[Samba] Re: ADS valid users can't map share
Greg Adams
gadams at gmail.com
Tue Nov 9 22:49:44 GMT 2004
On Fri, 22 Oct 2004 18:11:10 -0400, Igor Belyi
<sambauser at katehok.ac93.org> wrote:
I'd guess it's a good idea to check if DNS
> name -> IP -> DNS name gives consistent result on all 3 participants:
> Samba server, XP client, and ADS.
>
> Hope it's not useless,
> Igor
>
Not sure if this covers it:
Samba Server : maul(.ddm.apm.bpm.eds.com)
ADS Server: ucosddm001(.edsadddm.ddm.apm.bpm.eds.com)
WinXP Client: mule(.edsadddm.ddm.apm.bpm.eds.com)
================================================================================
SAMBA SERVER DNS lookups
================================================================================
> maul
Server: uscosddm001
Address: 199.42.192.103
Non-authoritative answer:
Name: maul.DDM.APM.BPM.EDS.COM
Address: 199.42.192.180
# ping -s 199.42.192.180
PING 199.42.192.180: 56 data bytes
64 bytes from maul (199.42.192.180): icmp_seq=0. time=0. ms
> mule.edsadddm.ddm.apm.bpm.eds.com
Server: uscosddm001
Address: 199.42.192.103
Name: mule.edsadddm.ddm.apm.bpm.eds.com
Address: 199.42.192.45
# ping -s 199.42.192.45
PING 199.42.192.45: 56 data bytes
64 bytes from mule (199.42.192.45): icmp_seq=0. time=0. ms
> uscosddm001.edsadddm.ddm.apm.bpm.eds.com
Server: uscosddm001
Address: 199.42.192.103
Name: uscosddm001.edsadddm.ddm.apm.bpm.eds.com
Address: 199.42.192.103
# ping -s 199.42.192.103
PING 199.42.192.103: 56 data bytes
64 bytes from uscosddm001 (199.42.192.103): icmp_seq=0. time=0. ms
================================================================================
ADS SERVER lookups
================================================================================
> maul
Server: uscosddm001
Address: 199.42.192.103
Non-authoritative answer:
Name: maul.DDM.APM.BPM.EDS.COM
Address: 199.42.192.180
> mule
Server: uscosddm001
Address: 199.42.192.103
Name: mule.EDSADDDM.DDM.APM.BPM.EDS.COM
Address: 199.42.192.45
> uscosddm001
Server: uscosddm001
Address: 199.42.192.103
Name: uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM
Address: 199.42.192.103
================================================================================
Windows XP Client lookups
================================================================================
> maul
Server: uscosddm001
Address: 199.42.192.103
Non-authoritative answer:
Name: maul.DDM.APM.BPM.EDS.COM
Address: 199.42.192.180
> mule
Server: uscosddm001
Address: 199.42.192.103
Name: mule.EDSADDDM.DDM.APM.BPM.EDS.COM
Address: 199.42.192.45
> uscosddm001
Server: uscosddm001
Address: 199.42.192.103
Name: uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM
Address: 199.42.192.103
================================================================================
Here's the section of a level 10 log from samba 3.0.7 when connecting
from the Windows XP client, and I think it's here that samba decides
to choose the NT LM protocol. The question is why?
================================================================================
[2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681)
lp_file_list_changed()
file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf last
mod_time: Tue Nov 9 14:21:42 2004
[2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1302)
open_oplock_ipc: opening loopback UDP socket.
[2004/11/09 14:21:57, 10] lib/util_sock.c:open_socket_in(717)
bind succeeded on port 0
[2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1333)
open_oplock ipc: pid = 27221, global_oplock_port = 55305
[2004/11/09 14:21:57, 4] lib/time.c:get_serverzone(122)
Serverzone is 28800
[2004/11/09 14:21:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(505)
got smb length of 133
[2004/11/09 14:21:57, 6] smbd/process.c:process_smb(1091)
got message type 0x0 of len 0x85
[2004/11/09 14:21:57, 3] smbd/process.c:process_smb(1092)
Transaction 0 of length 137
[2004/11/09 14:21:57, 5] lib/util.c:show_msg(439)
[2004/11/09 14:21:57, 5] lib/util.c:show_msg(449)
size=133
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51283
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=98
[2004/11/09 14:21:57, 10] lib/util.c:dump_data(1835)
[000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG
[010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1
[020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for
[030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a.
[040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM
[050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1
[060] 32 00 2.
[2004/11/09 14:21:57, 3] smbd/process.c:switch_message(887)
switch message SMBnegprot (pid 27221) conn 0x0
[2004/11/09 14:21:57, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/11/09 14:21:57, 5] auth/auth_util.c:debug_nt_user_token(486)
NT user token: (NULL)
[2004/11/09 14:21:57, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2004/11/09 14:21:57, 5] smbd/uid.c:change_to_root_user(296)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
Requested protocol [LANMAN1.0]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
Requested protocol [Windows for Workgroups 3.1a]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
Requested protocol [LM1.2X002]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
Requested protocol [LANMAN2.1]
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457)
Requested protocol [NT LM 0.12]
[2004/11/09 14:21:57, 10] lib/util.c:set_remote_arch(1810)
set_remote_arch: Client arch is 'Win2K'
[2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681)
lp_file_list_changed()
file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf last
mod_time: Tue Nov 9 14:21:42 2004
[2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681)
lp_file_list_changed()
file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf last
mod_time: Tue Nov 9 14:21:42 2004
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_nt1(329)
using SPNEGO
[2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(545)
Selected protocol NT LM 0.12
[2004/11/09 14:21:57, 5] smbd/negprot.c:reply_negprot(551)
negprot index=5
================================================================================
Do you think that Samba 3.0.8 would fix the problem? I see that there
are some changes in user mapping concerning NTLM, but I'd rather
figure out why Samba is using that protocol, when I'm convinced it
should be using Kerberos authentication.
Greg
More information about the samba
mailing list