[Samba] Windows 2003 AD <-> Samba 3.0.23c

db at trunet.dk db at trunet.dk
Mon Nov 13 10:05:46 GMT 2006 

Hi all

I have a network with a Windows 2003 AD (10.10.10.5) and a Samba 3.0.23c
(10.10.10.8). I want Samba to join the domain and get it's
user/group/permission info from my Windows 2003 server. I have followed
http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#ch9-adsdc

And it seams to join and work with wbinfo/getent/"net ads
join/info/status". When I try to login with a wrong password it get's
rejected, but when I type the correct password it timeout.

krb5.conf:
[libdefaults]
 default_realm = MYDOMAIN.LOCAL

[realms]
 MYDOMAIN.LOCAL = {
   kdc = 10.10.10.5
 }

[domain_realms]
 .MYDOMAIN.local = MYDOMAIN.LOCAL

ldap.conf
host 10.10.10.5
base dc=example,dc=com
nss_initgroups_ignoreusers root,ldap

nsswitch.conf
passwd:      files ldap winbind
group:       files ldap winbind
shadow:      files ldap winbind
hosts:       files wins dns

smb.conf
[global]
	unix charset = LOCALE
	workgroup = MYDOMAIN
	realm = MYDOMAIN.local
	security = ADS
	password server = 10.10.10.5
	ldap ssl = No
	netbios name = MYDOMAINFILES
	server string = MYDOMAIN Linux Filserver
	encrypt passwords = Yes
	socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY
	dns proxy = Yes
	smb ports = 445
	log file = /var/log/samba/%m.log
	max log size = 50
	max xmit = 2048
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind separator = +
	winbind trusted domains only = No
	template homedir = /home/data/homes/%U
	template shell = /bin/false
	guest ok = No
	create mask = 0777
	directory mask = 0777
	force create mode = 0777
	force directory mode = 0777
	hide dot files = No
	enable privileges = Yes
	disable spoolss = Yes
	enable asu support = No
	add share command = /etc/samba/scripts/share_add
	change share command = /etc/samba/scripts/share_change
	delete share command = /etc/samba/scripts/share_delete
	vfs object = recycle:recycle
        recycle:repository = PAPIRKURV
        recycle:keeptree = Yes
        recycle:touch = Yes
        recycle:versions = Yes
include = /etc/samba/shares.conf

Commands:
[samba]# net ads info
LDAP server: 10.10.10.5
LDAP server name: mydomainad.Mydomain.local
Realm: MYDOMAIN.LOCAL
Bind Path: dc=MYDOMAIN,dc=LOCAL
LDAP port: 389
Server time: Mon, 13 Nov 2006 09:30:10 CET
KDC server: 10.10.10.5
Server time offset: 0
amba]# smbclient -d 10 -L \\10.10.10.8 -U og
INFO: Current debug levels:
  all: True/10
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
  locking: False/0
  msdfs: False/0
  dmapi: False/0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter unix charset = LOCALE
[snip]
doing parameter workgroup = MYDOMAIN
doing parameter realm = MYDOMAIN.local
doing parameter security = ADS
doing parameter password server = 10.10.10.5
doing parameter ldap ssl = No
doing parameter netbios name = MYDOMAINFILES
handle_netbios_name: set global_myname to: MYDOMAINFILES
doing parameter server string = MYDOMAIN Linux Filserver
doing parameter encrypt passwords = Yes
doing parameter socket options = TCP_NODELAY SO_SNDBUF=65536
SO_RCVBUF=65536 IPTOS_LOWDELAY
doing parameter dns proxy = Yes
doing parameter smb ports = 445
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
doing parameter max xmit = 2048
doing parameter idmap uid = 10000-20000
doing parameter idmap gid = 10000-20000
doing parameter winbind enum users = Yes
doing parameter winbind enum groups = Yes
doing parameter winbind separator = +
doing parameter winbind trusted domains only = No
doing parameter template homedir = /home/data/homes/%U
doing parameter template shell = /bin/false
doing parameter guest ok = No
doing parameter create mask = 0777
doing parameter directory mask = 0777
doing parameter force create mode = 0777
doing parameter force directory mode = 0777
doing parameter hide dot files = No
doing parameter enable privileges = Yes
doing parameter disable spoolss = Yes
doing parameter enable asu support = No
doing parameter add share command = /etc/samba/scripts/share_add
doing parameter change share command = /etc/samba/scripts/share_change
doing parameter delete share command = /etc/samba/scripts/share_delete
doing parameter vfs object = recycle:recycle
doing parameter recycle:repository = PAPIRKURV
doing parameter recycle:keeptree = Yes
doing parameter recycle:touch = Yes
doing parameter recycle:versions = Yes
doing parameter include = /etc/samba/shares.conf
params.c:pm_process() - Processing configuration file
"/etc/samba/shares.conf"
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_MEMBER
[snip]
added interface ip=10.10.10.8 bcast=10.10.10.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="MYDOMAINFILES"
Client started (version 3.0.23c-1.fc5).
Connecting to 10.10.10.8 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option TCP_KEEPCNT = 9
socket option TCP_KEEPIDLE = 7200
socket option TCP_KEEPINTVL = 75
socket option IPTOS_LOWDELAY = 16
socket option IPTOS_THROUGHPUT = 16
socket option SO_SNDBUF = 131072
socket option SO_RCVBUF = 131072
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
 session request ok
write_socket(4,183)
write_socket(4,183) wrote 183
got smb length of 187
size=187
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=11408
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=    8 (0x8)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=37120 (0x9100)
smb_vwv[ 8]=   44 (0x2C)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=  128 (0x80)
smb_vwv[12]= 7325 (0x1C9D)
smb_vwv[13]=65054 (0xFE1E)
smb_vwv[14]=50950 (0xC706)
smb_vwv[15]=50177 (0xC401)
smb_vwv[16]=30463 (0x76FF)
smb_bcc=118
[snip]
size=187
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=11408
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=    8 (0x8)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=37120 (0x9100)
smb_vwv[ 8]=   44 (0x2C)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=  128 (0x80)
smb_vwv[12]= 7325 (0x1C9D)
smb_vwv[13]=65054 (0xFE1E)
smb_vwv[14]=50950 (0xC706)
smb_vwv[15]=50177 (0xC401)
smb_vwv[16]=30463 (0x76FF)
smb_bcc=118
[snip]
Password:
Doing spnego session setup (blob length=118)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=cifs/mydomainfiles.mydomain.local at MYDOMAIN.LOCAL
write_socket(4,168)
write_socket(4,168) wrote 168
got smb length of 324
size=324
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=11408
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=  217 (0xD9)
smb_bcc=281
[snip]
size=324
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=11408
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=  217 (0xD9)
smb_bcc=281
[snip]
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[000] 8B 81 0C 92 37 33 38 69                           ....738i
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
write_socket(4,264)
write_socket(4,264) wrote 264
read_socket_with_timeout: timeout read. select timed out.
receive_smb_raw: length < 0!
client_receive_smb failed
size=324
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=11408
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=  217 (0xD9)
smb_bcc=281
[snip]
SPNEGO login failed: NT_STATUS_IO_TIMEOUT
lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
session setup failed: Call timed out: server did not respond after 20000
milliseconds

Any ideas what's wrong?

Best regards
db

More information about the samba mailing list