[Samba] 3.0.1rc2 LDAP - problems joining domain

Charles Hamel hamelc at videotron.ca
Mon Dec 15 19:45:56 GMT 2003 

You are not the only one have this problem, the samba team is working =20=

to fix this.

I had the same problem, downgraded to 3.0.1pre3 and it works.

Charles Hamel

On 03-12-15, at 11:48, Greg Dickie wrote:

>
>
> Hi,
>
>   I'm back on the list ;-)
>   I seem to be having some trouble getting W2K machines to join the =20=

> domain in
> 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks =
=20
> like
> the account gets created in LDAP and then it has trouble setting the =20=

> password
> appropriately. I believe this is the relevant part of the log:
>
>  api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
>   000000 samr_io_q_set_userinfo
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
>           0000 data1: 00000000
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
>           0004 data2: 00000008
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
>           0008 data3: 0000
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
>           000a data4: 0000
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
>           000c data5: 71 e1 dd 3f 61 70 00 00
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
>       0014 switch_value: 0018
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
>           0016 switch_value: 0018
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
>               0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d =
=20
> 53 90
> 21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e =20=

> a6 85 eb
> 7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 =20=

> 34 63 37
> dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da =20=

> b7 83 be
> 6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e =20=

> 25 8d 91
> 42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 =20=

> 1f a8 71
> 22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 =20=

> 0b cb da
> 09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 =20=

> b9 5c 02
> 73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac =20=

> a9 5a 43
> ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc =20=

> 49 ad 12
> 73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac =20=

> 98 28 21
> e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 =20=

> 02 e9 03
> ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 =20=

> 4b b1 a3
> 19 8b 08 2 +>
>   4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 =20=

> c4 36 bd
> d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 =20=

> b0 b6 c7
> 2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 =20=

> 83 d7 87
> 95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 =20=

> db d9 34
> 09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba =20=

> a7 49 66
> 90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa =20=

> a2 24 cc
> 70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 =20=

> 21 62 7a
> a2 18 f9
> [2003/12/15 11:29:37, 5] =20
> rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937)
>   _samr_set_userinfo: 2937
> [2003/12/15 11:29:37, 4]
> rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
>   Found policy hnd[0] [000] 00 00 00 00 08 00 00 00  00 00 00 00 71 E1 =
=20
> DD 3F
> ........ ....q=A1Z?
>   [010] 61 70 00 00                                       ap..
> [2003/12/15 11:29:37, 5]
> rpc_server/srv_samr_nt.c:access_check_samr_function(105)
>   _samr_set_userinfo: access check ((granted: 0x000000b0;  required:
> 0x00000024)
> [2003/12/15 11:29:37, 4]
> rpc_server/srv_samr_nt.c:access_check_samr_function(109)
>   _samr_set_userinfo: ACCESS should be DENIED (granted: 0x000000b0;  =20=

> required:
> 0x00000024)
>   but overwritten by euid =3D=3D 0
> [2003/12/15 11:29:37, 5] =20
> rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950)
>   _samr_set_userinfo: =20
> sid:S-1-5-21-2656636599-2098491866-229994164-3044,
> level:24
> [2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068)
>   smbldap_search_suffix: searching
> for:[(&(sambaSID=3DS-1-5-21-2656636599-2098491866-229994164=20
> -3044)(objectclass=3DsambaSamAccount))]
> [2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
>   init_sam_from_ldap: Entry found for user: gt1$
> [2003/12/15 11:29:37, 5] =20
> rpc_server/srv_samr_nt.c:set_user_info_pw(2877)
>   Attempting administrator password change for user gt1$
> [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
>   decode_pw_buffer: incorrect password length (-2128390977).
> [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
>   decode_pw_buffer: check that 'encrypt passwords =3D yes'
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
>   000000 samr_io_r_set_userinfo
> [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
>       0000 status: NT_STATUS_ACCESS_DENIED
> [2003/12/15 11:29:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
>   api_rpcTNP: called samr successfully
>
>
> In particular, I find the decode_pw_buffer warnings to be troubling =20=

> (there are
> no passwords in the LDAP entry at this point). Perhaps an initialized
> variable? Any help would be most appreciated.
>
> regards,
> Greg
>
>
> --=20
> Greg Dickie
> just a guy
> Maximum Throughput
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list