[Samba] Domain member help

Sat Feb 21 09:06:01 GMT 2004

Greetings,

I'm new to Samba and I'm wondering where I went wrong....

My setup:
Two FreeBSD 5.1 machines
Samba 3.0.1r2 from ports collection
One tdbsam domain controller and one member server - domcon and memsrv

My problem:
I've been working on this for a few days and still scratching my head.

I can view the base directory of the member server (only as root). But
when I try to access folder shares on the member server as a non-root
user, the WinXP pro client continually asks for login and password.  XP
is joined to the domain and I can browse and interact with the folder
shares on the DC perfectly fine.

I managed to crash the xp pro desktop an hour ago at the remote location
so now I'm using smbclient on both the DC and member server to try and
connect to the shared folders.

>From either machines, smbclient will access the shares on the DC fine
but gives "session setup failed: NT_STATUS_LOGON_FAILURE" when trying to
access shares on the member server.  Log.smbd on the member server
reports error while log.smbd on the domain controller reports success.

Wbinfo -u, -g and -t on the member server produce the correct results as
noted in the official reference guide.  Nsswitch.conf is setup by the
book from the Fast Start chapter and I assume that the fact that I can
at least browse to it means it's working.

Log.smbd on the memberserver indicates a "no such user" failure while
the corresponding logs in the domain controller show success.
Log.winbind on the member looks like it is good too.

Following, I've put up smb.conf, an smbclient session for a user "neil"
who exists on the DC in the ntadmins group which is mapped to Domain
Admins.   I've also included log.smbd from both DC and MS and
log.winbind from the member server.  (I assume winbind is not necessary
on the DC as it's not being used to querry another DC.

Thanks in advance,
Bill Ing

The SMB.CONF file on the member server with just a test directory:
************************
[global]
workgroup = DOM
netbios name = MEMSRV
security = DOMAIN
encrypt passwords = yes
password server = DOMCON
idmap uid = 10000-15000
idmap gid = 10000-15000
winbind separator = '\'
winbind use default domain = Yes
winbind enum users = yes
winbind enum groups = yes
disable spoolss = Yes
use sendfile = No
log level = 2 passdb:2 auth:2 winbind:2

[test]
path = /share/test
valid users = @ntadmins

*************************

The error messages and logs:
PROMPT:
memsrv# smbclient //memsrv/test -U neil
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

MEMSRV log.smbd:
[2004/02/21 03:32:27, 10] nsswitch/wb_client.c:winbind_create_user(390)
  winbind_create_user: neil
[2004/02/21 03:32:27, 0] auth/auth_util.c:make_server_info_info3(1080)
  make_server_info_info3: pdb_init_sam failed!
[2004/02/21 03:32:27, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [neil] -> [neil] FAILED
with error NT_STATUS_NO_SUCH_USER [2004/02/21 03:32:27, 2]
smbd/server.c:exit_server(558)
  Closing connections

