[Samba] PDC/LDAP domain login problems

Anthony Hess tonyh at engr.arizona.edu
Mon Aug 16 23:19:51 GMT 2004 

OK - I finally am able to join machines to the domain, but I cant log in to
them (at least not my test client anyway).  If anyone can help I would be
really really appreciative!

Platform:  Solaris 9, Samba 3.0.5, Sun One Directory Server 5.1

error is:
The system could not log you on.  Make sure your User name and domain are
correct, then type your password again.  Letters in passwords must be typed
using the correct case.  Make sure that Caps Lock is not accidentally on.

The smbd.log file says:

[2004/08/16 16:08:10, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [tony] -> [tony] -> [tony]
succeeded

but also :( -

[2004/08/16 16:08:10, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.

(not sure if that's the problem, but it seems like a good place to look)

Samba settings for signing and secure channel are (using testparm -v):
        client schannel = Auto
        server schannel = Auto
       client signing = auto
        server signing = No

The corresponding Windows (in this case 2000 SP4) Local Security Settings >
Local Policies > Security Options has:
Digitally sign client communication (always)            Disabled
Digitally sign client communication (when possible)        Enabled
Digitally sign server communication (always)            Disabled
Digitally sign server communication (when possible)        Disabled

Secure channel:  Digitally encrypt or sign secure channel data (always)
Disabled
Secure channel:  Digitally encrypt secure channel data (when possible)
Enabled
Secure channel:  Digitally sign secure channel data (when possible)
Enabled
Secure channel:  Require strong (Windows 2000 or later) session key
Disabled

Anyone have any ideas?  The settings on both sides SEEM to match up - or am
I barking up the wrong tree?

Tony


Full level 2 smbd.log file:

[2004/08/16 16:06:47, 2] smbd/server.c:exit_server(568)
  Closing connections
[2004/08/16 16:06:47, 2] smbd/sesssetup.c:setup_new_vc_session(602)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/08/16 16:06:47, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(587)
  Unknown packet in reply_sesssetup_and_X_spnego
[2004/08/16 16:06:47, 2] smbd/sesssetup.c:setup_new_vc_session(602)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/08/16 16:06:47, 1] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(587)
  Unknown packet in reply_sesssetup_and_X_spnego
[2004/08/16 16:07:59, 2] smbd/server.c:exit_server(568)
  Closing connections
[2004/08/16 16:08:10, 2] lib/smbldap.c:smbldap_search_domain_info(1344)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MGETMP))]
[2004/08/16 16:08:10, 2] lib/smbldap.c:smbldap_open_connection(639)
  smbldap_open_connection: connection opened
[2004/08/16 16:08:10, 2] smbd/reply.c:reply_special(208)
  netbios connect: name1=YELLOW          name2=ST32
[2004/08/16 16:08:10, 2] smbd/reply.c:reply_special(215)
  netbios connect: local=yellow remote=st32, name type = 0
[2004/08/16 16:08:10, 2] smbd/sesssetup.c:setup_new_vc_session(602)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/08/16 16:08:10, 2] smbd/sesssetup.c:setup_new_vc_session(602)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/08/16 16:08:10, 2] rpc_parse/parse_prs.c:netsec_decode(1575)
  netsec_decode: FAILED: packet sequence number:
[2004/08/16 16:08:10, 2] lib/util.c:dump_data(1864)
  [000] D4 C5 1B 87 25 56 1F 06                           ....%V..
[2004/08/16 16:08:10, 2] rpc_parse/parse_prs.c:netsec_decode(1577)
  should be:
[2004/08/16 16:08:10, 2] lib/util.c:dump_data(1864)
  [000] 00 00 00 00 80 00 00 00                           ........
[2004/08/16 16:08:10, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1397)
  failed to decode PDU
[2004/08/16 16:08:10, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.
[2004/08/16 16:08:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
  init_sam_from_ldap: Entry found for user: st32$
[2004/08/16 16:08:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(483)
  init_sam_from_ldap: Entry found for user: tony
[2004/08/16 16:08:10, 2] passdb/pdb_ldap.c:init_group_from_ldap(1792)
  init_group_from_ldap: Entry found for group: 512
[2004/08/16 16:08:10, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [tony] -> [tony] -> [tony]
succeeded
[2004/08/16 16:08:47, 2] smbd/process.c:timeout_processing(1138)
  Closing idle connection
[2004/08/16 16:08:47, 2] smbd/server.c:exit_server(568)
  Closing connections

More information about the samba mailing list