[Samba] Domain controller problems

Papp Kristof pchrisdev at gmail.com
Sat Nov 25 07:44:15 GMT 2006


Hello!
I am trying to set up a domain for my home network, but I ran into problems.
The situation: The Debian server has netbios name "server", there are
more PCs, I will only talk about "pchrispc". The user I want to setup
is "pappl".

Here is what I did:
Installed Samba, configured it correctly (domain master, netlogon, etc.),
added the UNIX user
pappl (with a pass), and
pchrispc$ with "passwd -l",
did "smbpasswd -a pappl" and "smbpasswd -a -m pchrispc".
So far, everything is ok, I see them both in pdbedit:

######################################
server:~# Unix username:        pappl
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-2564980194-3922274804-1921109836-3002
Primary Group SID:    S-1-5-21-2564980194-3922274804-1921109836-513
Full Name:            Papp Laszlo,,,
Home Directory:       \\server\pappl
HomeDir Drive:        S:
Logon Script:         logon.cmd
Profile Path:         \\server\profiles\pappl
Domain:               HOMEDOMAIN
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 04:14:07 CET
Kickoff time:         Tue, 19 Jan 2038 04:14:07 CET
Password last set:    Fri, 24 Nov 2006 19:27:54 CET
Password can change:  Fri, 24 Nov 2006 19:27:54 CET
Password must change: Tue, 19 Jan 2038 04:14:07 CET
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
######################################

Then I created /home/samba/{profiles/pappl,netlogon}, all with chmod 777.

Now, if I try to connect from pchrispc (XP) I get (After I typed in
"pappl" and the pass) "Access denied", or "No such username or wrong
password"

The strange thing is, that the samba log says that the authentication
was correct:
authentication for user [pappl] -> [pappl] -> [pappl] succeeded
Part of the log:
###################################################

[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user
[homedomain]\[pappl]@[PCHRISPC] with the new password interface
[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [homedomain]\[pappl]@[PCHRISPC]

[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [pappl] succeeded

[2006/11/24 21:01:48, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [pappl] -> [pappl] ->
[pappl] succeeded
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2564980194-3922274804-1921109836-3002]
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-2-1003]
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2006/11/24 21:01:49, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2006/11/24 21:01:49, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/11/24 21:01:49, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0xe2088215
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(280)
  User name: pappl      Real name: Papp Laszlo,,,
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(301)
  UNIX uid 1001 is UNIX user pappl, and will be vuid 101
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(332)
  Adding homes service for user 'pappl' using home directory: '/home/pappl'
[2006/11/24 21:01:49, 3] param/loadparm.c:lp_add_home(2596)
  adding home's share [pappl] for user 'pappl' at '/home/pappl'
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
  Transaction 3 of length 82
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
  switch message SMBtconX (pid 2574) conn 0x0
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/service.c:make_connection_snum(752)
  Connect path is '/tmp' for service [IPC$]
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
  se_access_check: also S-1-22-2-1003
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] smbd/vfs.c:vfs_init_default(219)
  Initialising default vfs hooks
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
  se_access_check: also S-1-22-2-1003
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (1001, 1003) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/service.c:make_connection_snum(941)
  pchrispc (192.168.1.3) connect to service IPC$ initially as user
pappl (uid=1001, gid=1003) (pid 2574)
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
[2006/11/24 21:01:49, 3] smbd/reply.c:reply_tcon_and_X(716)
  tconX service=IPC$
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
  Transaction 4 of length 104
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
  switch message SMBntcreateX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (1001, 1003) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/nttrans.c:nt_open_pipe(346)
  nt_open_pipe: Known pipe lsarpc opening.
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
  Transaction 5 of length 140
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
  switch message SMBwriteX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
  api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:check_bind_req(985)
  check_bind_req for \PIPE\lsarpc
[2006/11/24 21:01:49, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
  writeX-IPC pnum=75a3 nwritten=72
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
  Transaction 6 of length 63
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
  switch message SMBreadX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
  readX-IPC pnum=75a3 min=1024 max=1024 nread=68
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
  Transaction 7 of length 176
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
  switch message SMBtrans (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/ipc.c:handle_trans(373)
  trans <\PIPE\> data=88 params=0 setup=2
[2006/11/24 21:01:49, 3] smbd/ipc.c:named_pipe(340)
  named pipe command on <> name
[2006/11/24 21:01:49, 3] smbd/ipc.c:api_fd_reply(300)
  Got API command 0x26 on pipe "lsarpc" (pnum 75a3)
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 70
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:api_rpcTNP(2265)
  api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
  se_access_check: also S-1-22-2-1003
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
  free_pipe_context: destroying talloc pool of size 818
###################################################
I have read something about groups... Maybe I need some group management too?

Please help me, I have really spent days with this problem..

Thanks: PChris


More information about the samba mailing list