[Samba] Samba version 3.0.23d-1 and joining a Windows Domain

Bryan Jones bryan_jones at yahoo.com
Mon Jan 1 19:29:47 GMT 2007 

All,

I installed the new version of samba on my Redhat 9.0 server.  I have samba running on another Redhat 9.0 server and the version of samba on that box is 3.0.21c-1 and this server has successfully joined a W2K Domain.  I am trying to migrate the data from the host that works to the new host.  

Here are the steps that I have taken to try and join to the domain.

1. rpm -i -vv samba-3.0.23d-1.i386.rpm
2. vi /etc/samba/smb.conf

[global]
    netbios name = snow
    workgroup = STORM
    server string = Samba Server
    realm = STORM.THEBUC.COM
    security = DOMAIN
    winbind separator = +
    idmap uid = 100000-200000
    idmap gid = 100000-200000
    winbind enum users = yes
    winbind enum groups = yes
    load printers = no
    encrypt passwords = yes
    dns proxy = no
    log level = 10
    syslog = 0
    log file = /var/log/samba/%m
    max log size = 500
    smb ports = 139 445
    name resolve order = hosts wins bcast
    wins server = 192.168.110.3
[software]
    comment = Software
    path = /d0/shares/software
    read only = No
    browseable = No
    guest ok = No
[spreadsheets]
    comment = Spreadsheets
    path = /d0/shares/spreadsheets
    read only = No
    browseable = No
    guest ok = No
[work]
    comment = Data from Work
    path = /d0/shares/work
    read only = No
    browseable = No
    guest ok = No

3. vi /etc/hosts
192.168.110.50  snow    
192.168.110.3   cyclone

4. testparm
SNOW# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[software]"
Processing section "[spreadsheets]"
Processing section "[work]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

5. /etc/init.d/smb start
6. net rpc join -U Administrator -S cyclone
Password:  XXXXXXXX
Joined domain STORM.

7. vi /etc/nsswitch.conf
passwd:  compat winbind  
group:  compat winbind  
hosts:  files dns wins  

8. service smb stop
9. nmbd ; smbd ; winbindd

10. wbinfo -u
Error looking up domain users

11. wbinfo -t
checking the trust secret via RPC calls succeeded

12. wbinfo --own-domain
STORM

13.  net rpc info -U Administrator           
Password:
Domain Name: STORM
Domain SID: S-1-5-21-2982344105-4110734383-1059044574
Sequence number: 719
Num users: 34
Num domain groups: 0
Num local groups: 10

14. nmbd; smbd -i -d 3            
Maximum core file size limits now 16777216(soft) -1(hard)
get_current_groups: user is in 1 groups: 0
smbd version 3.0.23d started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
uid=0 gid=0 euid=0 egid=0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[software]"
Processing section "[spreadsheets]"
Processing section "[work]"
adding IPC service
reloading printcap cache
reload status: ok
reloading printcap cache
reload status: ok
added interface ip=192.168.110.50 bcast=192.168.110.255 nmask=255.255.255.0
loaded services
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_privileges: No privileges assigned to SID [S-1-22-1-0]
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-11]
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_privileges: No privileges assigned to SID [S-1-22-1-99]
get_privileges: No privileges assigned to SID [S-1-22-2-99]
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-32-546]
waiting for a connection


15. Windows host net view \\snow

output from smbd -i -d 3
    
open_oplock_ipc: initializing messages.
Linux kernel oplocks enabled
Transaction 0 of length 72
netbios connect: name1=SNOW            name2=CYCLONE        
netbios connect: local=snow remote=cyclone, name type = 0
Transaction 1 of length 137
switch message SMBnegprot (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Requested protocol [PC NETWORK PROGRAM 1.0]
Requested protocol [LANMAN1.0]
Requested protocol [Windows for Workgroups 3.1a]
Requested protocol [LM1.2X002]
Requested protocol [LANMAN2.1]
Requested protocol [NT LM 0.12]
using SPNEGO
Selected protocol NT LM 0.12
Transaction 2 of length 202
switch message SMBsesssetupX (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
wct=12 flg2=0xc807
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
Doing spnego session setup
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
Got OID 1 3 6 1 4 1 311 2 2 10
Got secblob of size 32
Got NTLMSSP neg_flags=0xe0088297
Transaction 3 of length 326
switch message SMBsesssetupX (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
wct=12 flg2=0xc807
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
Doing spnego session setup
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
Got user=[Administrator] domain=[STORM] workstation=[CYCLONE] len1=24 len2=24
get_dc_list: preferred server list: "CYCLONE, *"
rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM
Connecting to host=CYCLONE
Connecting to 192.168.110.3 at port 445
rpc_pipe_bind: Remote machine CYCLONE pipe \lsarpc fnum 0x4 bind request returned ok.
lsa_io_sec_qos: length c does not match size 8
check_ntlm_password:  Checking password for unmapped user [STORM]\[Administrator]@[CYCLONE] with the new password interface
check_ntlm_password:  mapped user is: [STORM]\[Administrator]@[CYCLONE]
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_dc_list: preferred server list: "CYCLONE, *"
rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM
Connecting to host=CYCLONE
Connecting to 192.168.110.3 at port 445
rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x3 bind request returned ok.
rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x4 bind request returned ok.
check_ntlm_password:  Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
Transaction 4 of length 43
switch message SMBulogoffX (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
ulogoff, vuser id 100 does not map to user.
ulogoffX vuid=100
timeout_processing: End of file from client (client has disconnected).
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Yielding connection to 
Server exit (normal exit)

I can not join the domain, from the information above what am i doing wrong?

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the samba mailing list