[Samba] security=domain problems

Peter T Greening peteman at math.unm.edu
Wed Jul 30 23:11:08 GMT 2003 

Hi all,
We are having some problems getting a solaris 9(sparc) file server 
running samba 2.2.2 to authenticate aginst a windows NT 4 PDC.  Let me 
say first that this was all working at one time, then we had some data 
corrumption on our NFS mounted /usr/local, and had to restore from tape. 
  Due to some issues with solaris ufsdump and ufsrestore, stuff was not 
quite put back properly.  We do have the original working smb.conf, and 
binaries.

Our file server's netbios name is sporadics.  Our NT domain has a PDC 
named zeus and a BDC named zeus2.  Our test client running linux redhat 
is named dali.

After the restore from tape, we went to the PDC, server manager, and 
deleted sporadics.  We then went to sporadics and issued the following 
command:

 > smbpasswd -j olympus -r zeus -U administrator
Password:
Joined domain OLYMPUS.
 >

all looks good so far.

this causes the creation of 
/usr/local/pkg/samba/samba-2.2.2/private/secrets.tdb.

Our smb.conf file's global section is as follows:
[global]
workgroup = OLYMPUS
hosts allow = 64.106.38. 10.0.0.0/23
netbios name = sporadics
security = domain
password server = ZEUS ZEUS2
encrypt passwords = yes
log file = /math/log/rahab/samba/log.%m
max log size = 500
#socket options = TCP_NODELAY
local master = no

Which I am almost poisitive is fine.  This config file was running 
before the data loss.

Now, when we try to do a smbclient -L sporadics from our test machine, 
we get the following failure:
peteman at dali:/math/system2/solaris-sparc/local/bin
 >smbclient -L sporadics
added interface ip=64.106.38.78 bcast=64.106.38.255 nmask=255.255.255.0
Got a positive name query response from 64.106.38.15 ( 64.106.38.15 )
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
peteman at dali:/math/system2/solaris-sparc/local/bin
 >

A quick look at log.dali shows us that sporadics can not authenticate 
itself with the pdc:
[2003/07/30 16:48:14, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
   cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/07/30 16:48:14, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
   cli_nt_setup_creds: auth2 challenge failed
[2003/07/30 16:48:14, 0] 
smbd/password.c:connect_to_domain_password_server(1372)
   connect_to_domain_password_server: unable to setup the PDC 
credentials to machine ZEUS. Error was : NT_STATUS_ACCESS_DENIED.
[2003/07/30 16:48:14, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
   cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/07/30 16:48:14, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
   cli_nt_setup_creds: auth2 challenge failed
[2003/07/30 16:48:14, 0] 
smbd/password.c:connect_to_domain_password_server(1372)
   connect_to_domain_password_server: unable to setup the PDC 
credentials to machine ZEUS2. Error was : NT_STATUS_ACCESS_DENIED.
[2003/07/30 16:48:14, 0] smbd/password.c:domain_client_validate(1591)
   domain_client_validate: Domain password server not available.
[2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
   startsmbfilepwent_internal: unable to open file 
/export/system/solaris-sparc/pkg/samba/samba-2.2.2/private/smbpasswd. 
Error was No such file or directory
[2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
   unable to open passdb database.
[2003/07/30 16:48:14, 1] smbd/password.c:pass_check_smb(546)
   Couldn't find user 'peteman' in passdb.
[2003/07/30 16:48:14, 2] smbd/reply.c:reply_sesssetup_and_X(970)
   NT Password did not match for user 'peteman'!
[2003/07/30 16:48:14, 2] smbd/reply.c:reply_sesssetup_and_X(980)
   Defaulting to Lanman password for peteman
[2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
   startsmbfilepwent_internal: unable to open file 
/export/system/solaris-sparc/pkg/samba/samba-2.2.2/private/smbpasswd. 
Error was No such file or directory
[2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
   unable to open passdb database.
[2003/07/30 16:48:14, 1] smbd/password.c:pass_check_smb(546)
   Couldn't find user 'peteman' in passdb.
[2003/07/30 16:48:14, 1] smbd/reply.c:reply_sesssetup_and_X(995)
   Rejecting user 'peteman': authentication failed
[2003/07/30 16:48:14, 2] smbd/server.c:exit_server(458)
   Closing connections

the PDC zeus lists the following error message:
The session setup from the computer SPORADICS failed to authenticate. 
The name of the account referenced in the security database is 
SPORADICS$.  The following error occurred:
Access is denied.

Which implies that the smbpasswd -j olympus never worked right.
Does anyone have any idea whats going on here? any help would be greatly 
apreciated.  Thanks in advance, the entire UNM math department.

More information about the samba mailing list