[Samba] Failure joining W2k Domain [debug info included]

Justin Crone jcrone at standingtrustee.com
Tue Dec 9 16:07:48 GMT 2003 

Please help.. 

 

I have been searching for two days trying everything that I can find to
solve this problem. Let's do the setup.

 

Single ADS Domain, Primary and Backup Domain Controllers

Windows 2000 Advanced Server SP4

FreeBSD 4.8

Samba 3 (custom build with (./configure -with-pam -with-winbind
--with-winbind-auth-challenge))

smb.conf build with SWAT

# Global parameters

[global]

        workgroup = CORP-A

        netbios name = IOPROB

        server string = File/Web Server

        interfaces = 192.168.1.250

        security = DOMAIN

        encrypt passwords = Yes

        password server = DEVIANT DIABLO

        log file = /var/log/log.%m

        max log size = 50

        name resolve order = hosts lmhosts wins bcast

        dns proxy = No

        wins server = 192.168.1.4 192.168.1.6

        winbind uid = 10000-20000

        winbind gid = 10000-20000

        winbind use default domain = Yes

 

[homes]

        comment = Home Directories

        read only = No

        browseable = No

 

[printers]

        comment = All Printers

        path = /var/spool/samba

        printable = Yes

        browseable = No

 

Now that all that is stated, I have added the machine computer account on
the W2K Server, also added a user root with domain admin privileges. I have
change the value of
HKLM\SYSTEM\CCS\Services\lanmanserver\parameters\requiresecuritysignature =
0. I have waited for replication of account and computer information for 1
hour, and checked the Event Logs, nothing in regards to failed
authentication. I have run the following command many ways including
specific DC's, or just letting it select the Primary.

 

The command and debug 10 (smbpasswd -c /usr/local/etc/smb.conf -r
deviant.corp-a.standingtrustee.com -j CORP-A -U administrator -D 10)

 

Initialising global parameters

params.c:pm_process() - Processing configuration file
"/usr/local/etc/smb.conf"

Processing section "[global]"

doing parameter workgroup = CORP-A

doing parameter netbios name = IOPROB

handle_netbios_name: set global_myname to: IOPROB

doing parameter server string = File/Web Server

doing parameter interfaces = 192.168.1.250

doing parameter security = DOMAIN

doing parameter encrypt passwords = Yes

doing parameter password server = DEVIANT DIABLO

doing parameter log file = /var/log/log.%m

doing parameter max log size = 50

doing parameter name resolve order = hosts lmhosts wins bcast

doing parameter dns proxy = No

doing parameter wins server = 192.168.1.4 192.168.1.6

wins_srv_load_list(): Building WINS server list:

192.168.1.4,

192.168.1.6,

2 WINS servers listed.

doing parameter winbind uid = 10000-20000

doing parameter winbind gid = 10000-20000

doing parameter winbind use default domain = Yes

pm_process() returned Yes

lp_servicenumber: couldn't find homes

set_server_role: ROLE_DOMAIN_MEMBER

codepage_initialise: client code page = 850

load_client_codepage: loading codepage 850.

Adding chars 0x85 0xb7 (l->u = True) (u->l = True)

Adding chars 0xa0 0xb5 (l->u = True) (u->l = True)

Adding chars 0x83 0xb6 (l->u = True) (u->l = True)

Adding chars 0xc6 0xc7 (l->u = True) (u->l = True)

Adding chars 0x84 0x8e (l->u = True) (u->l = True)

Adding chars 0x86 0x8f (l->u = True) (u->l = True)

Adding chars 0x91 0x92 (l->u = True) (u->l = True)

Adding chars 0x87 0x80 (l->u = True) (u->l = True)

Adding chars 0x8a 0xd4 (l->u = True) (u->l = True)

Adding chars 0x82 0x90 (l->u = True) (u->l = True)

Adding chars 0x88 0xd2 (l->u = True) (u->l = True)

Adding chars 0x89 0xd3 (l->u = True) (u->l = True)

Adding chars 0x8d 0xde (l->u = True) (u->l = True)

Adding chars 0xa1 0xd6 (l->u = True) (u->l = True)

Adding chars 0x8c 0xd7 (l->u = True) (u->l = True)

Adding chars 0x8b 0xd8 (l->u = True) (u->l = True)

Adding chars 0xd0 0xd1 (l->u = True) (u->l = True)

