[Samba] Trust between two samba

Thomas Werner werner at esmt.org
Wed Nov 3 10:44:01 GMT 2004 

i increased the debug level and found, that the ntlm password of trusting 
account is wrong, how can i fix this?

 check_ntlm_password:  Authentication for user [BERLIN$] -> [BERLIN$] 
FAILED with error NT_STATUS_WRONG_PASSWORD

log output....

[2004/11/03 12:07:56, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [o=munich,dc=foo,dc=org], filter => 
[(&(&(uid=BERLIN$)(objectClass=sambaSamAccount))(objectclass=sambaSamAccount))], 
scope => [2]
[2004/11/03 12:07:56, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
  init_sam_from_ldap: Entry found for user: BERLIN$
[2004/11/03 12:07:56, 5] passdb/login_cache.c:login_cache_init(41)
  Opening cache file at /usr/local/samba-3.0.6/var/locks/login_cache.tdb
[2004/11/03 12:07:56, 7] passdb/login_cache.c:login_cache_read(83)
  Looking up login cache for user BERLIN$
[2004/11/03 12:07:56, 7] passdb/login_cache.c:login_cache_read(97)
  No cache entry found
[2004/11/03 12:07:56, 9] passdb/pdb_ldap.c:init_sam_from_ldap(804)
  No cache entry, bad count = 0, bad time = 0
[2004/11/03 12:07:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/11/03 12:07:56, 4] libsmb/ntlm_check.c:ntlm_password_check(322)
  ntlm_password_check: Checking NT MD4 password
[2004/11/03 12:07:56, 3] libsmb/ntlm_check.c:ntlm_password_check(340)
  ntlm_password_check: NT MD4 password check failed for user BERLIN$
[2004/11/03 12:07:56, 9] 
passdb/passdb.c:pdb_update_bad_password_count(2277)
  No bad password attempts.
[2004/11/03 12:07:56, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [BERLIN$] FAILED with 
error NT_STATUS_WRONG_PASSWORD
[2004/11/03 12:07:56, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [MUNICH] was 
for this SAM.
[2004/11/03 12:07:56, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [BERLIN$] -> [BERLIN$] 
FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/11/03 12:07:56, 5] auth/auth_util.c:free_user_info(1306)
  attempting to free (and zero) a user_info structure
[2004/11/03 12:07:56, 6] lib/util_sock.c:write_socket(449)
  write_socket(24,114)
[2004/11/03 12:07:56, 6] lib/util_sock.c:write_socket(452)
  write_socket(24,114) wrote 114
[2004/11/03 12:07:56, 3] smbd/process.c:timeout_processing(1332)
  timeout_processing: End of file from client (client has disconnected).
[2004/11/03 12:07:56, 5] lib/gencache.c:gencache_shutdown(88)
  Closing cache file
[2004/11/03 12:07:56, 5] libsmb/namecache.c:namecache_shutdown(79)
  namecache_shutdown: netbios namecache closed successfully.
[2004/11/03 12:07:56, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/11/03 12:07:56, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2004/11/03 12:07:56, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2004/11/03 12:07:56, 5] smbd/uid.c:change_to_root_user(295)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2004/11/03 12:07:56, 2] smbd/server.c:exit_server(571)
  Closing connections
[2004/11/03 12:07:56, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to 
[2004/11/03 12:07:56, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does not 
exist.
[2004/11/03 12:07:56, 5] smbd/oplock.c:receive_local_message(107)
  receive_local_message: doing select with timeout of 1 ms
[2004/11/03 12:07:56, 3] smbd/server.c:exit_server(614)
  Server exit (normal exit)

samba-bounces+werner=foo.org at lists.samba.org wrote on 03.11.2004 10:47:26:

> hi,
> 
> I want to make trust between two Samba domains BERLIN and MUNICH. I have 

> setup the trusting accounts on both machines and get the following 
output:
> 
> BERLIN PDC2 (net rpc trustdom list)
> Trusted domains list:
> none
> Trusting domains list:
> MUNICH         S-1-5-21-3721446601-1596180916-2001326887
> 
> BERLIN PDC1 LDAP entry
> dn: uid=MUNICH$,sambaDomainName=BERLIN,ou=samba,o=berlin,dc=foo,dc=foo
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSAMAccount
> uid: MUNICH$
> cn: MUNICH$
> uidNumber: 20254
> gidNumber: 100
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Munich
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [I          ]
> sambaSID: S-1-5-21-1097058062-1980963795-1926144585-41510
> sambaPrimaryGroupSID: S-1-5-21-1097058062-1980963795-1926144585-0
> sambaPwdLastSet: 1099396376
> sambaPwdCanChange: 1099396376
> sambaLMPassword: 1D8478A7A4356C1E064C1222EF6B7213
> sambaNTPassword: A81CF52120D8AFF06E2302B63B18C1B3
> 
> MUNICH PDC (net rpc trustdom list)
> Trusted domains list:
> none
> Trusting domains list:
> BERLIN         S-1-5-21-1097058062-1980963795-1926144585
> 
> MUNICH LDAP entry
> dn: uid=BERLIN$,sambaDomainName=MUNICH,ou=samba,o=munich,dc=foo,dc=foo
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSAMAccount
> uid: BERLIN$
> cn: BERLIN$
> uidNumber: 20255
> gidNumber: 100
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Berlin
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [I          ]
> sambaSID: S-1-5-21-3721446601-1596180916-2001326887-41508
> sambaPrimaryGroupSID: S-1-5-21-3721446601-1596180916-2001326887-0
> sambaPwdLastSet: 1099396363
> sambaPwdCanChange: 1099396363
> sambaLMPassword: 8A38C8AF81EC51ED27F6F0EF4DF14322
> sambaNTPassword: 563AEC08AA9A12AC304A813719EC882D
> 
> but with "net  rpc trustdom establish MUNICH" on BERLIN PDC2 i get the 
> following error:
> Password: (i typed the password for the root account, on both domains is 

> the same)
> Could not connect to server PDC1
> The username or password was not correct.
> [2004/11/03 10:27:44, 0] utils/net_rpc.c:rpc_trustdom_establish(3075)
>   Couldn't verify trusting domain account. Error was 
> NT_STATUS_LOGON_FAILURE
> 
> on the ldapserver i got no error, samba founds the trusting account. 
both 
> pdc machines uses the same windows 2003 wins server, which is a machine 
> member account of berlin. what i forgot? is there a hint or i have to 
use 
> another password?
> 
> thx tom
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list