[Samba] Problem with domain membership
Jochen Witte
devnull at alpha-lab.net
Tue Mar 22 21:18:07 GMT 2005
OKOK no attachements here. On the PDC side I get:
---snip---
account_policy_get: password history:0
pdb_set_user_sid: setting user sid
S-1-5-21-1790986081-3911417905-1778689532-132098
pdb_set_user_sid_from_rid:
setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 from
rid 132098
pdb_set_group_sid: setting group sid
S-1-5-21-1790986081-3911417905-1778689532-61001
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 from
rid 61001
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[000] 4A 8C 6C 14 69 D1 72 B8 46 71 33 55 75 F8 01 C3 J.l.i.r.
Fq3Uu...
cred_session_key
clnt_chal: E166CA9056B37776
srv_chal : 5EC8E922D299E1CE
clnt+srv : 3F2FB4B3284D5945
sess_key : 629F7453EFF68A4B
cred_create
sess_key : 629F7453EFF68A4B
stor_cred: E166CA9056B37776
timestamp: 0
timecred : E166CA9056B37776
calc_cred: FE38AA70FD16006A
cred_assert
challenge : 4C87E9631DF688E5
calculated: FE38AA70FD16006A
credentials check wrong
000000 net_io_r_auth_2
000000 smb_io_chal
0000 data: c8 d8 ff bf 3b 5f 0e 08
000008 net_io_neg_flags
0008 neg_flags: 400001ff
000c status: NT_STATUS_ACCESS_DENIED
api_rpcTNP: called NETLOGON successfully
free_pipe_context: destroying talloc pool of size 78
write_to_pipe: data_used = 140
read_from_pipe: 712c name: NETLOGON len: 156
read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0,
prs_offset(&p->out_data.rdata) = 16.
---snip---
Am Dienstag, den 22.03.2005, 22:07 +0100 schrieb Jochen Witte:
> Attached are the logs with the according log-level.
>
> ---snip---
> doing parameter workgroup = <DOMAINNAME>
> doing parameter netbios name = HAL
> 000018 smb_io_chal
> 0018 data: c8 d8 ff bf 3b 5f 0e 08
> 000020 net_io_neg_flags
> 0020 neg_flags: 400001ff
> 0024 status: NT_STATUS_ACCESS_DENIED
> cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
> cli_nt_setup_creds: auth2 challenge failed
> connect_to_domain_password_server: unable to setup the PDC credentials
> to machine <PDCHOST>. Ewrite_socket(19,45)
> ---snip---
>
> Do I have a wrong secrets.tdb ? I deleted it completely and then joined
> the domain again (after removing the machine account in my ldap server).
>
> Am Dienstag, den 22.03.2005, 05:07 -0600 schrieb Gerald (Jerry) Carter:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Jochen Witte wrote:
> > | One update: when trying security=server
> > | on the fileserver side, I can log on
> > | to the fileserver. But i do not want
> > | security=server! Any hints out there?
> >
> > You need to look at a level 10 log on the server
> > (and set 'debug timestamp = no' for high debug logs).
> > There's not enough information here to really offer
> > sound advice.
> >
> >
> >
> >
> >
> >
> >
> > cheers, jerry
> > =====================================================================
> > Alleviating the pain of Windows(tm) ------- http://www.samba.org
> > GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
> > "I never saved anything for the swim back." Ethan Hawk in Gattaca
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.5 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFCP/xZIR7qMdg1EfYRAsfVAJ9GqO/9UVgJpgTJmHdODPU+YO2x6gCg3bHl
> > STOznlGLrgKRJuZGUFH0h/E=
> > =Je16
> > -----END PGP SIGNATURE-----
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
Jochen Witte <devnull at alpha-lab.net>
More information about the samba
mailing list