[Samba] Interdomain trust relationships
Scouser
scouser at paradise.net.nz
Mon Sep 19 01:50:22 GMT 2005
I am trying to set up samba server that trusts the local NT domain, so
users who are logged intot the domain to not need to re-authenticate,
nor have unix accounts set up.
Config snipit:
[global]
workgroup = DC2DEV3
server string = DC2DEV3
netbios name = DC2DEV3
interfaces = en0
bind interfaces only = Yes
smb passwd file = /var/samba/private/smbpasswd
security = user
domain logons = yes
encrypt passwords = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
idmap uid = 10000-20000
idmap gid = 10000-20000
[SHARE]
comment = Test Share
path = /home/testshare
admin users = xxxxxxx
browseable = Yes
I have set up the trust relation with the NT domain (one way as I only
want to trust it not the other way round)
# wbinfo -m
NZA
BUILTIN
However when I try to mount a share it fails, and then prompts me for a
uesrname and password.
I can see all the domain users OK if I do an 'wbinfo -u'.
Is this possible?
Where have I gone wrong?
Thanks in advance
JM
Note: in the log for the client connection I get a message of
"authentication for user [test-user] FAILED with error
NT_STATUS_NO_SUCH_USER"
in the winbindd log however I get a message that states "NTLM CRAP
authentication for user [NZA]\[test-user] returned NT_STATUS_OK (PAM: 0)"
Log snippit:
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0128 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
012c g_rid: 00002846
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0130 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0134 g_rid: 00002812
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0138 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
013c g_rid: 00002847
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0140 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0144 g_rid: 0000289e
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0148 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
014c g_rid: 00002845
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0150 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0154 g_rid: 00002f71
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0158 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
015c g_rid: 000027e8
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0160 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0164 g_rid: 000031ad
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0168 attr : 00000007
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
016c uni_max_len: 00000009
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0170 offset : 00000000
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0174 uni_str_len: 00000008
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807)
0178 buffer : A.D.C.W.L.G.0.1.
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0188 uni_max_len: 00000004
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
018c offset : 00000000
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0190 uni_str_len: 00000003
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807)
0194 buffer : N.Z.A.
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32(635)
019c num_auths: 00000004
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a0 sid_rev_num: 01
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a1 num_auths : 04
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a2 id_auth[0] : 00
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a3 id_auth[1] : 00
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a4 id_auth[2] : 00
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a5 id_auth[3] : 00
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a6 id_auth[4] : 00
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint8(577)
01a7 id_auth[5] : 05
[2005/09/19 13:41:16, 5] rpc_parse/parse_prs.c:prs_uint32s(862)
01a8 sub_auths : 00000015 29517690 32ea4145 364f3ea3
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam(293)
Finding user NZA\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is nza\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is NZA\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in nza\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [NZA\test-user]!
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam(293)
Finding user test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [test-user]!
[2005/09/19 13:41:16, 10] auth/auth_util.c:auth_add_user_script(74)
auth_add_user_script: no 'add user script'. Asking winbindd
[2005/09/19 13:41:16, 5] auth/auth_util.c:auth_add_user_script(81)
auth_add_user_script: winbindd_create_user() failed
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam(293)
Finding user test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [test-user]!
[2005/09/19 13:41:16, 3] auth/auth_util.c:make_server_info_info3(1112)
User test-user does not exist, trying to add it
[2005/09/19 13:41:16, 10] auth/auth_util.c:auth_add_user_script(74)
auth_add_user_script: no 'add user script'. Asking winbindd
[2005/09/19 13:41:16, 5] auth/auth_util.c:auth_add_user_script(81)
auth_add_user_script: winbindd_create_user() failed
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam(293)
Finding user NZA\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is nza\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is NZA\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in nza\test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [NZA\test-user]!
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam(293)
Finding user test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [test-user]!
[2005/09/19 13:41:16, 10] auth/auth_util.c:auth_add_user_script(74)
auth_add_user_script: no 'add user script'. Asking winbindd
[2005/09/19 13:41:16, 5] auth/auth_util.c:auth_add_user_script(81)
auth_add_user_script: winbindd_create_user() failed
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam(293)
Finding user test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(230)
Trying _Get_Pwnam(), username as given is test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in test-user
[2005/09/19 13:41:16, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [test-user]!
[2005/09/19 13:41:16, 0] auth/auth_util.c:make_server_info_info3(1120)
make_server_info_info3: pdb_init_sam failed!
[2005/09/19 13:41:16, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: winbind authentication for user [test-user]
FAILED with error NT_STATUS_NO_SUCH_USER
[2005/09/19 13:41:16, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [test-user] ->
[test-user] FAILED with error NT_STATUS_NO_SUCH_USER
[2005/09/19 13:41:16, 5] auth/auth_util.c:free_user_info(1298)
attempting to free (and zero) a user_info structure
[2005/09/19 13:41:16, 10] auth/auth_util.c:free_user_info(1301)
structure was created for test-user
[2005/09/19 13:41:16, 6] lib/util_sock.c:write_socket(432)
write_socket(5,106)
[2005/09/19 13:41:16, 6] lib/util_sock.c:write_socket(435)
write_socket(5,106) wrote 106
[2005/09/19 13:41:16, 3] smbd/process.c:timeout_processing(1104)
timeout_processing: End of file from client (client has disconnected).
[2005/09/19 13:41:16, 5] lib/gencache.c:gencache_shutdown(88)
Closing cache file
[2005/09/19 13:41:16, 5] libsmb/namecache.c:namecache_shutdown(79)
namecache_shutdown: netbios namecache closed successfully.
[2005/09/19 13:41:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/09/19 13:41:16, 5] auth/auth_util.c:debug_nt_user_token(486)
NT user token: (NULL)
[2005/09/19 13:41:16, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2005/09/19 13:41:16, 5] smbd/uid.c:change_to_root_user(282)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/09/19 13:41:16, 2] smbd/server.c:exit_server(568)
Closing connections
[2005/09/19 13:41:16, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/09/19 13:41:16, 5] smbd/oplock.c:receive_local_message(107)
receive_local_message: doing select with timeout of 1 ms
[2005/09/19 13:41:16, 3] smbd/server.c:exit_server(611)
Server exit (normal exit)
More information about the samba
mailing list