[Samba] Need help configuring Samba3/LDAP PDC

Aaron Ogden aogden at gxt.com
Wed Jun 9 20:33:54 GMT 2004 

Hello all,
I'm following along in chapter 6 of John Terpstra's "Samba 3 By Example" 
and I've got everything working great up until the point where I join 
the machine to the new domain (step 17 on page 155).  The command *net 
rpc join -U Administrator* fails with the errors below.

palpatine:/var/lib/samba/sbin # net -d 4 rpc join -U Administrator
[2004/06/09 15:13:35, 3] param/loadparm.c:lp_load(3881)
  lp_load: refreshing parameters
[2004/06/09 15:13:35, 3] param/loadparm.c:init_globals(1309)
  Initialising global parameters
[2004/06/09 15:13:35, 3] param/params.c:pm_process(566)
  params.c:pm_process() - Processing configuration file 
"/etc/samba/smb.conf"
[2004/06/09 15:13:35, 3] param/loadparm.c:do_section(3379)
  Processing section "[global]"
  doing parameter unix charset = LOCALE
  doing parameter workgroup = GXT
  doing parameter netbios name = GXTPDC
[2004/06/09 15:13:35, 4] param/loadparm.c:handle_netbios_name(2723)
  handle_netbios_name: set global_myname to: GXTPDC
  doing parameter interfaces = eth0, lo
  doing parameter bind interfaces only = Yes
  doing parameter passdb backend = ldapsam:ldap://ldap.gxt.com
  doing parameter username map = /etc/samba/smbusers
  doing parameter log level = 1
  doing parameter syslog = 0
  doing parameter log file = /var/log/samba/%m
  doing parameter max log size = 50
  doing parameter smb ports = 139 445
  doing parameter name resolve order = wins bcast hosts
  doing parameter time server = Yes
  doing parameter printcap name = CUPS
  doing parameter show add printer wizard = No
  doing parameter add user script = 
/var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
  doing parameter delete user script = 
/var/lib/samba/sbin/smbldap-userdel.pl '%u'
  doing parameter add group script = 
/var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
  doing parameter delete group script = 
/var/lib/samba/sbin/smbldap-groupdel.pl '%g'
  doing parameter add user to group script = 
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
  doing parameter delete user from group script = 
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
  doing parameter set primary group script = 
/var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u'
  doing parameter add machine script = 
/var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
  doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh
  doing parameter abort shutdown script = /sbin/shutdown -c
  doing parameter logon script = scripts\logon.bat
  doing parameter logon path = \\%L\profiles\%U
  doing parameter logon drive = X:
  doing parameter domain logons = Yes
  doing parameter preferred master = Yes
  doing parameter wins support = Yes
  doing parameter ldap suffix = dc=gxt,dc=com
  doing parameter ldap machine suffix = ou=people
  doing parameter ldap user suffix = ou=people
  doing parameter ldap group suffix = ou=groups
  doing parameter ldap idmap suffix = ou=idmap
  doing parameter ldap admin dn = cn=admin,dc=gxt,dc=com
  doing parameter idmap backend = ldap://ldap.gxt.com
  doing parameter idmap uid = 10000-20000
  doing parameter idmap gid = 10000-20000
  doing parameter map acl inherit = Yes
  doing parameter printing = cups
  doing parameter printer admin = Administrator
[2004/06/09 15:13:35, 4] param/loadparm.c:lp_load(3913)
  pm_process() returned Yes
[2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79)
  added interface ip=172.17.0.240 bcast=172.17.3.255 nmask=255.255.252.0
[2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79)
  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2004/06/09 15:13:35, 3] libsmb/cliconnect.c:cli_start_connection(1373)
  Connecting to host=GXTPDC
[2004/06/09 15:13:35, 3] lib/util_sock.c:open_socket_out(735)
  Connecting to 172.17.0.240 at port 445
[2004/06/09 15:13:35, 4] lib/time.c:get_serverzone(122)
  Serverzone is 18000
[2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
  cli_net_req_chal: LSA Request Challenge from GXTPDC to GXTPDC: 
1F9217647828E59B
[2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_session_key(59)
  cred_session_key
[2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_create(90)
  cred_create
[2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
  cli_net_auth2: srv:\\GXTPDC acct:GXTPDC$ sc:6 mc: GXTPDC chal 
B3BA8E48EB059670 neg: 400701ff
[2004/06/09 15:13:35, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2004/06/09 15:13:35, 3] libsmb/trusts_util.c:just_change_the_password(43)
  just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2004/06/09 15:13:35, 1] utils/net_rpc.c:run_rpc_command(141)
  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password:
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_start_connection(1373)
  Connecting to host=GXTPDC
[2004/06/09 15:14:11, 3] lib/util_sock.c:open_socket_out(735)
  Connecting to 172.17.0.240 at port 445
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705)
  Doing spnego session setup (blob length=58)
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730)
  got OID=1 3 6 1 4 1 311 2 2 10
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737)
  got principal=NONE
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
  Got challenge flags:
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60890215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_CHAL_TARGET_INFO
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
  NTLMSSP: Set final flags:
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2004/06/09 15:14:11, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2004/06/09 15:14:11, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup(854)
  SPNEGO login failed: Logon failure
[2004/06/09 15:14:11, 1] libsmb/cliconnect.c:cli_full_connection(1461)
  failed session setup with NT_STATUS_LOGON_FAILURE
Could not connect to server GXTPDC
The username or password was not correct.
[2004/06/09 15:14:11, 2] utils/net.c:main(792)
  return code = 1

I've already set Administrator's password with *smbpasswd *and 
*smbldap-password.pl *but I still cannot authenticate.  Anonymous access 
(e.g. *smbclient -L localhost -U%*) works fine so it seems that there is 
something wrong with the LDAP SAM.  I am using the same LDAP directory 
to authenticate linux clients and provide autofs maps and everything is 
working fine... except for Samba.  Has anyone else encountered this 
problem?  Tridge, Terpstra, Allison, are you out there?

I have torn down the LDAP/Samba stack several times and rebuilt it from 
scratch.  I get the same behavior every time.
I am running on SuSE 9.1 using openldap 2.2.6 and samba 3.0.4 (SuSE 
packages).    Thanks in advance!

--aaron

More information about the samba mailing list