[Samba] samba 2.2.11 pass auth to MS SQL7

Maik Holtkamp holtkamp at medical-city.de
Mon Jun 27 07:42:09 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

since some weeks I have a little but annoying problem I want to solve
within comming summer break.

I am using samba 2.2.11 (debian woody, will be sarge after summer
break). It is running in PDC mode and offering file and print services.
Up and running smoothly for years now. It is using standard auth against
/etc/samba/smbpasswd (hostname=fileserver).

Further there is a NT40 server (no PDC) in this domain, running our ERP
(Sage AKA KHK) based on MS-SQL 70 (hostname=khkserver).

To auth the clients against the SQL server we used a checkbox the client
GUI is offering "Use NT-authentification" (translated from DE).

It was working fine for years, too. However, it stoped working some
weeks ago from one day to the next and I can't find why :(.

The ERP service staff had a remote session on the SQL 70 box and found
nothing unusual. I searched the cron-apt logs and found no update. In
spite I prefer to follow "Never touch", I played with the options:

interfaces, bind interfaces only, obey pam restrictions, wins support,
invalid users, host allow/deny

(basicly (un)commenting) without success.

We have a further samba 3.0.14a running on debian sarge for backup
purposes (no PDC setup), but even after stopping samba on that server,
the problem isn't solved :(.

I can map any parts of khkserver to any client without problems. I can
login at the khkserver using whatsoever domain account.

After all I gave up and established plain sql accounts within the MS-SQL
server to keep it working, however, single-sign-on is gone :(.

When I try to use the "Use NT-Authentification" at a client nmbd.log is
comming up with following lines:

- ---cut---
[2005/05/31 17:49:37, 3]
nmbd/nmbd_winsserver.c:wins_process_name_query_request(1354)
  wins_process_name_query: name query for name MEDICAL<1c> from IP 10.0.0.3
[2005/05/31 17:49:37, 3]
nmbd/nmbd_winsserver.c:wins_process_name_query_request(1399)
  wins_process_name_query: name query for name MEDICAL<1c> returning
first IP 10.0.0.10.
[2005/05/31 17:49:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
  process_logon_packet: Logon from 10.0.0.3: code = 0x12
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(210)
  process_logon_packet: SAMLOGON sidsize 24, len = 112
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(217)
  process_logon_packet: len = 112 PTR_DIFF(q, buf) = 104
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(237)
  process_logon_packet: SAMLOGON sidsize 24 ntv 1
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(246)
  process_logon_packet: SAMLOGON user KHKSERVER$
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(253)
  process_logon_packet: SAMLOGON request from KHKSERVER(10.0.0.3) for
KHKSERVER$, returning logon svr \\FILESERVER domain MEDICAL code 13
token=ffff
[2005/05/31 17:49:37, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69)
  process_logon_packet: Logon from 10.0.0.3: code = 0x12
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(210)
  process_logon_packet: SAMLOGON sidsize 24, len = 112
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(217)
  process_logon_packet: len = 112 PTR_DIFF(q, buf) = 104
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(237)
  process_logon_packet: SAMLOGON sidsize 24 ntv 1
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(246)
  process_logon_packet: SAMLOGON user KHKSERVER$
[2005/05/31 17:49:37, 3] nmbd/nmbd_processlogon.c:process_logon_packet(253)
  process_logon_packet: SAMLOGON request from KHKSERVER(10.0.0.3) for
KHKSERVER$, returning logon svr \\FILESERVER domain MEDICAL code 13
token=ffff
- --- cut ---

However, frankly speaking, I can't do anything with it :(.

My global present setup of the 2.2.11 server:

- ---cut---
[global]
        interfaces = eth0 lo 127.0.0.1 10.0.0.10
        bind interfaces only = true
        workgroup = MEDICAL
        server string = %h server (Samba %v)
        encrypt passwords = true
        obey pam restrictions = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        domain admin group = root
        invalid users = root
        time server = Yes
        deadtime = 1
        printcap name = cups
        os level = 99
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        hosts allow = 10.0.0.0/24
        hosts deny = all
        printing = cups
        load printers = yes
        log level = 3
        domain logons = yes
        logon drive   = h:
        logon home = \\%L\%U
        netbios name = fileserver
        logon script = time.bat
        logon path = \\%L\profile\%U
- ---cut---

Any help greatly appreciated. TIA.

- --
- - maik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCv63Rz3bq6aadmI8RAmCOAKDQaYOwRGNjm0pE1FAb3P8V8Rj6KACaA3qp
RnjqrBKxtnkn5mgXkGVIZw0=
=s/gq
-----END PGP SIGNATURE-----

More information about the samba mailing list