[Samba] Problem with domain membership
Jochen Witte
devnull at alpha-lab.net
Mon Mar 21 15:09:59 GMT 2005
One update: when trying security=server on the fileserver side, I can
log on to the fileserver. But i do not want security=server! Any hints
out there?
Regards
Jochen
Am Samstag, den 19.03.2005, 13:11 +0100 schrieb Jochen Witte:
> Hello,
>
> I have a Samba 3.0.11/LDAP-Backend PDC configured and I am able to join
> all kinds of machines quite well. However my Samba 2.2.12 Linux
> Fileserver is just able to join the domain:
>
> ---snip---
>
> [573]root at hal/opt/samba> smbpasswd -j <Domainname> -r <PDC Name> -U
> Administrator
> Password:
> Joined domain <Domainname>
> ---snip---
>
> When I now try to access my Fileserver with a valid PDC account, I get:
>
> ---snip---
> [575]root at hal/opt/samba> /opt/samba/bin/smbclient -L //hal -U jwitte -W
> <Domainname> -d4
> Serverzone is 0
> Initialising global parameters
> params.c:pm_process() - Processing configuration file
> "/opt/samba-2.2.12/lib/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = <Domainname>
> doing parameter netbios name = HAL
> handle_netbios_name: set global_myname to: HAL
> doing parameter server string = Samba 2.2.12 on HAL
> doing parameter log file = /var/log/samba/%m-log.smbd
> doing parameter lock dir = /var/lock/samba
> doing parameter template homedir = /home/%U
> doing parameter guest account = ftp
> doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY
> SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE
> doing parameter kernel oplocks = yes
> doing parameter log level = 4
> doing parameter debuglevel = 4
> doing parameter security = domain
> doing parameter encrypt passwords = yes
> doing parameter password server = *
> doing parameter os level = 33
> doing parameter local master = no
> doing parameter wins server = 10.128.0.24
> wins_srv_load_list(): Building WINS server list:
> 10.128.0.24,
> 1 WINS server listed.
> doing parameter dns proxy = no
> pm_process() returned Yes
> added interface ip=10.128.0.23 bcast=10.128.0.255 nmask=255.255.255.0
> Client started (version 2.2.12).
> resolve_lmhosts: Attempting lmhosts lookup for name hal<0x20>
> resolve_hosts: Attempting host lookup for name hal<0x20>
> Connecting to 10.128.0.23 at port 139
> session request ok
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> ---snip---
>
> On the PDC side I get the following:
>
> ---snip---
>
> [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1345)
> open_oplock_ipc: opening loopback UDP socket.
> [2005/03/19 13:08:22, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks
> (303)
> Linux kernel oplocks enabled
> [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1376)
> open_oplock ipc: pid = 349, global_oplock_port = 36763
> [2005/03/19 13:08:22, 4] lib/time.c:get_serverzone(122)
> Serverzone is -3600
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 0 of length 168
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBnegprot (pid 349) conn 0x0
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
> Requested protocol [PC NETWORK PROGRAM 1.0]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
> Requested protocol [MICROSOFT NETWORKS 1.03]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
> Requested protocol [MICROSOFT NETWORKS 3.0]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
> Requested protocol [LANMAN1.0]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
> Requested protocol [LM1.2X002]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
> Requested protocol [Samba]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_nt1(327)
> not using SPNEGO
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(555)
> Selected protocol NT LANMAN 1.0
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 1 of length 92
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBsesssetupX (pid 349) conn 0x0
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
> wct=13 flg2=0xc001
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789)
> Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804)
> sesssetupX:name=[]\[]@[10.128.0.23]
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:check_guest_password(116)
> Got anonymous request
> [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(219)
> check_ntlm_password: Checking password for unmapped user []\[]@[]
> with the new password interface
> [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(222)
> check_ntlm_password: mapped user is: []\[]@[]
> [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(268)
> check_ntlm_password: guest authentication for user [] succeeded
> [2005/03/19 13:08:22, 3] smbd/password.c:register_vuid(222)
> User name: nobody Real name: Nobody