Adding chars 0xa4 0xa5 (l->u = True) (u->l = True)

Adding chars 0x95 0xe3 (l->u = True) (u->l = True)

Adding chars 0xa2 0xe0 (l->u = True) (u->l = True)

Adding chars 0x93 0xe2 (l->u = True) (u->l = True)

Adding chars 0xe4 0xe5 (l->u = True) (u->l = True)

Adding chars 0x94 0x99 (l->u = True) (u->l = True)

Adding chars 0x9b 0x9d (l->u = True) (u->l = True)

Adding chars 0x97 0xeb (l->u = True) (u->l = True)

Adding chars 0xa3 0xe9 (l->u = True) (u->l = True)

Adding chars 0x96 0xea (l->u = True) (u->l = True)

Adding chars 0x81 0x9a (l->u = True) (u->l = True)

Adding chars 0xec 0xed (l->u = True) (u->l = True)

Adding chars 0xe7 0xe8 (l->u = True) (u->l = True)

Adding chars 0x9c 0x0 (l->u = False) (u->l = False)

load_dos_unicode_map: 850

load_unicode_map: loading unicode map for codepage 850.

load_unix_unicode_map: ISO8859-1 (init_done=0, override=0)

load_unicode_map: loading unicode map for codepage ISO8859-1.

added interface ip=192.168.1.250 bcast=192.168.1.255 nmask=255.255.255.0

 

cli_init_creds: user administrator domain CORP-A flgs: 0

ntlmssp_cli_flgs:0

cli_establish_connection: IOPROB<00> connecting to DEVIANT.CORP-A.<20>
(0.0.0.0) - administrator [CORP-A]

resolve_hosts: Attempting host lookup for name
deviant.corp-a.standingtrustee.com<0x20>

1 addresses returned

internal_resolve_name: returning 1 addresses: 192.168.1.4 

Connecting to 192.168.1.4 at port 445

socket option SO_KEEPALIVE = 0

socket option SO_REUSEADDR = 0

socket option SO_BROADCAST = 0

socket option TCP_NODELAY = 4

socket option IPTOS_LOWDELAY = 0

socket option IPTOS_THROUGHPUT = 0

socket option SO_REUSEPORT = 0

socket option SO_SNDBUF = 33304

socket option SO_RCVBUF = 57920

socket option SO_SNDLOWAT = 2048

socket option SO_RCVLOWAT = 1

socket option SO_SNDTIMEO = 0

socket option SO_RCVTIMEO = 0

write_socket(7,168)

write_socket(7,168) wrote 168

got smb length of 107

size=107

smb_com=0x72

smb_rcls=0

smb_reh=0

smb_err=0

smb_flg=136

smb_flg2=1

smb_tid=0

smb_pid=11905

smb_uid=0

smb_mid=1

smt_wct=17

smb_vwv[0]=7 (0x7)

smb_vwv[1]=12803 (0x3203)

smb_vwv[2]=256 (0x100)

smb_vwv[3]=1024 (0x400)

smb_vwv[4]=65 (0x41)

smb_vwv[5]=0 (0x0)

smb_vwv[6]=256 (0x100)

smb_vwv[7]=0 (0x0)

smb_vwv[8]=0 (0x0)

smb_vwv[9]=64768 (0xFD00)

smb_vwv[10]=243 (0xF3)

smb_vwv[11]=36864 (0x9000)

smb_vwv[12]=56540 (0xDCDC)

smb_vwv[13]=28020 (0x6D74)

smb_vwv[14]=50110 (0xC3BE)

smb_vwv[15]=11265 (0x2C01)

smb_vwv[16]=2049 (0x801)

smb_bcc=38

[000] 8B F5 07 D9 CE 5D D6 2B  43 00 4F 00 52 00 50 00  .....].+ C.O.R.P.

[010] 2D 00 41 00 00 00 44 00  45 00 56 00 49 00 41 00  -.A...D. E.V.I.A.