MEMSRV log.winbind:
[2004/02/21 04:04:13, 6] nsswitch/winbindd.c:new_connection(342)
  accepted socket 20
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457)
  client_read: read 1568 bytes. Need 0 more for a full request.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307)
  process_request: request fn INTERFACE_VERSION
[2004/02/21 04:04:13, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(232)
  [ 1130]: request interface version
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511)
  client_write: wrote 1300 bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457)
  client_read: read 1568 bytes. Need 0 more for a full request.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2004/02/21 04:04:13, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(268)
  [ 1130]: request location of privileged pipe
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511)
  client_write: wrote 1300 bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(556)
  client_write: need to write 30 extra data bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511)
  client_write: wrote 30 bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(545)
  client_write: client_write: complete response written.
[2004/02/21 04:04:13, 6] nsswitch/winbindd.c:new_connection(342)
  accepted socket 21
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457)
  client_read: read 0 bytes. Need 1568 more for a full request.
[2004/02/21 04:04:13, 5] nsswitch/winbindd.c:winbind_client_read(464)
  read failed on sock 20, pid 1130: EOF
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457)
  client_read: read 1568 bytes. Need 0 more for a full request.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307)
  process_request: request fn PING
[2004/02/21 04:04:13, 3] nsswitch/winbindd_misc.c:winbindd_ping(209)
  [ 1130]: ping
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511)
  client_write: wrote 1300 bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457)
  client_read: read 1568 bytes. Need 0 more for a full request.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307)
  process_request: request fn AUTH_CRAP
[2004/02/21 04:04:13, 3]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(275)
  [ 1130]: pam auth crap domain: YACIL user: neil
[2004/02/21 04:04:13, 5]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(398)
  NTLM CRAP authentication for user [DOM]\[neil] returned NT_STATUS_OK
(PAM: 0)
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511)
  client_write: wrote 1300 bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(556)
  client_write: need to write 1024 extra data bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511)
  client_write: wrote 1024 bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(545)
  client_write: client_write: complete response written.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457)
  client_read: read 1568 bytes. Need 0 more for a full request.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307)
  process_request: request fn CREATE_USER
[2004/02/21 04:04:13, 3]
nsswitch/winbindd_acct.c:winbindd_create_user(876)
  [ 1130]: create_user: user=>(neil), group=>()
[2004/02/21 04:04:13, 5] nsswitch/winbindd_acct.c:wb_getgrnam(522)
  wb_getgrnam: Did not find group (nobody)
[2004/02/21 04:04:13, 10] nsswitch/winbindd_acct.c:passwd2string(158)
  passwd2string: converting passwd struct for neil
[2004/02/21 04:04:13, 10] nsswitch/winbindd_acct.c:wb_storepwnam(487)
  wb_storepwnam: Success ->
"neil:x:15169:65534:neil:/home/MEMSRV/neil:/bin/false"
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511)
  client_write: wrote 1300 bytes.
[2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457)
  client_read: read 0 bytes. Need 1568 more for a full request.
[2004/02/21 04:04:13, 5] nsswitch/winbindd.c:winbind_client_read(464)
  read failed on sock 21, pid 1130: EOF

DOMCON log.smbd:
[2004/02/21 03:32:11, 3] smbd/process.c:process_smb(890)
  Transaction 38 of length 446
[2004/02/21 03:32:11, 3] smbd/process.c:switch_message(685)
  switch message SMBtrans (pid 759)
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/21 03:32:11, 3] smbd/ipc.c:reply_trans(538)
  trans <\PIPE\> data=360 params=0 setup=2
[2004/02/21 03:32:11, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2004/02/21 03:32:11, 3] smbd/ipc.c:api_fd_reply(296)
  Got API command 0x26 on pipe "NETLOGON" (pnum 7721)free_pipe_context:
destroying talloc pool of size 0 [2004/02/21 03:32:11, 3]
rpc_server/srv_pipe.c:api_rpcTNP(1509)
  api_rpcTNP: rpc command: NET_SAMLOGON
[2004/02/21 03:32:11, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(577)
  SAM Logon (Network). Domain:[DOM].  User:[neil@\\MEMSRV] Requested
Domain:[DOM] [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/02/21 03:32:11, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/21 03:32:11, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[DOM]\[neil]@[\\MEMSRV] with the new password interface [2004/02/21
03:32:11, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [YACIL]\[neil]@[\\MEMSRV]
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/02/21 03:32:11, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/21 03:32:11, 3]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)
  fetch sid from gid cache 1001 ->
S-1-5-21-3648978000-1548753113-311820641-512
[2004/02/21 03:32:11, 3]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)
  fetch sid from gid cache 1001 ->
S-1-5-21-3648978000-1548753113-311820641-512
[2004/02/21 03:32:11, 3]
passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)
  fetch sid from gid cache 1011 ->
S-1-5-21-3648978000-1548753113-311820641-3023
[2004/02/21 03:32:11, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [neil] succeeded
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/02/21 03:32:11, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/02/21 03:32:11, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/21 03:32:11, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [neil] -> [neil] ->
[neil] succeeded [2004/02/21 03:32:11, 3]
rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 4856 [2004/02/21
03:32:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/21 03:32:49, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0