> [2005/03/19 13:08:22, 3] smbd/password.c:register_vuid(241)
> UNIX uid 99 is UNIX user nobody, and will be vuid 100
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 2 of length 88
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBtconX (pid 349) conn 0x0
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 4] smbd/reply.c:reply_tcon_and_X(407)
> Client requested device type [IPC] for share [IPC$]
> [2005/03/19 13:08:22, 3] smbd/service.c:make_connection_snum(469)
> Connect path is '/tmp' for service [IPC$]
> [2005/03/19 13:08:22, 4] rpc_server/srv_srvsvc_nt.c:get_share_security
> (217)
> get_share_security: using default secdesc for IPC$
> [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(251)
> [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(252)
> se_access_check: user sid is
> S-1-5-21-1790986081-3911417905-1778689532-501
> se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-514
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-32-546
> se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-1199
> [2005/03/19 13:08:22, 3] smbd/vfs.c:vfs_init_default(206)
> Initialising default vfs hooks
> [2005/03/19 13:08:22, 4] rpc_server/srv_srvsvc_nt.c:get_share_security
> (217)
> get_share_security: using default secdesc for IPC$
> [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(251)
> [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(252)
> se_access_check: user sid is
> S-1-5-21-1790986081-3911417905-1778689532-501
> se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-514
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-32-546
> se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-1199
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/service.c:make_connection_snum(645)
> 10.128.0.23 (10.128.0.23) connect to service IPC$ initially as user
> nobody (uid=99, gid=99) (pid 349)
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/reply.c:reply_tcon_and_X(455)
> tconX service=IPC$
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 3 of length 108
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBntcreateX (pid 349) conn 0x8353600
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 4] smbd/vfs.c:vfs_ChDir(657)
> vfs_ChDir to /tmp
> [2005/03/19 13:08:22, 4] smbd/nttrans.c:nt_open_pipe(497)
> nt_open_pipe: Opening pipe \NETLOGON.
> [2005/03/19 13:08:22, 3] smbd/nttrans.c:nt_open_pipe(514)
> nt_open_pipe: Known pipe NETLOGON opening.
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178)
> Open pipe requested NETLOGON (pipes_open=0)
> [2005/03/19 13:08:22, 4]
> rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278)
> Create pipe requested NETLOGON
> [2005/03/19 13:08:22, 4]
> rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370)
> Created internal pipe NETLOGON (pipes_open=0)
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257)
> Opened pipe NETLOGON with handle 776b (pipes_open=1)
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 4 of length 158
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBtrans (pid 349) conn 0x8353600
> [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194)
> change_to_user: Skipping user change - already user
> [2005/03/19 13:08:22, 3] smbd/ipc.c:reply_trans(539)
> trans <\PIPE\> data=72 params=0 setup=2
> [2005/03/19 13:08:22, 3] smbd/ipc.c:named_pipe(334)
> named pipe command on <> name
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168)
> search for pipe pnum=776b
> [2005/03/19 13:08:22, 3] smbd/ipc.c:api_fd_reply(294)
> Got API command 0x26 on pipe "NETLOGON" (pnum 776b)
> [2005/03/19 13:08:22, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
> api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
> [2005/03/19 13:08:22, 3] rpc_server/srv_pipe.c:check_bind_req(762)
> check_bind_req for \PIPE\NETLOGON
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 5 of length 182
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBtrans (pid 349) conn 0x8353600
> [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194)
> change_to_user: Skipping user change - already user
> [2005/03/19 13:08:22, 3] smbd/ipc.c:reply_trans(539)
> trans <\PIPE\> data=96 params=0 setup=2
> [2005/03/19 13:08:22, 3] smbd/ipc.c:named_pipe(334)
> named pipe command on <> name
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168)
> search for pipe pnum=776b
> [2005/03/19 13:08:22, 3] smbd/ipc.c:api_fd_reply(294)
> Got API command 0x26 on pipe "NETLOGON" (pnum 776b)
> [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context
> (542)
> free_pipe_context: destroying talloc pool of size 0
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531)
> api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL
> [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context
> (542)
> free_pipe_context: destroying talloc pool of size 34
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 6 of length 210
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBtrans (pid 349) conn 0x8353600
> [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194)
> change_to_user: Skipping user change - already user
> [2005/03/19 13:08:22, 3] smbd/ipc.c:reply_trans(539)
> trans <\PIPE\> data=124 params=0 setup=2
> [2005/03/19 13:08:22, 3] smbd/ipc.c:named_pipe(334)
> named pipe command on <> name
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168)
> search for pipe pnum=776b
> [2005/03/19 13:08:22, 3] smbd/ipc.c:api_fd_reply(294)
> Got API command 0x26 on pipe "NETLOGON" (pnum 776b)
> [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context
> (542)
> free_pipe_context: destroying talloc pool of size 0
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531)
> api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:push_sec_ctx(256)
> push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
> [2005/03/19 13:08:22, 3] smbd/uid.c:push_conn_ctx(365)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/03/19 13:08:22, 3] lib/smbldap.c:smbldap_open_connection(680)
> StartTLS issued: using a TLS connection
> [2005/03/19 13:08:22, 2] lib/smbldap.c:smbldap_open_connection(692)
> smbldap_open_connection: connection opened
> [2005/03/19 13:08:22, 3] lib/smbldap.c:smbldap_check_root_dse(1477)
> smbldap_check_root_dse: Expected one rootDSE, got 0
> [2005/03/19 13:08:22, 3] lib/smbldap.c:smbldap_connect_system(866)
> ldap_connect_system: succesful connection to the LDAP server
> ldap_connect_system: LDAP server does not support paged results
> [2005/03/19 13:08:22, 4] lib/smbldap.c:smbldap_open(919)
> The LDAP server is succesfully connected
> [2005/03/19 13:08:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(512)
> init_sam_from_ldap: Entry found for user: hal$
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 4] libsmb/credentials.c:cred_session_key(59)
> cred_session_key
> [2005/03/19 13:08:22, 4] libsmb/credentials.c:cred_create(90)
> cred_create
> [2005/03/19 13:08:22, 4] libsmb/credentials.c:cred_assert(121)
> cred_assert
> [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context
> (542)
> free_pipe_context: destroying talloc pool of size 44
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 7 of length 45
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBclose (pid 349) conn 0x8353600
> [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194)
> change_to_user: Skipping user change - already user
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168)
> search for pipe pnum=776b
> [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd
> (1081)
> closed pipe name NETLOGON pnum=776b (pipes_open=0)
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
> Transaction 8 of length 43
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
> switch message SMBulogoffX (pid 349) conn 0x0
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/reply.c:reply_ulogoffX(1248)
> ulogoffX vuid=100
> [2005/03/19 13:08:22, 3] smbd/process.c:timeout_processing(1334)
> timeout_processing: End of file from client (client has disconnected).
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 2] smbd/server.c:exit_server(609)
> Closing connections
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/service.c:close_cnum(833)
> 10.128.0.23 (10.128.0.23) closed connection to service IPC$
> [2005/03/19 13:08:22, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to IPC$
> [2005/03/19 13:08:22, 4] smbd/vfs.c:vfs_ChDir(657)
> vfs_ChDir to /
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to
> [2005/03/19 13:08:22, 3] smbd/server.c:exit_server(652)
> Server exit (normal exit)
> ---snip---
>
>
> This is the relevant part of my smb.conf on the fileserver side:
>
> ---snip---
> [global]
> workgroup = <Domainname>
> netbios name = HAL
> server string = Samba 2.2.12 on HAL
> log file = /var/log/samba/%m-log.smbd
> lock dir = /var/lock/samba
> template homedir = /home/%U
> guest account = ftp
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
> SO_RCVBUF=8192 SO_KEEPALIVE
> kernel oplocks = yes
> log level = 4
> debuglevel = 4
> security = domain
> encrypt passwords = yes
> password server = *
> os level = 33
> local master = no
> wins server = 10.128.0.24
> dns proxy = no
>
> ---snip---
>
>
> If anybody feels able to help, it would be greatly appreciated!
>
> Thanks,
> Jochen
>
>
> --
> Jochen Witte <devnull at alpha-lab.net>
>
>
--
Jochen Witte <devnull at alpha-lab.net>
More information about the samba
mailing list