[Samba] Problem using rpcclient as root user -- can't authenticate

Rob Tanner rtanner at linfield.edu
Mon Jan 30 22:25:30 GMT 2006 

I'm a Samba-3 newbie (all my previous experience is with Samba-2), and 
that may by the crux of the problem.

Samba 3.0.14a-2 came bundled with Fedora Core.  Since this server will 
be taking over the functions of the Samba-2, I copied the smb.conf file 
over and simply changed the netbios name.  It uses a domain security 
model, and that has not changed.  Also, using the rpc net command, I 
joined the server to the domain.  I added a local password for "root" 
via the SWAT interface.  Since it's the same password as on the old 
Samba-2 server, I compared the password hashes to see that they are 
identical.

The problem I've encountered is with rpcclient.  It looks like it's 
trying to treat the user as a domain user and not simply local to the 
server.  For example:

 >  rpcclient berkeley -U root%XXXXXX -c "enumdrivers 2"

The system response is:

 > added interface ip=10.171.255.21 bcast=10.171.255.255 nmask=255.255.0.0
 > Connecting to host=berkeley
 > resolve_lmhosts: Attempting lmhosts lookup for name berkeley<0x20>
 > resolve_wins: Attempting wins lookup for name berkeley<0x20>
 > resolve_wins: using WINS server 10.170.131.11 and tag '*'
 > Got a positive name query response from 10.170.131.11 ( 10.171.255.21 )
 > Connecting to 10.171.255.21 at port 445
 > Doing spnego session setup (blob length=58)
 > got OID=1 3 6 1 4 1 311 2 2 10
 > got principal=NONE
 > Got challenge flags:
 > Got NTLMSSP neg_flags=0x60890215
 > NTLMSSP: Set final flags:
 > Got NTLMSSP neg_flags=0x60080215
 > NTLMSSP Sign/Seal - Initialising with flags:
 > Got NTLMSSP neg_flags=0x60080215
 > SPNEGO login failed: Logon failure
 > failed session setup with NT_STATUS_LOGON_FAILURE
 > Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE


And in the log file I see the following:

 > [2006/01/30 13:38:24, 3] auth/auth.c:check_ntlm_password(219)
 >   check_ntlm_password:  Checking password for unmapped user 
[CATNET]\[root]@[BERKELEY] with the new password interface
 > [2006/01/30 13:38:24, 3] auth/auth.c:check_ntlm_password(222)
 >   check_ntlm_password:  mapped user is: [CATNET]\[root]@[BERKELEY]
 > [2006/01/30 13:38:24, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 >   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
 > [2006/01/30 13:38:24, 3] smbd/uid.c:push_conn_ctx(365)
 >   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
 > [2006/01/30 13:38:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 >   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
 > [2006/01/30 13:38:24, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 >   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
 > [2006/01/30 13:38:24, 2] auth/auth.c:check_ntlm_password(312)
 >   check_ntlm_password:  Authentication for user [root] -> [root] 
FAILED with error NT_STATUS_NO_SUCH_USER


Any ideas about what might be wrong?

Thanks,
Rob


-- 

Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

More information about the samba mailing list