[Samba] security = domain and Mac OS X

Michael Bartosh mbartosh at mac.com
Mon Jan 6 01:05:01 GMT 2003 

I've set up Samba on Mac OS X to do pass through authentication to 
the nt domain in AD several times now. No big deal, it usually just 
works.

Now, however, it doesn't appear to be working. Note the relevant part 
of the transaction below (loglevel 4).

Steps to replicate:

	a) Add pre-Win2K account with AD Users and computers
	b) sudo smbpasswd -j EXAMPLE -r WINSERVER -U Administrator%passwd
		(happens successfully)
	c) in smb.conf:
		security = domain
		password server = WINSERVER

nmblookup works for WINSERVER.

[xserve:~] zinch% smbd -V
Version 2.2.3a
[xserve:~] zinch% sw_vers
ProductName:    Mac OS X Server
ProductVersion: 10.2.3
BuildVersion:   6G30


transaction in log:

[2003/01/05 16:49:38, 3] 
/SourceCache/samba/samba-21/source/lib/util_sock.c:open_socket_out(830)
   Connecting to 192.168.1.2 at port 445
[2003/01/05 16:49:38, 4] 
/SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_req_chal(221)
   cli_net_req_chal: LSA Request Challenge from WINSERVER to XSERVE: 
965B45EE4F419A71
[2003/01/05 16:49:38, 4] 
/SourceCache/samba/samba-21/source/libsmb/credentials.c:cred_session_key(60)
   cred_session_key
[2003/01/05 16:49:38, 4] 
/SourceCache/samba/samba-21/source/libsmb/credentials.c:cred_create(91)
   cred_create
[2003/01/05 16:49:38, 4] 
/SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_auth2(132)
   cli_net_auth2: srv:\\WINSERVER acct:XSERVE$ sc:2 mc: XSERVE chal 
B58AF439B186C221 neg: 1ff
[2003/01/05 16:49:38, 0] 
/SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_auth2(157)
   cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/01/05 16:49:38, 0] 
/SourceCache/samba/samba-21/source/rpc_client/cli_login.c:cli_nt_setup_creds(74)
   cli_nt_setup_creds: auth2 challenge failed
[2003/01/05 16:49:38, 0] 
/SourceCache/samba/samba-21/source/smbd/password.c:connect_to_domain_password_server(1340)
   connect_to_domain_password_server: unable to setup the PDC 
credentials to machine WINSERVER. Error was : NT_STATUS_OK.
[2003/01/05 16:49:38, 0] 
/SourceCache/samba/samba-21/source/smbd/password.c:domain_client_validate(1558)
   domain_client_validate: Domain password server not available.


nmblookup (snipped)
[xserve:~] root# nmblookup -d4 WINSERVER
<snip>
querying WINSERVER on 192.168.1.255
nmb packet from 192.168.1.2(137) header: id=7983 opcode=Query(0) response=Yes
     header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
     header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
     answers: nmb_name=WINSERVER<00> rr_type=32 rr_class=1 ttl=300000
     answers   0 char `.....   hex 6000C0A80102
Got a positive name query response from 192.168.1.2 ( 192.168.1.2 )
192.168.1.2 WINSERVER<00>

I've done it this way (as far as I remember) 5-6 times- in addition 
to sending these directions to several folks who reported back 
success. Not sure what's different here.
-- 
http://www.4am-media.com
Mac OS X Consulting and Training
Michael Bartosh
mbartosh at 4am-media.com
303.517.0272
Denver, CO


"The surest way to corrupt a youth is to instruct him to hold in higher
regard those who think alike than those who think differently."

- -- Nietzsche

			Think Different.

More information about the samba mailing list