[Samba] 3.0.1rc2 LDAP - problems joining domain

Greg Dickie greg at max-t.com
Mon Dec 15 16:48:07 GMT 2003 


Hi,

  I'm back on the list ;-)
  I seem to be having some trouble getting W2K machines to join the domain in 
3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks like 
the account gets created in LDAP and then it has trouble setting the password 
appropriately. I believe this is the relevant part of the log:

 api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_q_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
          0000 data1: 00000000
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
          0004 data2: 00000008
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
          0008 data3: 0000
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
          000a data4: 0000
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
          000c data5: 71 e1 dd 3f 61 70 00 00
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
      0014 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
          0016 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
              0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d 53 90 
21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e a6 85 eb 
7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 34 63 37 
dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da b7 83 be 
6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e 25 8d 91 
42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 1f a8 71 
22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 0b cb da 
09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 b9 5c 02 
73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac a9 5a 43 
ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc 49 ad 12 
73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac 98 28 21 
e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 02 e9 03 
ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 4b b1 a3 
19 8b 08 2 +>
  4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 c4 36 bd 
d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 b0 b6 c7 
2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 83 d7 87 
95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 db d9 34 
09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba a7 49 66 
90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa a2 24 cc 
70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 21 62 7a 
a2 18 f9
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937)
  _samr_set_userinfo: 2937
[2003/12/15 11:29:37, 4] 
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
  Found policy hnd[0] [000] 00 00 00 00 08 00 00 00  00 00 00 00 71 E1 DD 3F  
........ ....q�?
  [010] 61 70 00 00                                       ap..
[2003/12/15 11:29:37, 5] 
rpc_server/srv_samr_nt.c:access_check_samr_function(105)
  _samr_set_userinfo: access check ((granted: 0x000000b0;  required: 
0x00000024)
[2003/12/15 11:29:37, 4] 
rpc_server/srv_samr_nt.c:access_check_samr_function(109)
  _samr_set_userinfo: ACCESS should be DENIED (granted: 0x000000b0;  required: 
0x00000024)
  but overwritten by euid == 0
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950)
  _samr_set_userinfo: sid:S-1-5-21-2656636599-2098491866-229994164-3044, 
level:24
[2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068)
  smbldap_search_suffix: searching 
for:[(&(sambaSID=S-1-5-21-2656636599-2098491866-229994164-3044)(objectclass=sambaSamAccount))]
[2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: gt1$
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2877)
  Attempting administrator password change for user gt1$
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
  decode_pw_buffer: incorrect password length (-2128390977).
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
  decode_pw_buffer: check that 'encrypt passwords = yes'
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_r_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
      0000 status: NT_STATUS_ACCESS_DENIED
[2003/12/15 11:29:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
  api_rpcTNP: called samr successfully


In particular, I find the decode_pw_buffer warnings to be troubling (there are 
no passwords in the LDAP entry at this point). Perhaps an initialized 
variable? Any help would be most appreciated.

regards,
Greg


-- 
Greg Dickie
just a guy
Maximum Throughput

More information about the samba mailing list