet(109)
>
>Here is the failure message back to NT
>
>  error packet at smbd/reply.c(1025) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
>[2003/12/09 14:02:51, 5] lib/util.c:show_msg(268)
>
>

Logs under a normal login show that the NT password is infact good:

[2003/12/09 22:51:36, 4] smbd/password.c:smb_password_ok(475)
  smb_password_ok: Checking SMB password for user administrator
[2003/12/09 22:51:36, 5] smbd/password.c:smb_password_ok(489)
  smb_password_ok: challenge received
[2003/12/09 22:51:36, 4] smbd/password.c:smb_password_ok(499)
  smb_password_ok: Checking NT MD4 password
[2003/12/09 22:51:36, 4] smbd/password.c:smb_password_ok(501)
  smb_password_ok: NT MD4 password check succeeded

Any ideas???

thanks

>
>
>-------------------------------------------
>Chris McKeever
>If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com
>http://www.prupref.com
>
>
>
>
>---- Prudential Preferred Properties   www.prupref.com  
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>

---- Prudential Preferred Properties   www.prupref.com  