SPNEDO [was Re: [Samba] samba>=3.0.4 - no more smbpasswd ?...]

Thu Dec 9 14:45:13 GMT 2004

On Thu, 2004-12-09 at 07:19 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Greg Folkert wrote:
> 
> |>Doing spnego session setup (blob length=58)
> |>got OID=1 3 6 1 4 1 311 2 2 10
> |>got principal=NONE
> |>Got challenge flags:
> |>Got NTLMSSP neg_flags=0x60890215
> |>NTLMSSP: Set final flags:
> |>Got NTLMSSP neg_flags=0x60080215
> |>NTLMSSP Sign/Seal - Initialising with flags:
> |>Got NTLMSSP neg_flags=0x60080215
> |>SPENGO login failed: Logon failure
> |>session setup failed: NT_STATUS_LOGON_FAILURE
> |
> |
> | Spegno has a problem in 3.0.4 and maybe other versions as well.
> 
> Not that I'm disagreeing, but there have been a lot of
> urban legends surround Samba's spnego implementation.
> What specific bug are you referring to ?  We haven't
> changed that code much at all in a while now.

Well, I see spegno failures on the machines I have joined to my Samba
PDC (using tbd backend), especially for for some reason, those machines
that have these failures... which didn't start until v3.0.4 now cannot
find the Samba-PDC if they boot with the Network cable in. If they boot
with the cable out and we wait until the CTRL-ATL-DEL splash comes up
and *THEN* plug in the cable, they find it and the roaming profiles just
honky dory. Domain Login script works, shares are all mapped, printers
work... etc.

Now, I have severed from the Domain... changed machine names, changed
the user that actually joined the machine to the domain, made sure the
PDC SID is all good, edited anything that was incorrect, just to make
sure, there was nothing incorrect, nothing was wrong in the server side
or client side.

I also removed all WINS info after a stop and before a start... even
completely re-created the whole domain. These same clients... no matter
what do not find the PDC when the link-light is showing on the NIC when
it boots.

These machine are all over the map as far as network hardware; Intel
e100, e1000, 3Com 3CXXX, Broadcom, Belkin, D-Link, even one machine has
an ISA SMC card in it.

I have even took one machine to another companies network and did a join
to their ADS Domain and it just worked. Came back to mine (after an
un-join from theirs) and the same problem exists. But some machines...
especially notable are Virtual Machines, these Virtual machines are
VMware machines. They have exactly Zero (0) problems with the network
connected when they boot on Linux machines that don't even have Samba on
them. The Linux machines use NFS to do things.

So, at this point, I just gave up. Company moved to new Locale, I have a
100% new and certified Wiring Plant, with 100% new and properly working
Giga-Bit Backbone and Switches serving everything. The PDC acquired a
D-Link SK98LIN(kernel module name) GB card and is connected to the
Backbone directly. Same problem exists. I sort of hoped it was the Old
Wiring Plant or Networking Gear.

BTW, since I gave up trying to fix it, I turned off all debug logging. I
can turn it back on and do the dance for you and give you the logs. I
have Win95OSR2, Win98SE, WNT4 sp6a, W2K SP4 plus hot fixes, WinXPSP2+
and nothing Win2k3 or longhorn beta.

I am all EARs/WARs/JARs (drinking^W using Java at the moment)
-- 
greg, greg at gregfolkert.net

The technology that is
Stronger, better, faster: Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041209/91df9750/attachment.bin