[Samba] Authentication in trusded domain

Šopík Bronislav xsopik00 at stud.fit.vutbr.cz
Tue Oct 12 16:47:42 GMT 2004 

Hi,

I have two servers, servera (DOMAINA) and serverb (DOMAINB). I have made a trust
between this domain. But I try logon computer from domaina as user for domainb,
the log in serverb wrotes me that a authentication was succeded:

[2004/10/12 17:19:19, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620)
  SAM Logon (Network). Domain:[DOMAINB].  User:[bronasek@\\XP1] Requested
Domain:[DOMAINB]
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[DOMAINB]\[bronasek]@[XP1] with the new password interface
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [DOMAINB]\[bronasek]@[XP1]
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [bronasek] succeeded
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [bronasek] -> [bronasek] ->
[bronasek] succeeded
[2004/10/12 17:19:19, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 4844
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 10 of length 45
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
  switch message SMBclose (pid 727) conn 0x83d6950
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 11 of length 43
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
  switch message SMBulogoffX (pid 727) conn 0x0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/reply.c:reply_ulogoffX(1255)
  ulogoffX vuid=100
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 12 of length 45
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
  switch message SMBclose (pid 727) conn 0x83d6950
[2004/10/12 17:19:19, 2] smbd/uid.c:change_to_user(219)
  change_to_user: Invalid vuid used 100 in accessing share IPC$.
[2004/10/12 17:19:19, 3] smbd/error.c:error_packet(145)
  error packet at smbd/process.c(941) cmd=4 (SMBclose) eclass=2 ecode=91
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 13 of length 39 

 but the servera wrotes me this:

[2004/10/12 17:41:39, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541)
  api_rpcTNP: rpc command: NET_SAMLOGON
[2004/10/12 17:41:39, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
  SAM Logon (Interactive). Domain:[DOMAINA].  User:[bronasek at XP1] Requested
Domain:[DOMAINB]
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[DOMAINB]\[bronasek]@[XP1] with the new password interface
[2004/10/12 17:41:39, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [DOMAINB]\[bronasek]@[XP1]
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
  rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
[2004/10/12 17:41:39, 3] libsmb/cliconnect.c:cli_start_connection(1376)
  Connecting to host=SERVERB
[2004/10/12 17:41:39, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.100.11 at port 445
[2004/10/12 17:41:39, 3] auth/auth_util.c:make_server_info_info3(1114)
  User bronasek does not exist, trying to add it
[2004/10/12 17:41:39, 0] auth/auth_util.c:make_server_info_info3(1122)
  make_server_info_info3: pdb_init_sam failed!
[2004/10/12 17:41:39, 0] libsmb/samlogon_cache.c:netsamlogon_cache_store(123)
  netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write!
[2004/10/12 17:41:39, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [bronasek] -> [bronasek] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/10/12 17:41:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 6274 

 and i don't uderstand them, netsamlogon_cache.tdb I have not fined on server.

Here are my smb.conf:
 [global]
    workgroup = DOMAINA
    netbios name = SERVERA
    security = user
    passdb backend = tdbsam:/var/lib/samba/passdb.tdb
    local master = yes
    domain logons = yes
    os level = 33
    domain master = yes
    preferred master = yes
    log level = 3
    allow trusted domains = yes
 winbind separator = +
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
 [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    read only = yes
 [Documents]
    comment = Dokumenty
    path = /export/documents
    writeable = yes
    browseable = yes
    guest ok = yes


 [global]
    workgroup = DOMAINB
    netbios name = SERVERB
    security = user
    passdb backend = tdbsam:/var/lib/samba/passdb.tdb
    local master = yes
    domain logons = yes
    os level = 33
    domain master = yes
    preferred master = yes
    log level = 3
    allow trusted domains = yes
 winbind separator = +
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
 [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    read only = yes
 [Documents]
    comment = Dokumenty
    path = /export/documents
    writeable = yes
    browseable = yes
    guest ok = yes

 Need I a winbind for authenticate user from other domain or no???

 Thank you for your help

Best regards,
      Sopik Bronislav

More information about the samba mailing list