[020] 4E 00 54 00 00 00                                 N.T... 

size=107

smb_com=0x72

smb_rcls=0

smb_reh=0

smb_err=0

smb_flg=136

smb_flg2=1

smb_tid=0

smb_pid=11905

smb_uid=0

smb_mid=1

smt_wct=17

smb_vwv[0]=7 (0x7)

smb_vwv[1]=12803 (0x3203)

smb_vwv[2]=256 (0x100)

smb_vwv[3]=1024 (0x400)

smb_vwv[4]=65 (0x41)

smb_vwv[5]=0 (0x0)

smb_vwv[6]=256 (0x100)

smb_vwv[7]=0 (0x0)

smb_vwv[8]=0 (0x0)

smb_vwv[9]=64768 (0xFD00)

smb_vwv[10]=243 (0xF3)

smb_vwv[11]=36864 (0x9000)

smb_vwv[12]=56540 (0xDCDC)

smb_vwv[13]=28020 (0x6D74)

smb_vwv[14]=50110 (0xC3BE)

smb_vwv[15]=11265 (0x2C01)

smb_vwv[16]=2049 (0x801)

smb_bcc=38

[000] 8B F5 07 D9 CE 5D D6 2B  43 00 4F 00 52 00 50 00  .....].+ C.O.R.P.

[010] 2D 00 41 00 00 00 44 00  45 00 56 00 49 00 41 00  -.A...D. E.V.I.A.

[020] 4E 00 54 00 00 00                                 N.T... 

write_socket(7,178)

write_socket(7,178) wrote 178

got smb length of 129

size=129

smb_com=0x73

smb_rcls=0

smb_reh=0

smb_err=0

smb_flg=136

smb_flg2=49153

smb_tid=0

smb_pid=11905

smb_uid=2048

smb_mid=1

smt_wct=3

smb_vwv[0]=255 (0xFF)

smb_vwv[1]=129 (0x81)

smb_vwv[2]=0 (0x0)

smb_bcc=88

[000] FD 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 

[010] 00 35 00 2E 00 30 00 00  00 57 00 69 00 6E 00 64  .5...0.. .W.i.n.d

[020] 00 6F 00 77 00 73 00 20  00 32 00 30 00 30 00 30  .o.w.s.  .2.0.0.0

[030] 00 20 00 4C 00 41 00 4E  00 20 00 4D 00 61 00 6E  . .L.A.N . .M.a.n

[040] 00 61 00 67 00 65 00 72  00 00 00 43 00 4F 00 52  .a.g.e.r ...C.O.R

[050] 00 50 00 2D 00 41 00 00                           .P.-.A.. 

size=129

smb_com=0x73

smb_rcls=0

smb_reh=0

smb_err=0

smb_flg=136

smb_flg2=49153

smb_tid=0

smb_pid=11905

smb_uid=2048

smb_mid=1

smt_wct=3

smb_vwv[0]=255 (0xFF)

smb_vwv[1]=129 (0x81)

smb_vwv[2]=0 (0x0)

smb_bcc=88

[000] FD 57 00 69 00 6E 00 64  00 6F 00 77 00 73 00 20  .W.i.n.d .o.w.s. 

[010] 00 35 00 2E 00 30 00 00  00 57 00 69 00 6E 00 64  .5...0.. .W.i.n.d

[020] 00 6F 00 77 00 73 00 20  00 32 00 30 00 30 00 30  .o.w.s.  .2.0.0.0

[030] 00 20 00 4C 00 41 00 4E  00 20 00 4D 00 61 00 6E  . .L.A.N . .M.a.n

[040] 00 61 00 67 00 65 00 72  00 00 00 43 00 4F 00 52  .a.g.e.r ...C.O.R

[050] 00 50 00 2D 00 41 00 00                           .P.-.A.. 

session setup ok

Domain=[CORP-A] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

write_socket(7,62)

write_socket(7,62) wrote 62

got smb length of 35

size=35

smb_com=0x75

smb_rcls=34

smb_reh=0

smb_err=49152

smb_flg=136

smb_flg2=49153

smb_tid=0

smb_pid=11905

smb_uid=2048

smb_mid=1

smt_wct=0

smb_bcc=0

failed tcon_X

Error connecting to deviant.corp-a.standingtrustee.com -
NT_STATUS_ACCESS_DENIED

 

This is my first attempt at joining a W2K domain with Samba, however I
require winbind capabilities for user authentication and file sharing from
this machine. Any help would be apprciated!

 

Thanx,


Justin Crone
Systems Manager

 

Office of the Chapter 13 Standing Trustee
Isabel C. Balboa Standing Trustee
Telephone: 856.663.5002
Email: chapter13 at standingtrustee.com

More information about the samba mailing list