[Samba] I'm Sure I'm Missing Something Simple and Stupid, But...

Robinson, Eric eric.robinson at psmnv.com
Tue Nov 11 14:03:26 GMT 2008


Problem: When I try to open a samba share from a Windows 2003 R2
computer, I get a login challenge.
 
When winbind and smb start up, the logs look clean except for the
following:
 
smbd.log
--------
[2008/11/11 04:42:16, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-22-1-0]
[2008/11/11 04:42:16, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/11/11 04:42:16, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-11]
 
But when I attempt to open a samba share from the Windows computer, I
get a login challenge and the following log is generated:
 
192.168.10.73.log
-----------------
[2008/11/11 04:55:58, 3] smbd/oplock.c:init_oplocks(863)
  init_oplocks: initializing messages.
[2008/11/11 04:55:58, 3]
smbd/oplock_linux.c:linux_init_kernel_oplocks(276)
  Linux kernel oplocks enabled
[2008/11/11 04:55:58, 3] lib/access.c:check_access(312)
  check_access: no hostnames in host allow/deny list.
[2008/11/11 04:55:58, 2] lib/access.c:check_access(323)
  Allowed connection from  (192.168.10.73)
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 0 of length 137
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBnegprot (pid 22078) conn 0x0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LANMAN1.0]
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [Windows for Workgroups 3.1a]
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LM1.2X002]
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LANMAN2.1]
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [NT LM 0.12]
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_nt1(364)
  using SPNEGO
[2008/11/11 04:55:58, 3] smbd/negprot.c:reply_negprot(606)
  Selected protocol NT LM 0.12
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 1 of length 1444
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBsesssetupX (pid 22078) conn 0x0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1253)
  wct=12 flg2=0xc807
[2008/11/11 04:55:58, 2] smbd/sesssetup.c:setup_new_vc_session(1209)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
  Doing spnego session setup
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
  NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 R2 5.2]
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1171
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_spnego_kerberos(321)
  Ticket name is [RPT01$@MYCHARTS.MD]
[2008/11/11 04:55:58, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
  store_gid_sid_cache: gid 1516 in cache ->
S-1-5-21-1387643762-3613047648-360800158-516
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/11/11 04:55:58, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/11/11 04:55:58, 3] groupdb/mapping.c:pdb_create_builtin_alias(723)
  pdb_create_builtin_alias: Could not get a gid out of winbind
[2008/11/11 04:55:58, 0]
auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/11/11 04:55:58, 2] auth/auth_util.c:create_local_nt_token(914)
  create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/11/11 04:55:58, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/11/11 04:55:58, 3] groupdb/mapping.c:pdb_create_builtin_alias(723)
  pdb_create_builtin_alias: Could not get a gid out of winbind
[2008/11/11 04:55:58, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/11/11 04:55:58, 2] auth/auth_util.c:create_local_nt_token(941)
  create_local_nt_token: Failed to create BUILTIN\Users group!
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/11/11 04:55:58, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-1387643762-3613047648-360800158-1111]
[2008/11/11 04:55:58, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID
[S-1-5-21-1387643762-3613047648-360800158-516]
[2008/11/11 04:55:58, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/11/11 04:55:58, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/11/11 04:55:58, 3] lib/privileges.c:get_privileges(261)
  get_privileges: No privileges assigned to SID [S-1-5-9]
[2008/11/11 04:55:58, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
  fetch gid from cache 1516 ->
S-1-5-21-1387643762-3613047648-360800158-516
[2008/11/11 04:55:58, 3] smbd/password.c:register_vuid(280)
  User name: MYCHARTS\rpt01$    Real name: RPT01$
[2008/11/11 04:55:58, 3] smbd/password.c:register_vuid(301)
  UNIX uid 2111 is UNIX user MYCHARTS\rpt01$, and will be vuid 101
[2008/11/11 04:55:58, 3] smbd/password.c:register_vuid(332)
  Adding homes service for user 'MYCHARTS\rpt01$' using home directory:
'/home/rpt01_'
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 2 of length 78
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBtconX (pid 22078) conn 0x0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] lib/access.c:check_access(312)
  check_access: no hostnames in host allow/deny list.
[2008/11/11 04:55:58, 2] lib/access.c:check_access(323)
  Allowed connection from  (192.168.10.73)
[2008/11/11 04:55:58, 3] smbd/service.c:make_connection_snum(806)
  Connect path is '/tmp' for service [IPC$]
[2008/11/11 04:55:58, 3] lib/util_seaccess.c:se_access_check(250)
[2008/11/11 04:55:58, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is
S-1-5-21-1387643762-3613047648-360800158-1111
  se_access_check: also S-1-5-21-1387643762-3613047648-360800158-516
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-5-9
[2008/11/11 04:55:58, 3] smbd/vfs.c:vfs_init_default(95)
  Initialising default vfs hooks
[2008/11/11 04:55:58, 3] smbd/vfs.c:vfs_init_custom(128)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2008/11/11 04:55:58, 3] lib/util_seaccess.c:se_access_check(250)
[2008/11/11 04:55:58, 3] lib/util_seaccess.c:se_access_check(251)
  se_access_check: user sid is
S-1-5-21-1387643762-3613047648-360800158-1111
  se_access_check: also S-1-5-21-1387643762-3613047648-360800158-516
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-11
  se_access_check: also S-1-5-9
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (2111, 1516) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/service.c:make_connection_snum(1033)
  192.168.10.73 (192.168.10.73) connect to service IPC$ initially as
user MYCHARTS\rpt01$ (uid=2111, gid=1516) (pid 22078)
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/reply.c:reply_tcon_and_X(574)
  tconX service=IPC$
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 3 of length 110
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBtrans2 (pid 22078) conn 0x9ba1680
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (2111, 1516) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/msdfs.c:get_referred_path(633)
