[Samba] Need help configuring Samba3/LDAP PDC
Aaron Ogden
aogden at gxt.com
Wed Jun 9 20:33:54 GMT 2004
Hello all,
I'm following along in chapter 6 of John Terpstra's "Samba 3 By Example"
and I've got everything working great up until the point where I join
the machine to the new domain (step 17 on page 155). The command *net
rpc join -U Administrator* fails with the errors below.
palpatine:/var/lib/samba/sbin # net -d 4 rpc join -U Administrator
[2004/06/09 15:13:35, 3] param/loadparm.c:lp_load(3881)
lp_load: refreshing parameters
[2004/06/09 15:13:35, 3] param/loadparm.c:init_globals(1309)
Initialising global parameters
[2004/06/09 15:13:35, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2004/06/09 15:13:35, 3] param/loadparm.c:do_section(3379)
Processing section "[global]"
doing parameter unix charset = LOCALE
doing parameter workgroup = GXT
doing parameter netbios name = GXTPDC
[2004/06/09 15:13:35, 4] param/loadparm.c:handle_netbios_name(2723)
handle_netbios_name: set global_myname to: GXTPDC
doing parameter interfaces = eth0, lo
doing parameter bind interfaces only = Yes
doing parameter passdb backend = ldapsam:ldap://ldap.gxt.com
doing parameter username map = /etc/samba/smbusers
doing parameter log level = 1
doing parameter syslog = 0
doing parameter log file = /var/log/samba/%m
doing parameter max log size = 50
doing parameter smb ports = 139 445
doing parameter name resolve order = wins bcast hosts
doing parameter time server = Yes
doing parameter printcap name = CUPS
doing parameter show add printer wizard = No
doing parameter add user script =
/var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
doing parameter delete user script =
/var/lib/samba/sbin/smbldap-userdel.pl '%u'
doing parameter add group script =
/var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
doing parameter delete group script =
/var/lib/samba/sbin/smbldap-groupdel.pl '%g'
doing parameter add user to group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
doing parameter delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
doing parameter set primary group script =
/var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u'
doing parameter add machine script =
/var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh
doing parameter abort shutdown script = /sbin/shutdown -c
doing parameter logon script = scripts\logon.bat
doing parameter logon path = \\%L\profiles\%U
doing parameter logon drive = X:
doing parameter domain logons = Yes
doing parameter preferred master = Yes
doing parameter wins support = Yes
doing parameter ldap suffix = dc=gxt,dc=com
doing parameter ldap machine suffix = ou=people
doing parameter ldap user suffix = ou=people
doing parameter ldap group suffix = ou=groups
doing parameter ldap idmap suffix = ou=idmap
doing parameter ldap admin dn = cn=admin,dc=gxt,dc=com
doing parameter idmap backend = ldap://ldap.gxt.com
doing parameter idmap uid = 10000-20000
doing parameter idmap gid = 10000-20000
doing parameter map acl inherit = Yes
doing parameter printing = cups
doing parameter printer admin = Administrator
[2004/06/09 15:13:35, 4] param/loadparm.c:lp_load(3913)
pm_process() returned Yes
[2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79)
added interface ip=172.17.0.240 bcast=172.17.3.255 nmask=255.255.252.0
[2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2004/06/09 15:13:35, 3] libsmb/cliconnect.c:cli_start_connection(1373)
Connecting to host=GXTPDC
[2004/06/09 15:13:35, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 172.17.0.240 at port 445
[2004/06/09 15:13:35, 4] lib/time.c:get_serverzone(122)
Serverzone is 18000
[2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
cli_net_req_chal: LSA Request Challenge from GXTPDC to GXTPDC:
1F9217647828E59B
[2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_session_key(59)
cred_session_key
[2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
cli_net_auth2: srv:\\GXTPDC acct:GXTPDC$ sc:6 mc: GXTPDC chal
B3BA8E48EB059670 neg: 400701ff
[2004/06/09 15:13:35, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283)
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2004/06/09 15:13:35, 3] libsmb/trusts_util.c:just_change_the_password(43)
just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2004/06/09 15:13:35, 1] utils/net_rpc.c:run_rpc_command(141)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password:
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_start_connection(1373)
Connecting to host=GXTPDC
[2004/06/09 15:14:11, 3] lib/util_sock.c:open_socket_out(735)
Connecting to 172.17.0.240 at port 445
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705)
Doing spnego session setup (blob length=58)
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730)
got OID=1 3 6 1 4 1 311 2 2 10
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737)
got principal=NONE
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
Got challenge flags:
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60890215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
NTLMSSP: Set final flags:
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2004/06/09 15:14:11, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup(854)
SPNEGO login failed: Logon failure
[2004/06/09 15:14:11, 1] libsmb/cliconnect.c:cli_full_connection(1461)
failed session setup with NT_STATUS_LOGON_FAILURE
Could not connect to server GXTPDC
The username or password was not correct.
[2004/06/09 15:14:11, 2] utils/net.c:main(792)
return code = 1
I've already set Administrator's password with *smbpasswd *and
*smbldap-password.pl *but I still cannot authenticate. Anonymous access
(e.g. *smbclient -L localhost -U%*) works fine so it seems that there is
something wrong with the LDAP SAM. I am using the same LDAP directory
to authenticate linux clients and provide autofs maps and everything is
working fine... except for Samba. Has anyone else encountered this
problem? Tridge, Terpstra, Allison, are you out there?
I have torn down the LDAP/Samba stack several times and rebuilt it from
scratch. I get the same behavior every time.
I am running on SuSE 9.1 using openldap 2.2.6 and samba 3.0.4 (SuSE
packages). Thanks in advance!
--aaron
More information about the samba
mailing list