[Samba] Samba Domain Support Problems

Brian White bcwhite at precidia.com
Fri Feb 21 20:44:52 GMT 2003 

I'm out of ideas here.  I'm trying to set up a computer network using samba
on Linux as the primary server and a WinXP machine as the client.  I'm just
beginning with XP, but I've been using Linux and Samba (for Win95/98) for
many years now.

So, I've set up samba machine "griffon" to support domains...

; Domain Stuff
domain master = yes
domain logons = yes
logon path = \\%L\profiles\%u
logon home = \\%L\%u
logon script = logon.cmd
add user script = /etc/samba/adduser %u

This should allow automatic "on-the-fly" creation of new machine accounts.


I've created a "samba administrative account" called "machines" in /etc/passwd

machines:x:0:5000:Machine Account (creator):/tmp:/bin/false

and a corresponding one in /etc/samba/smbpasswd

machines:0:3E3E844D9FA7D83317306D272A9441BB:57BCEA1EC8B53A61D032E6B338A0C23B:[UX         ]:LCT-3E56855C:


Under XP machine "watertown", I've gone to Control Panel, System, Computer
Name Changes, "member of domain 'precidia'", OK.


Samba runs and logs

[2003/02/21 15:30:58, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=GRIFFON          name2=WATERTOWN      
[2003/02/21 15:30:58, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=griffon remote=watertown
[2003/02/21 15:30:59, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176)
  get_md4pw: Workstation watertown$: no account in domain
[2003/02/21 15:30:59, 2] smbd/server.c:exit_server(458)
  Closing connections

calls /etc/samba/adduser and presto-chango, there is now an /etc/passwd entry

watertown$:x:5001:5000:Machine Account,,,:/tmp$:/bin/false

and a corresponding entry in /etc/samba/smbpasswd so that file is now

bcwhite:10001:C75CC291E06B5A54F7E62F36F8DB5AE6:1ADA7AD6BE20188D6F929F801B25443C:[U          ]:LCT-392D6EF2:
machines:0:3E3E844D9FA7D83317306D272A9441BB:57BCEA1EC8B53A61D032E6B338A0C23B:[UX         ]:LCT-3E56855C:
watertown$:5001:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NDW        ]:LCT-3E56858D:


Now things go wrong.  The rest of the log.smbd file shows

[2003/02/21 15:31:00, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=GRIFFON          name2=WATERTOWN      
[2003/02/21 15:31:00, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=griffon remote=watertown
[2003/02/21 15:31:03, 0] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2458)
  _samr_set_userinfo: Unable to get smbpasswd entry for uid 0
[2003/02/21 15:31:03, 0] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(2664)
  _samr_delete_dom_user: Not yet implemented.
[2003/02/21 15:31:03, 2] smbd/server.c:exit_server(458)
  Closing connections

I traced this around (using strace, log file, and source code) and determined
that samba is taking UID 0, looking it up in /etc/passwd to get the name
"root" and then trying to find "root" in /etc/samba/smbpasswd, but it doesn't
exist.


Next, I added a line to /etc/samba/smbpasswd of "root" for samba to find

root:0:CC596B7CE5FA59805ACDCD7C247FA83A:C1222219AEDBECEB895E7D9D0417A607:[UX         ]:LCT-3E5683CF:

This password happens to match the real unix password for that machine.


Next time I try, the log file looks like

[2003/02/21 15:32:30, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=GRIFFON          name2=WATERTOWN      
[2003/02/21 15:32:30, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=griffon remote=watertown
[2003/02/21 15:32:31, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176)
  get_md4pw: Workstation watertown$: no account in domain
[2003/02/21 15:32:31, 2] smbd/server.c:exit_server(458)
  Closing connections
[2003/02/21 15:32:32, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=GRIFFON          name2=WATERTOWN      
[2003/02/21 15:32:32, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=griffon remote=watertown
[2003/02/21 15:32:35, 0] libsmb/smbencrypt.c:decode_pw_buffer(259)
  decode_pw_buffer: incorrect password length (-193558569).
[2003/02/21 15:32:35, 0] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(2664)
  _samr_delete_dom_user: Not yet implemented.
[2003/02/21 15:32:36, 2] smbd/server.c:exit_server(458)
  Closing connections

The "watertown$" account was recreated (I deleted it before running this
attempt) but I was not able to figure out why the password length is so
wrong.  I am using shadow passwords here if that makes any difference.



Giving up on that line of thought, I decided to try just using the "root"
acount as the "samba administrative account".  That didn't work either:

Now when I try to connect to the domain, I get

[2003/02/21 15:36:12, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=GRIFFON          name2=WATERTOWN      
[2003/02/21 15:36:12, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=griffon remote=watertown
[2003/02/21 15:36:13, 0] smbd/service.c:make_connection(564)
  Can't become connected user!
[2003/02/21 15:36:13, 2] smbd/server.c:exit_server(458)
  Closing connections
[2003/02/21 15:36:14, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=GRIFFON          name2=WATERTOWN      
[2003/02/21 15:36:14, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=griffon remote=watertown
[2003/02/21 15:36:14, 0] smbd/service.c:make_connection(564)
  Can't become connected user!
[2003/02/21 15:36:14, 2] smbd/server.c:exit_server(458)
  Closing connections

I've verified the password (it's the same for both samba and unix) but
it still doesn't work.  Both "machine" uid-0 entries were removed for
this attempt.

I am now officially out of ideas.  Help?!?  What am I doing wrong here?

                                          Brian
                                 ( bcwhite at precidia.com )

-------------------------------------------------------------------------------
                  Don't drink and park.  Accidents cause kids.

More information about the samba mailing list