  get_referred_path: |ftp_site001| in dfs path \ha03\ftp_site001 is not
a dfs root.
[2008/11/11 04:55:58, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/trans2.c(6259) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 4 of length 1896
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBsesssetupX (pid 22078) conn 0x0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1253)
  wct=12 flg2=0xc807
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
  Doing spnego session setup
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
  NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 R2 5.2]
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1623
[2008/11/11 04:55:58, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2008/11/11 04:55:58, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity
check failed)
[2008/11/11 04:55:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2008/11/11 04:55:58, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 5 of length 110
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBtrans2 (pid 22078) conn 0x9ba1680
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (2111, 1516) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/msdfs.c:get_referred_path(633)
  get_referred_path: |ftp_site001| in dfs path \ha03\ftp_site001 is not
a dfs root.
[2008/11/11 04:55:58, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/trans2.c(6259) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 6 of length 1896
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBsesssetupX (pid 22078) conn 0x0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1253)
  wct=12 flg2=0xc807
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
  Doing spnego session setup
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
  NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 R2 5.2]
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1623
[2008/11/11 04:55:58, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2008/11/11 04:55:58, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity
check failed)
[2008/11/11 04:55:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2008/11/11 04:55:58, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 7 of length 110
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBtrans2 (pid 22078) conn 0x9ba1680
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (2111, 1516) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/msdfs.c:get_referred_path(633)
  get_referred_path: |ftp_site001| in dfs path \ha03\ftp_site001 is not
a dfs root.
[2008/11/11 04:55:58, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/trans2.c(6259) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
[2008/11/11 04:55:58, 3] smbd/process.c:process_smb(1069)
  Transaction 8 of length 1896
[2008/11/11 04:55:58, 3] smbd/process.c:switch_message(927)
  switch message SMBsesssetupX (pid 22078) conn 0x0
[2008/11/11 04:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1253)
  wct=12 flg2=0xc807
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
  Doing spnego session setup
[2008/11/11 04:55:58, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
  NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 R2 5.2]
[2008/11/11 04:55:58, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1623
[2008/11/11 04:55:58, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2008/11/11 04:55:58, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity
check failed)
[2008/11/11 04:55:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2008/11/11 04:55:58, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/11/11 04:56:01, 3] smbd/process.c:process_smb(1069)
  Transaction 9 of length 110
[2008/11/11 04:56:01, 3] smbd/process.c:switch_message(927)
  switch message SMBtrans2 (pid 22078) conn 0x9ba1680
[2008/11/11 04:56:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (2111, 1516) - sec_ctx_stack_ndx = 0
[2008/11/11 04:56:01, 3] smbd/msdfs.c:get_referred_path(633)
  get_referred_path: |ftp_site001| in dfs path \ha03\ftp_site001 is not
a dfs root.
[2008/11/11 04:56:01, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/trans2.c(6259) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
[2008/11/11 04:56:01, 3] smbd/process.c:process_smb(1069)
  Transaction 10 of length 1896
[2008/11/11 04:56:01, 3] smbd/process.c:switch_message(927)
  switch message SMBsesssetupX (pid 22078) conn 0x0
[2008/11/11 04:56:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:56:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1253)
  wct=12 flg2=0xc807
[2008/11/11 04:56:01, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
  Doing spnego session setup
[2008/11/11 04:56:01, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
  NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 R2 5.2]
[2008/11/11 04:56:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1623
[2008/11/11 04:56:01, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(279)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2008/11/11 04:56:01, 3] libads/kerberos_verify.c:ads_verify_ticket(427)
  ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity
check failed)
[2008/11/11 04:56:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2008/11/11 04:56:01, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(318) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/11/11 04:56:09, 3] smbd/process.c:process_smb(1069)
  Transaction 11 of length 43
[2008/11/11 04:56:09, 3] smbd/process.c:switch_message(927)
  switch message SMBulogoffX (pid 22078) conn 0x0
[2008/11/11 04:56:09, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:56:09, 3] smbd/reply.c:reply_ulogoffX(1560)
  ulogoffX vuid=101
[2008/11/11 04:56:09, 3] smbd/process.c:process_smb(1069)
  Transaction 12 of length 39
[2008/11/11 04:56:09, 3] smbd/process.c:switch_message(927)
  switch message SMBtdis (pid 22078) conn 0x9ba1680
[2008/11/11 04:56:09, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:56:09, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:56:09, 3] smbd/service.c:close_cnum(1230)
  192.168.10.73 (192.168.10.73) closed connection to service IPC$
[2008/11/11 04:56:09, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to IPC$
[2008/11/11 04:56:09, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:56:09, 3] smbd/process.c:timeout_processing(1329)
  timeout_processing: End of file from client (client has disconnected).
[2008/11/11 04:56:09, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 04:56:09, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2008/11/11 04:56:09, 3] smbd/server.c:exit_server_common(772)
  Server exit (normal exit)
 
