[Samba] Samba version 3.0.23d-1 and joining a Windows Domain
Henrik Zagerholm
henke at mac.se
Tue Jan 2 07:47:17 GMT 2007
Shouldn't security = DOMAIN be ADS instead?
1 jan 2007 kl. 20:29 skrev Bryan Jones:
> All,
>
> I installed the new version of samba on my Redhat 9.0 server. I
> have samba running on another Redhat 9.0 server and the version of
> samba on that box is 3.0.21c-1 and this server has successfully
> joined a W2K Domain. I am trying to migrate the data from the host
> that works to the new host.
>
> Here are the steps that I have taken to try and join to the domain.
>
> 1. rpm -i -vv samba-3.0.23d-1.i386.rpm
> 2. vi /etc/samba/smb.conf
>
> [global]
> netbios name = snow
> workgroup = STORM
> server string = Samba Server
> realm = STORM.THEBUC.COM
> security = DOMAIN
> winbind separator = +
> idmap uid = 100000-200000
> idmap gid = 100000-200000
> winbind enum users = yes
> winbind enum groups = yes
> load printers = no
> encrypt passwords = yes
> dns proxy = no
> log level = 10
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 500
> smb ports = 139 445
> name resolve order = hosts wins bcast
> wins server = 192.168.110.3
> [software]
> comment = Software
> path = /d0/shares/software
> read only = No
> browseable = No
> guest ok = No
> [spreadsheets]
> comment = Spreadsheets
> path = /d0/shares/spreadsheets
> read only = No
> browseable = No
> guest ok = No
> [work]
> comment = Data from Work
> path = /d0/shares/work
> read only = No
> browseable = No
> guest ok = No
>
> 3. vi /etc/hosts
> 192.168.110.50 snow
> 192.168.110.3 cyclone
>
> 4. testparm
> SNOW# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[software]"
> Processing section "[spreadsheets]"
> Processing section "[work]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group membership.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> 5. /etc/init.d/smb start
> 6. net rpc join -U Administrator -S cyclone
> Password: XXXXXXXX
> Joined domain STORM.
>
> 7. vi /etc/nsswitch.conf
> passwd: compat winbind
> group: compat winbind
> hosts: files dns wins
>
> 8. service smb stop
> 9. nmbd ; smbd ; winbindd
>
> 10. wbinfo -u
> Error looking up domain users
>
> 11. wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> 12. wbinfo --own-domain
> STORM
>
> 13. net rpc info -U Administrator
> Password:
> Domain Name: STORM
> Domain SID: S-1-5-21-2982344105-4110734383-1059044574
> Sequence number: 719
> Num users: 34
> Num domain groups: 0
> Num local groups: 10
>
> 14. nmbd; smbd -i -d 3
> Maximum core file size limits now 16777216(soft) -1(hard)
> get_current_groups: user is in 1 groups: 0
> smbd version 3.0.23d started.
> Copyright Andrew Tridgell and the Samba Team 1992-2006
> uid=0 gid=0 euid=0 egid=0
> lp_load: refreshing parameters
> Initialising global parameters
> params.c:pm_process() - Processing configuration file "/etc/samba/
> smb.conf"
> Processing section "[global]"
> Processing section "[software]"
> Processing section "[spreadsheets]"
> Processing section "[work]"
> adding IPC service
> reloading printcap cache
> reload status: ok
> reloading printcap cache
> reload status: ok
> added interface ip=192.168.110.50 bcast=192.168.110.255
> nmask=255.255.255.0
> loaded services
> Registered MSG_REQ_POOL_USAGE
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> get_privileges: No privileges assigned to SID [S-1-22-1-0]
> get_privileges: No privileges assigned to SID [S-1-5-2]
> get_privileges: No privileges assigned to SID [S-1-5-11]
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> se_access_check: user sid is S-1-22-1-0
> se_access_check: also S-1-5-32-544
> se_access_check: also S-1-1-0
> se_access_check: also S-1-5-2
> se_access_check: also S-1-5-11
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> get_privileges: No privileges assigned to SID [S-1-22-1-99]
> get_privileges: No privileges assigned to SID [S-1-22-2-99]
> get_privileges: No privileges assigned to SID [S-1-5-2]
> get_privileges: No privileges assigned to SID [S-1-5-32-546]
> waiting for a connection
>
>
> 15. Windows host net view \\snow
>
> output from smbd -i -d 3
>
> open_oplock_ipc: initializing messages.
> Linux kernel oplocks enabled
> Transaction 0 of length 72
> netbios connect: name1=SNOW name2=CYCLONE
> netbios connect: local=snow remote=cyclone, name type = 0
> Transaction 1 of length 137
> switch message SMBnegprot (pid 5283) conn 0x0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> Requested protocol [PC NETWORK PROGRAM 1.0]
> Requested protocol [LANMAN1.0]
> Requested protocol [Windows for Workgroups 3.1a]
> Requested protocol [LM1.2X002]
> Requested protocol [LANMAN2.1]
> Requested protocol [NT LM 0.12]
> using SPNEGO
> Selected protocol NT LM 0.12
> Transaction 2 of length 202
> switch message SMBsesssetupX (pid 5283) conn 0x0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> wct=12 flg2=0xc807
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
> close all old resources.
> Doing spnego session setup
> NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
> PrimaryDomain=[]
> Got OID 1 3 6 1 4 1 311 2 2 10
> Got secblob of size 32
> Got NTLMSSP neg_flags=0xe0088297
> Transaction 3 of length 326
> switch message SMBsesssetupX (pid 5283) conn 0x0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> wct=12 flg2=0xc807
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would
> close all old resources.
> Doing spnego session setup
> NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
> PrimaryDomain=[]
> Got user=[Administrator] domain=[STORM] workstation=[CYCLONE]
> len1=24 len2=24
> get_dc_list: preferred server list: "CYCLONE, *"
> rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM
> Connecting to host=CYCLONE
> Connecting to 192.168.110.3 at port 445
> rpc_pipe_bind: Remote machine CYCLONE pipe \lsarpc fnum 0x4 bind
> request returned ok.
> lsa_io_sec_qos: length c does not match size 8
> check_ntlm_password: Checking password for unmapped user [STORM]\
> [Administrator]@[CYCLONE] with the new password interface
> check_ntlm_password: mapped user is: [STORM]\[Administrator]@
> [CYCLONE]
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> get_dc_list: preferred server list: "CYCLONE, *"
> rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM
> Connecting to host=CYCLONE
> Connecting to 192.168.110.3 at port 445
> rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x3 bind
> request returned ok.
> rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x4 bind
> request returned ok.
> check_ntlm_password: Authentication for user [Administrator] ->
> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
> error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> Transaction 4 of length 43
> switch message SMBulogoffX (pid 5283) conn 0x0
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> ulogoff, vuser id 100 does not map to user.
> ulogoffX vuid=100
> timeout_processing: End of file from client (client has disconnected).
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> Yielding connection to
> Server exit (normal exit)
>
> I can not join the domain, from the information above what am i
> doing wrong?
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list