[Samba] Authentication in trusded domain
Šopík Bronislav
xsopik00 at stud.fit.vutbr.cz
Tue Oct 12 16:47:42 GMT 2004
Hi,
I have two servers, servera (DOMAINA) and serverb (DOMAINB). I have made a trust
between this domain. But I try logon computer from domaina as user for domainb,
the log in serverb wrotes me that a authentication was succeded:
[2004/10/12 17:19:19, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620)
SAM Logon (Network). Domain:[DOMAINB]. User:[bronasek@\\XP1] Requested
Domain:[DOMAINB]
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[DOMAINB]\[bronasek]@[XP1] with the new password interface
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [DOMAINB]\[bronasek]@[XP1]
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [bronasek] succeeded
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [bronasek] -> [bronasek] ->
[bronasek] succeeded
[2004/10/12 17:19:19, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 4844
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
Transaction 10 of length 45
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
switch message SMBclose (pid 727) conn 0x83d6950
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
Transaction 11 of length 43
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
switch message SMBulogoffX (pid 727) conn 0x0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/reply.c:reply_ulogoffX(1255)
ulogoffX vuid=100
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
Transaction 12 of length 45
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
switch message SMBclose (pid 727) conn 0x83d6950
[2004/10/12 17:19:19, 2] smbd/uid.c:change_to_user(219)
change_to_user: Invalid vuid used 100 in accessing share IPC$.
[2004/10/12 17:19:19, 3] smbd/error.c:error_packet(145)
error packet at smbd/process.c(941) cmd=4 (SMBclose) eclass=2 ecode=91
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
Transaction 13 of length 39
but the servera wrotes me this:
[2004/10/12 17:41:39, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541)
api_rpcTNP: rpc command: NET_SAMLOGON
[2004/10/12 17:41:39, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
SAM Logon (Interactive). Domain:[DOMAINA]. User:[bronasek at XP1] Requested
Domain:[DOMAINB]
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[DOMAINB]\[bronasek]@[XP1] with the new password interface
[2004/10/12 17:41:39, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [DOMAINB]\[bronasek]@[XP1]
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
[2004/10/12 17:41:39, 3] libsmb/cliconnect.c:cli_start_connection(1376)
Connecting to host=SERVERB
[2004/10/12 17:41:39, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.100.11 at port 445
[2004/10/12 17:41:39, 3] auth/auth_util.c:make_server_info_info3(1114)
User bronasek does not exist, trying to add it
[2004/10/12 17:41:39, 0] auth/auth_util.c:make_server_info_info3(1122)
make_server_info_info3: pdb_init_sam failed!
[2004/10/12 17:41:39, 0] libsmb/samlogon_cache.c:netsamlogon_cache_store(123)
netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write!
[2004/10/12 17:41:39, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [bronasek] -> [bronasek] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/10/12 17:41:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 6274
and i don't uderstand them, netsamlogon_cache.tdb I have not fined on server.
Here are my smb.conf:
[global]
workgroup = DOMAINA
netbios name = SERVERA
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3
allow trusted domains = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes
[global]
workgroup = DOMAINB
netbios name = SERVERB
security = user
passdb backend = tdbsam:/var/lib/samba/passdb.tdb
local master = yes
domain logons = yes
os level = 33
domain master = yes
preferred master = yes
log level = 3
allow trusted domains = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
[Documents]
comment = Dokumenty
path = /export/documents
writeable = yes
browseable = yes
guest ok = yes
Need I a winbind for authenticate user from other domain or no???
Thank you for your help
Best regards,
Sopik Bronislav
More information about the samba
mailing list