Other Info:
 
Samba version: 3.0.28
 
smb.conf
#======================= Global Settings
=====================================
[global]
   unix charset = LOCALE
   workgroup = MYCHARTS
   netbios name = HA03
   realm = MYCHARTS.MD
   server string = Linux Server
   security = ADS
   username map = /etc/samba/smbusers
   log level = 3
   syslog = 0
   log file = /var/log/samba/%m.log
   max log size = 50
   printcap name = /etc/printcap
   ldap ssl = no
   allow trusted domains = no
   idmap domains = MYCHARTS
   idmap config MYCHARTS: default = yes
   idmap config MYCHARTS: backend = rid
   idmap config MYCHARTS: range = 1000-100000000
   idmap alloc config: range = 1000-100000000
   winbind nested groups = yes
   ;template primary group = "Domain Users"
   ;template shell = /bin/bash
   template shell = /bin/false
   template homedir = /home/%U
   winbind use default domain = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no
   hosts allow = 192.168.5. 192.168.10. 192.168.15. 172.16. 127. 10.
   load printers = no
   cups options = raw
   hide dot files = yes
   short preserve case = no
;   printing = cups
;   encrypt passwords = yes
;   smb passwd file = /etc/samba/smbpasswd
;   unix password sync = Yes
;   passwd program = /usr/bin/passwd %u
;   include = /etc/samba/smb.conf.%m
;   interfaces = 192.168.12.2/24 192.168.13.2/24
;   remote browse sync = 192.168.3.25 192.168.5.255
;   remote announce = 192.168.1.255 192.168.2.44
;   local master = no
;   os level = 33
;   domain master = yes
;   preferred master = yes
;   domain logons = yes
;   logon script = %m.bat
;   logon script = %U.bat
;   logon path = \\%L\Profiles\%U
;   name resolve order = wins lmhosts bcast
;   wins support = yes
;   wins server = w.x.y.z
;   wins proxy = yes
;   preserve case = no
;   default case = lower
;   case sensitive = no
;   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n *passwd:*all*authentication*tokens*updated*successfully*
 
