[Samba] Re: security=domain problems

Peter T Greening peteman at math.unm.edu
Thu Jul 31 21:42:57 GMT 2003 

So we have also done the following since I sent the first message
Built samba 2.2.8a, and gave it the config files. no change

performed the following re-adding process:
deleted sporadics(our samba box) from the domain
shutdown the BDC
rebooted the PDC
booted the BDC
added sporadics to the domain
issued the following command on sporadics:
smbpasswd -j olympus -r zeus

no change.
also tried the same process, but with the following smbpasswd command:
smbpasswd -j olympus -r zeus -U peteman
<input password>
peteman is a domain admin
both this and the previous smbpasswd command completed successfully, 
with the message Joined domain OLYMPUS.

Thanks again for any insight someone may be able to shed on this mystery.


Peter T Greening wrote:
> Hi all,
> We are having some problems getting a solaris 9(sparc) file server 
> running samba 2.2.2 to authenticate aginst a windows NT 4 PDC.  Let me 
> say first that this was all working at one time, then we had some data 
> corrumption on our NFS mounted /usr/local, and had to restore from tape. 
>  Due to some issues with solaris ufsdump and ufsrestore, stuff was not 
> quite put back properly.  We do have the original working smb.conf, and 
> binaries.
> 
> Our file server's netbios name is sporadics.  Our NT domain has a PDC 
> named zeus and a BDC named zeus2.  Our test client running linux redhat 
> is named dali.
> 
> After the restore from tape, we went to the PDC, server manager, and 
> deleted sporadics.  We then went to sporadics and issued the following 
> command:
> 
>  > smbpasswd -j olympus -r zeus -U administrator
> Password:
> Joined domain OLYMPUS.
>  >
> 
> all looks good so far.
> 
> this causes the creation of 
> /usr/local/pkg/samba/samba-2.2.2/private/secrets.tdb.
> 
> Our smb.conf file's global section is as follows:
> [global]
> workgroup = OLYMPUS
> hosts allow = 64.106.38. 10.0.0.0/23
> netbios name = sporadics
> security = domain
> password server = ZEUS ZEUS2
> encrypt passwords = yes
> log file = /math/log/rahab/samba/log.%m
> max log size = 500
> #socket options = TCP_NODELAY
> local master = no
> 
> Which I am almost poisitive is fine.  This config file was running 
> before the data loss.
> 
> Now, when we try to do a smbclient -L sporadics from our test machine, 
> we get the following failure:
> peteman at dali:/math/system2/solaris-sparc/local/bin
>  >smbclient -L sporadics
> added interface ip=64.106.38.78 bcast=64.106.38.255 nmask=255.255.255.0
> Got a positive name query response from 64.106.38.15 ( 64.106.38.15 )
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
> peteman at dali:/math/system2/solaris-sparc/local/bin
>  >
> 
> A quick look at log.dali shows us that sporadics can not authenticate 
> itself with the pdc:
> [2003/07/30 16:48:14, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
>   cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
> [2003/07/30 16:48:14, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
>   cli_nt_setup_creds: auth2 challenge failed
> [2003/07/30 16:48:14, 0] 
> smbd/password.c:connect_to_domain_password_server(1372)
>   connect_to_domain_password_server: unable to setup the PDC credentials 
> to machine ZEUS. Error was : NT_STATUS_ACCESS_DENIED.
> [2003/07/30 16:48:14, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
>   cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
> [2003/07/30 16:48:14, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
>   cli_nt_setup_creds: auth2 challenge failed
> [2003/07/30 16:48:14, 0] 
> smbd/password.c:connect_to_domain_password_server(1372)
>   connect_to_domain_password_server: unable to setup the PDC credentials 
> to machine ZEUS2. Error was : NT_STATUS_ACCESS_DENIED.
> [2003/07/30 16:48:14, 0] smbd/password.c:domain_client_validate(1591)
>   domain_client_validate: Domain password server not available.
> [2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
>   startsmbfilepwent_internal: unable to open file 
> /export/system/solaris-sparc/pkg/samba/samba-2.2.2/private/smbpasswd. 
> Error was No such file or directory
> [2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
>   unable to open passdb database.
> [2003/07/30 16:48:14, 1] smbd/password.c:pass_check_smb(546)
>   Couldn't find user 'peteman' in passdb.
> [2003/07/30 16:48:14, 2] smbd/reply.c:reply_sesssetup_and_X(970)
>   NT Password did not match for user 'peteman'!
> [2003/07/30 16:48:14, 2] smbd/reply.c:reply_sesssetup_and_X(980)
>   Defaulting to Lanman password for peteman
> [2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
>   startsmbfilepwent_internal: unable to open file 
> /export/system/solaris-sparc/pkg/samba/samba-2.2.2/private/smbpasswd. 
> Error was No such file or directory
> [2003/07/30 16:48:14, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1368)
>   unable to open passdb database.
> [2003/07/30 16:48:14, 1] smbd/password.c:pass_check_smb(546)
>   Couldn't find user 'peteman' in passdb.
> [2003/07/30 16:48:14, 1] smbd/reply.c:reply_sesssetup_and_X(995)
>   Rejecting user 'peteman': authentication failed
> [2003/07/30 16:48:14, 2] smbd/server.c:exit_server(458)
>   Closing connections
> 
> the PDC zeus lists the following error message:
> The session setup from the computer SPORADICS failed to authenticate. 
> The name of the account referenced in the security database is 
> SPORADICS$.  The following error occurred:
> Access is denied.
> 
> Which implies that the smbpasswd -j olympus never worked right.
> Does anyone have any idea whats going on here? any help would be greatly 
> apreciated.  Thanks in advance, the entire UNM math department.
> 
>

More information about the samba mailing list