[Samba] trust issues with 3.0.30
Franz Strebel
franz.strebel at gmail.com
Thu May 29 08:07:02 GMT 2008
Hello folks,
It seems that I am still having the trust issues I encountered with 3.0.28a
with 3.0.30.
My production servers are running 3.0.28 and that is working very well.
Thanks in advance for any help or advice.
- Franz
Basic setup:
Win NT4 PDC domain trusts an AD-mixed mode accounts domain
Samba server member of NT4 domain and running winbind for auth
When I call id <username> I only get three items back, uid, gid and groups
which
contains the group mentioned in the gid. Getting the groups via wbinfo
gives me
the expected listing though.
I ran smbd at level 3 debug and here's the output when a user tries to
connect to
a share:
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[WHO-HQ-1]\[strebelf]@[HQWD0060725] with the new password interface
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [WHO-HQ-1]\[strebelf]@[HQWD0060725]
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/05/29 09:29:43, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [strebelf] -> [strebelf]
FAILED with error NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:43, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:43, 3] smbd/process.c:timeout_processing(1329)
timeout_processing: End of file from client (client has disconnected).
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2008/05/29 09:29:43, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[WHO-HQ-1]\[strebelf]@[HQWD0060725] with the new password interface
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [WHO-HQ-1]\[strebelf]@[HQWD0060725]
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/05/29 09:29:43, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [strebelf] -> [strebelf]
FAILED with error NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:43, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:43, 3] smbd/process.c:timeout_processing(1329)
timeout_processing: End of file from client (client has disconnected).
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2008/05/29 09:29:43, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[WHO-HQ-1]\[strebelf]@[HQWD0060725] with the new password interface
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [WHO-HQ-1]\[strebelf]@[HQWD0060725]
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/05/29 09:29:43, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [strebelf] -> [strebelf]
FAILED with error NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:43, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:43, 3] smbd/process.c:process_smb(1069)
Transaction 3 of length 240
[2008/05/29 09:29:43, 3] smbd/process.c:switch_message(927)
switch message SMBsesssetupX (pid 4285) conn 0x0
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1256)
wct=12 flg2=0xc807
[2008/05/29 09:29:43, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2008/05/29 09:29:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
Doing spnego session setup
[2008/05/29 09:29:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/05/29 09:29:43, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
reply_spnego_negotiate: Got secblob of size 40
[2008/05/29 09:29:43, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088297
[2008/05/29 09:29:43, 3] smbd/process.c:process_smb(1069)
Transaction 4 of length 368
[2008/05/29 09:29:43, 3] smbd/process.c:switch_message(927)
switch message SMBsesssetupX (pid 4285) conn 0x0
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1256)
wct=12 flg2=0xc807
[2008/05/29 09:29:43, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2008/05/29 09:29:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
Doing spnego session setup
[2008/05/29 09:29:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2008/05/29 09:29:43, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(739)
Got user=[strebelf] domain=[WHO-HQ-1] workstation=[HQWD0060725] len1=24
len2=24
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[WHO-HQ-1]\[strebelf]@[HQWD0060725] with the new password interface
[2008/05/29 09:29:43, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [WHO-HQ-1]\[strebelf]@[HQWD0060725]
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/05/29 09:29:43, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/05/29 09:29:43, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/05/29 09:29:44, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:44, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [strebelf] -> [strebelf]
FAILED with error NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:44, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_ACCESS_DENIED
[2008/05/29 09:29:44, 3] smbd/process.c:timeout_processing(1329)
timeout_processing: End of file from client (client has disconnected).
[2008/05/29 09:29:44, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/05/29 09:29:44, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2008/05/29 09:29:44, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)
More information about the samba
mailing list