[Samba] Re: Strange Usermapping problem with 3.0.23b

Matthias Schündehütte msch at snafu.de
Mon Aug 21 20:14:08 GMT 2006 

Hello Volker,

On 2006-08-19 20:10:23 +0200, Volker Lendecke <Volker.Lendecke at SerNet.DE> said:

> On Sat, Aug 19, 2006 at 05:36:00PM +0200, Matthias Sch=FCndeh=FCtte wrote:
>> It's FreeBSD 5.5-RELEASE (on my Server) and FreeBSD-6.1-STABLE (on my=20
>> Workstation), both with Heimdal-Kerberos.
>> =20
>> I must admit that the/my previous version of Samba (3.0.22) was=20
>> compiled using MITs Kerberos V 1.5... But 'kinit' worked with Heimdal=20
>> as well as 'net ads join' so I thought that was Ok... I prefer Heimdal=20
>> because it's part of the base OS.
> 
> The fact that net ads join works is a good indication but
> not a 100% guarantee that the libs can correctly verify the
> ticket that comes in. Without really knowing what's going on
> I'd still recommend to try with a different Kerberos
> version.

Did this today. I (re)installed MIT-Kerberos V 1.5 and recompiled samba-3.0.23b
*and verified* that it's using the MIT libraries...

OK - the errors are gone but the double-mapping remains there:

[...]
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(687)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 
2002 5.1] PrimaryDomain=[]
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(547)
  Got OID 1 2 840 48018 1 2 2
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(547)
  Got OID 1 2 840 113554 1 2 2
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(547)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(550)
  Got secblob of size 2668
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
  Ticket name is [SchuendeMa at WW004.SIEMENS.NET]
[2006/08/21 11:05:42, 3] smbd/map_username.c:map_username(155)
  Mapped user WW004\SchuendeMa to matthias
[2006/08/21 11:05:42, 3] smbd/map_username.c:map_username(155)
  Mapped user WW004\matthias to smb
[2006/08/21 11:05:42, 3] passdb/lookup_sid.c:store_gid_sid_cache(1107)
  store_gid_sid_cache: gid 256 in cache -> S-1-22-2-256
[...]

If someone is interested, I saved a tar-archive with *all* logfiles of 
three sessions:

1. Heimdal-working
2. Heimdal-notworking
3. MIT-notworking

I still think there has something gone wrong...

Matthias
-- 
Ciao/BSD - Matthias

Matthias Schuendehuette <msch [at] snafu.de>, Berlin (Germany)
PGP-Key at <pgp.mit.edu> and <wwwkeys.de.pgp.net> ID: 0xDDFB0A5F

More information about the samba mailing list