[Samba] can join but unable to login to the domain + ldap account problems

Adi Nugraha adi at westindo.co.id
Thu Jan 13 11:28:18 GMT 2005 

after setting up a PDC with ldap according to the book samba 3 by example,
almost everything worked out  fine, the validations listed in the books
turned out as expected with minor differences, but these are the problems :

1. According to the book the account that can be used to join a domain is
the Administrator account with the password set from the ldap admin dn which
is secret is my installation,but I was unable to join the domain with the
account, not even just to see the shares, something like wrong password,
when I look at the log it seem the Administrator is mapped to root, which
has a different password in the linux, does this matter? in the end I tried
creating a new Account with 0 uid to join the domain (let's call it
__admin__ ), and it worked, but I still would like to know why the
Administrator account didn't work,

2. A W2k workstation can join the domain with the __admin__ account , but
after reboot It can't login with any User name, not even with the account
that succesfully joined the workstation the error message is 'The system
cannot log you o now because the domain is not available, I am able to see
the shares with the __admin__ Account, but not with any other accounts (
even newly created ones)

3. when trying to net rpc join the samba box itself it returned
     Unable to join domain VALHALLA.

and when I tried smbclient -L localhost

Anonymous login successful
Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME

but when I tried smbclient //valkyrie/user -Uuser%1234 it wored just fine of
course the administrator password still didn't work

this is the level 1 log :

[2005/01/13 13:03:09, 0] smbd/service.c:make_connection_snum(620)
  '/root/tmp' does not exist or is not a directory, when connecting to
[IPC$]

and this is the level 2 log :

[2005/01/13 13:13:19, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/01/13 13:13:19, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/01/13 13:13:19, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 546
[2005/01/13 13:13:19, 0] smbd/service.c:make_connection_snum(620)
  '/root/tmp' does not exist or is not a directory, when connecting to
[IPC$]


and the level 3 log :

[2005/01/13 13:16:12, 3] smbd/process.c:process_smb(1092)
  Transaction 1 of length 137
[2005/01/13 13:16:12, 3] smbd/process.c:switch_message(887)
  switch message SMBnegprot (pid 3842) conn 0x0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LANMAN1.0]
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [Windows for Workgroups 3.1a]
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LM1.2X002]
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LANMAN2.1]
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [NT LM 0.12]
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_nt1(333)
  using SPNEGO
[2005/01/13 13:16:12, 3] smbd/negprot.c:reply_negprot(549)
  Selected protocol NT LM 0.12
[2005/01/13 13:16:12, 3] smbd/process.c:process_smb(1092)
  Transaction 2 of length 202
[2005/01/13 13:16:12, 3] smbd/process.c:switch_message(887)
  switch message SMBsesssetupX (pid 3842) conn 0x0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc807
[2005/01/13 13:16:12, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
  Got secblob of size 32
[2005/01/13 13:16:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xc0008297
[2005/01/13 13:16:12, 3] smbd/process.c:process_smb(1092)
  Transaction 3 of length 232
[2005/01/13 13:16:12, 3] smbd/process.c:switch_message(887)
  switch message SMBsesssetupX (pid 3842) conn 0x0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc807
[2005/01/13 13:16:12, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2005/01/13 13:16:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
PrimaryDomain=[]
[2005/01/13 13:16:12, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
  Got user=[] domain=[] workstation=[VPC1] len1=1 len2=0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user []\[]@[VPC1]
with the new password interface
[2005/01/13 13:16:12, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [VALHALLA]\[]@[VPC1]
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
  init_group_from_ldap: Entry found for group: 546
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: guest authentication for user [] succeeded
[2005/01/13 13:16:12, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/01/13 13:16:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x40008295
[2005/01/13 13:16:12, 3] smbd/password.c:register_vuid(222)
  User name: nobody     Real name: nobody
[2005/01/13 13:16:12, 3] smbd/password.c:register_vuid(241)
  UNIX uid 65534 is UNIX user nobody, and will be vuid 100
[2005/01/13 13:16:12, 3] smbd/process.c:process_smb(1092)
  Transaction 4 of length 86
[2005/01/13 13:16:12, 3] smbd/process.c:switch_message(887)
  switch message SMBtconX (pid 3842) conn 0x0
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/service.c:make_connection_snum(472)
  Connect path is '/root/tmp' for service [IPC$]
[2005/01/13 13:16:12, 3] lib/util_seaccess.c:se_access_check(251)
[2005/01/13 13:16:12, 3] lib/util_seaccess.c:se_access_check(252)
  se_access_check: user sid is S-1-5-21-445313069-670739273-3497575158-501
  se_access_check: also S-1-5-21-445313069-670739273-3497575158-514
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-32-546
  se_access_check: also S-1-5-21-445313069-670739273-3497575158-546
  se_access_check: also S-1-5-21-445313069-670739273-3497575158-132069
[2005/01/13 13:16:12, 3] smbd/vfs.c:vfs_init_default(203)
  Initialising default vfs hooks
[2005/01/13 13:16:12, 3] lib/util_seaccess.c:se_access_check(251)
[2005/01/13 13:16:12, 3] lib/util_seaccess.c:se_access_check(252)
  se_access_check: user sid is S-1-5-21-445313069-670739273-3497575158-501
  se_access_check: also S-1-5-21-445313069-670739273-3497575158-514
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-32-546
  se_access_check: also S-1-5-21-445313069-670739273-3497575158-546
  se_access_check: also S-1-5-21-445313069-670739273-3497575158-132069
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 0] smbd/service.c:make_connection_snum(620)
  '/root/tmp' does not exist or is not a directory, when connecting to
[IPC$]
[2005/01/13 13:16:12, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/13 13:16:12, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to IPC$
[2005/01/13 13:16:12, 3] smbd/error.c:error_packet(105)
  error string = Permission denied
[2005/01/13 13:16:12, 3] smbd/error.c:error_packet(129)
  error packet at smbd/reply.c(416) cmd=117 (SMBtconX)
NT_STATUS_BAD_NETWORK_NAME


anyone understand anything from this log ??? if you need the smb.conf file
or anything just tell me, Sorry if it's a repeated question, I tried
googling but didn't find any real solution, there was something about
changing the reg is windows, but I'd like to avoid doing that to every
computer that need to join,


Thanks


Adi

More information about the samba mailing list