#============================ Share Definitions
==============================
 
[ftp_site001]
    path = /ha_ftp/site001
    valid users = MYCHARTS\site001_group
    public = no
    writeable = yes
    printable = no
 
#================================= END
==================================
 

My Diagnostic steps:
 
NOTE: The AD user's name is 'root' and he is a member of the AD group
'site001_users'
 
The server is joined to the domain...
 
[root at ha03 samba]# net ads testjoin -U root
Join is OK
 
The filesystem permissions are correct...
 
[root at ha03 ha_ftp]# ls -ald /ha_ftp/site001
drwxrwx--- 3 root site001_group 4096 Nov  6 07:48 /ha_ftp/site001
 
The numeric GID of the group that has permissions to the directory is
'4686'...
 
[root at ha03 ha_ftp]# ls -aldn /ha_ftp/site001
drwxrwx--- 3 0 4686 4096 Nov  6 07:48 /ha_ftp/site001
 
The Windows SID for this group is
S-1-5-21-1387643762-3613047648-360800158-3686
 
[root at ha03 ha_ftp]# wbinfo --gid-to-sid=4686
S-1-5-21-1387643762-3613047648-360800158-3686
 
This is expected. The RID base specified in smb.conf is 1000, so
3686+1000=4686
 
The Windows SID maps to the expected group name...
 
[root at ha03 ha_ftp]# wbinfo --sid-to-name
S-1-5-21-1387643762-3613047648-360800158-3686
MYCHARTS\site001_group 2
 
The user's UID is 2112
 
[root at ha03 ha_ftp]# wbinfo -i "mycharts\root"
root:*:2112:1513:root:/home/root:/bin/false
 
That UID maps to the the Windows SID
S-1-5-21-1387643762-3613047648-360800158-1112
 
[root at ha03 ha_ftp]# wbinfo --uid-to-sid 2112
S-1-5-21-1387643762-3613047648-360800158-1112
 
This is also expected, as 1112+1000=2112
 
This SID maps to the right name...
 
[root at ha03 ha_ftp]# wbinfo --sid-to-name
S-1-5-21-1387643762-3613047648-360800158-1112
MYCHARTS\root 1
 
The MYCHARTS\root user is a member of the site_001 group...
 
[root at ha03 ha_ftp]# wbinfo -r "mycharts\root"
4686
 
The MYCHARTS\root user authenticates on the domain...
 
[root at ha03 ha_ftp]# wbinfo -a "mycharts\root"%<censored>
plaintext password authentication succeeded
challenge/response password authentication succeeded
 
The MYCHARTS\root user authenticates to the domain using Kerberos...
 
[root at ha03 ha_ftp]# wbinfo -K "mycharts\root"%<censored>]
plaintext kerberos password authentication for [mycharts\<censored>]
succeeded (requesting cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0
 
# /etc/nsswitch.conf
 
passwd:     files winbind
shadow:     files winbind
group:      files winbind
 
hosts:      files dns wins winbind
networks:   files dns
 
bootparams: files
ethers:     files
netmasks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  files
automount:  files
aliases:    files
 
 
 
Stuff I've tried:
 
-- Removed the Linux server from the AD domain
-- Stopped samba and winbind
-- Uninstalled samba
-- Deleted the samba and winbind cache folder /var/cache/samba
-- Reinstalled samba
-- Joined to the domain
-- Restarted winbind
 
No luck!
 
I'm sure I'm just missing something really simple and stupid...
 

--
Eric Robinson




Disclaimer - November 11, 2008 
This email and any files transmitted with it are confidential and intended solely for samba at lists.samba.org. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although  has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. 
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/


More information about the samba mailing list