[Samba] Domain Authentication oddities
Eduard Tieseler
etiesele at metrolist.net
Thu Oct 6 17:49:26 GMT 2005
Hello List,
I am running Samba 3.0.10-1.4E on RHEL 4.0. I was able to join this server
to the domain using the 'net ads join' command and it created a machine
account in AD with the name of the server. My issue is that I can
authenticate using domain credentials when I access the server from a
Windows computer using //SMBSERVERNAME/SHARE, however when I access the
server using //SMBSERVERIPADDRESS/SHARE I can not authenticate with domain
credentials, I must use an account local to the SMB Server.
(SMBSERVERNAME/username) Please help me with this issue, I have checked a
fair amount of the archive and google to no avail. I have included snippets
of log files, config files, and some results from commands below: THANKS
FOR THE HELP!!!
Smb.conf:
[global]
realm = metrolist.dmz
security = ADS
workgroup = MTRODMZ
netbios name = FS03
server string = Samba %v on %m
encrypt passwords = Yes
username map = /etc/samba/smbusers
password server = DMZDC02.METROLIST.DMZ
log level = 1
log file = /var/log/samba/%m.log
max log size = 1000
socket options = IPTOS_LOWDELAY TCP_NODELAY
os level = 1
preferred master = False
local master = No
template primary group = "Domain Users"
template shell = /bin/bash
winbind separator = +
domain master = False
dns proxy = No
guest ok = Yes
hosts allow = 192.168. 127.0.0.1
printing = lprng
idmap uid = 10000-20000
idmap gid = 10000-20000
nsswitch.conf:
passwd: files winbindd
shadow: files winbindd
group: files winbindd
hosts: files dns wins
smbd.log:
[2005/10/03 15:53:41, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/03 15:53:55, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 08:50:36, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 08:50:39, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 08:50:47, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 08:50:52, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 08:50:55, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 08:56:10, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 08:56:16, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 09:01:45, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/10/04 09:06:13, 1] smbd/server.c:open_sockets_smbd(348)
Reloading services after SIGHUP
[2005/10/04 09:06:13, 1] printing/printing.c:start_background_queue(1257)
Reloading services after SIGHUP
winbindd.log:
[2005/10/06 10:37:06, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Preauthentication failed
[2005/10/06 10:37:15, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password host/FS03 at METROLIST.DMZ failed: Preauthentication
failed
[2005/10/06 10:37:15, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain MTRODMZ failed: Preauthentication failed
[2005/10/06 10:39:44, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)
Kinit failed: Preauthentication failed
0.0.0.0.log
[2005/10/06 09:58:40, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/10/06 09:58:44, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/10/06 09:58:48, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/10/06 10:36:56, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2005/10/06 10:36:58, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
Nmbd.log
[2005/10/05 04:02:02, 0] nmbd/nmbd.c:process(542)
Got SIGHUP dumping debug info.
[2005/10/05 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(284)
dump_workgroups()
dump workgroup on subnet 192.168.250.78: netmask= 255.255.255.0:
MTRODMZ(1) current master browser = DMZDC02
FS03 40009b03 (FS03)
DMZDC02 4204102b ()
WEBS10 40849003 ()
WEBS09 40849003 ()
[2005/10/06 09:57:42, 0] nmbd/nmbd.c:terminate(56)
Got SIGTERM: going down...
[2005/10/06 09:57:42, 0] nmbd/nmbd.c:main(669)
Netbios nameserver version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1994-2004
[2005/10/06 10:36:18, 0] nmbd/nmbd.c:terminate(56)
Got SIGTERM: going down...
[2005/10/06 10:36:18, 0] nmbd/nmbd.c:main(669)
Netbios nameserver version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1994-2004
[bluemoon at fs01 etc]#net ads user -U Administrator
<Shows domain user accounts>
[bluemoon at fs01 etc]# wbinfo -u
Error looking up domain users
[bluemoon at fs01 etc]# wbinfo -g
BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users
Thanks again for any help
Eduard Tieseler
More information about the samba
mailing list