[Samba] Windows Server 2003 SP1 Issues (3.0.15pre2)
William R. Lorenz
wrl at express.org
Thu Apr 28 05:50:59 GMT 2005
Hi All,
I'm running into some issues accessing a Samba server that's in turn
authenticating against a Win2k3-SP1 domain controller (security=ads). I
understand there were some known issues corrected in a patch, and I'm
currently running 3.0.15pre2, which I understand includes that patch.
(http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch)
All was working fine before the Win2k3 server was upgraded with the SP1
service pack. The `net ads join`, `wbinfo -t`, `wbinfo -u`, `wbinfo -p`,
`getent passwd`, and `getent group` commands all still work fine, but
users can't authenticate against the Samba box and view available shares.
For example, here's a local smbclient connection from the local console:
[root at linux-test samba]# smbclient -L 192.168.0.52 -U polorx
added interface ip=192.168.0.52 bcast=192.168.0.255 nmask=255.255.255.0
Client started (version 3.0.15pre2).
Connecting to 192.168.0.52 at port 445
Password:
Doing spnego session setup (blob length=112)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=linux-test$@TCB.INTERNAL
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
[root at linux-test samba]#
I have attached the Samba server's configuration file, and I can also
provide detailed logs upon request. Does anyone have any ideas on this?
Thanks, in advance, for any insights you can offer!
-- William R. Lorenz <wrl at express.org>
-- http://www.express.org/~wrl/ ; "Every revolution was first
-- a thought in one man's mind." - Ralph Waldo Emerson
-------------- next part --------------
[global]
netbios name = linux-test
workgroup = MFERRY
realm = tcb.internal
server string = linux-test
security = ads
encrypt passwords = Yes
log file = /var/log/samba/%m.log
log level = 10
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = No
os level = 10
preferred master = No
domain master = No
dns proxy = No
hosts allow = 192.168.
password server = 192.168.0.239
interfaces = 192.168.0.52
bind interfaces only = yes
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
add share command = /usr/local/samba/bin/share.pl
change share command = /usr/local/samba/bin/share.pl
delete share command = /usr/local/samba/bin/share.pl
admin users = @MFERRY+Administrators
announce as = "NT Server"
announce version = 9.3
blocking locks = yes
browse list = yes
deadtime = 15
debug timestamp = yes
debug hires timestamp = yes
debug pid = yes
default service = public
dont descend = /proc,/dev,/tmp,/usr
getwd cache = yes
hide dot files = yes
invalid users = root shutdown halt service mysql apache rpm
kernel oplocks = yes
load printers = no
locking = yes
max disk size = 5000
message command = /var/log/samba "%s" "%t" "%f" &
nt acl support = yes
nt pipe support = yes
null passwords = no
obey pam restrictions = yes
strict allocate = yes
winbind separator = +
winbind cache time = 10
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/false
template homedir = /home/%U
More information about the samba
mailing list