[Samba] Re: Authentification in windows ads 2003

Benoit Moeremans benoit.moeremans at nectarine.be
Thu Jun 10 14:35:15 GMT 2004


I found something very intresting about the encryptions type with kerberos
and w2k3 issues.

"The Microsoft Windows Server 2003 Key Distribution Center (KDC) uses the
strongest encryption type (etype) available to encrypt service tickets. If a
client requests etype DES-CBC-CRC, the KDC encrypts tickets with
RC4_HMAC_NT. If the client does not understand this etype, the service
ticket is unusable. "

http://support.microsoft.com/default.aspx?scid=kb;en-us;833708


However, i have no more error msg in the logs, but i still cannot access to
the linux's share. Everything is successful in the event viewer of the
domain controller

Here are the logs (i put in lvl 5 for logging):

*log.smbd*

[2004/06/10 16:31:12, 5] libsmb/trustdom_cache.c:trustdom_cache_store(125)
  trustdom_store: storing SID S-1-5-21-3240427509-3552638280-2529748619 of
domain ZSCARDS
rantanplan:/usr/share/krb5# tail -n 50 /var/log/samba/log.smbd
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option IPTOS_LOWDELAY = 0
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option IPTOS_THROUGHPUT = 0
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option SO_SNDBUF = 16384
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option SO_RCVBUF = 87380
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option SO_SNDLOWAT = 1
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option SO_RCVLOWAT = 1
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option SO_SNDTIMEO = 0
[2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130)
  socket option SO_RCVTIMEO = 0
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_context_list(763)
  Trying to load: tdbsam
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend ldapsam
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'ldapsam'
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend ldapsam_compat
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'ldapsam_compat'
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend smbpasswd
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'smbpasswd'
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend tdbsam
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'tdbsam'
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend guest
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'guest'
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(648)
  Attempting to find an passdb backend to match tdbsam (tdbsam)
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend tdbsam
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend tdbsam has a valid init
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(648)
  Attempting to find an passdb backend to match guest (guest)
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend guest
[2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend guest has a valid init

*winbind*

[2004/06/10 16:35:01, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [ 1164]: request interface version
[2004/06/10 16:35:01, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [ 1164]: request location of privileged pipe
[2004/06/10 16:35:01, 5] nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 18, pid 1164: EOF
[2004/06/10 16:35:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1003)
  [ 1164]: getgroups root
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_context_list(763)
  Trying to load: tdbsam
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend ldapsam
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'ldapsam'
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend ldapsam_compat
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'ldapsam_compat'
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend smbpasswd
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'smbpasswd'
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend tdbsam
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'tdbsam'
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93)
  Attempting to register passdb backend guest
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106)
  Successfully added passdb backend 'guest'
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_methods_name(648)
  Attempting to find an passdb backend to match tdbsam (tdbsam)
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend tdbsam
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend tdbsam has a valid init
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_methods_name(648)
  Attempting to find an passdb backend to match guest (guest)
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_methods_name(669)
  Found pdb backend guest
[2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_methods_name(672)
  pdb backend guest has a valid init
[2004/06/10 16:35:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032)
  user 'root' does not exist
[2004/06/10 16:35:01, 5] nsswitch/winbindd.c:winbind_client_read(465)
  read failed on sock 19, pid 1164: EOF

*log.nmbd*

[2004/06/10 16:35:47, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
  find_workgroup_on_subnet: workgroup search for ZSCARDS on subnet
192.168.1.15: found.
[2004/06/10 16:35:47, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271)
  dump_workgroups()
   dump workgroup on subnet    192.168.1.15: netmask=  255.255.255.0:
        ZSCARDS(1) current master browser = ZSCARDS-PDC
                RANTANPLAN 40019b03 (rantanplan server (Samba 3.0.4))
                ZSCARDS-PDC 4084102b ()
[2004/06/10 16:35:57, 4]
nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(162)
  find_workgroup_on_subnet: workgroup search for ZSCARDS on subnet
192.168.1.15: found.
[2004/06/10 16:35:57, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(271)
  dump_workgroups()
   dump workgroup on subnet    192.168.1.15: netmask=  255.255.255.0:
        ZSCARDS(1) current master browser = ZSCARDS-PDC
                RANTANPLAN 40019b03 (rantanplan server (Samba 3.0.4))
                ZSCARDS-PDC 4084102b ()


Any hope to see that working?

Benoit






----- Original Message -----
From: "Benoit Moeremans" <benoit.moeremans at nectarine.be>
To: <samba at lists.samba.org>
Sent: Thursday, June 10, 2004 12:04 PM
Subject: [Samba] Re: Authentification in windows ads 2003


> I commented the following lines in the krb5.conf
>
> #       default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> #       default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> #       permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>
>
> The problem is still the same.
>
>
> After i tried to log in the share of samba, i get in the smbd log:
>
>   smbd version 3.0.4 started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2004
> [2004/06/10 12:00:35, 0] lib/util_sock.c:get_peer_addr(978)
>   getpeername failed. Error was Transport endpoint is not connected
>
> and in the winbindd.log
>
>  winbindd version 3.0.4 started.
>   Copyright The Samba Team 2000-2004
> [2004/06/10 12:00:16, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
>   Added domain CAR CAR.BE.ZETES.COM.LOCAL S-0-0
> [2004/06/10 12:00:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306)
>   krb5_cc_get_principal failed (No credentials cache found)
> [2004/06/10 12:00:17, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
>   Added domain BUILTIN  S-1-5-32
> [2004/06/10 12:00:17, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
>   Added domain RANTANPLAN  S-1-5-21-837388855-3362161430-1770541169
> [2004/06/10 12:05:01, 1]
nsswitch/winbindd_group.c:winbindd_getgroups(1032)
>   user 'root' does not exist
>
> Any idea?
>
> Thnx
>
> Benoit
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>



More information about the samba mailing list