[Samba] AD auth with lowercase domain name
Mark Adams
mark at campbell-lange.net
Sun Aug 23 05:40:36 MDT 2009
All,
I've managed to correct this -- It ended up being a permissions problem
on the root of the XFS share. Permissions weren't being taken for some
reason.
However remounting this on a different device ID (sdb1, this is a vm so
its easy to do that..) and resetting permissions it works.
Regards
On Sat, Aug 22, 2009 at 11:35:21PM +0100, Mark Adams wrote:
> Hi All,
>
> I'm having issues getting Samba/Winbind to work with a domain that is
> lowercase. I have read on some sites that it won't work, is this the
> case?
>
> system is Debian lenny, samba 3.2.5-4. Windows server is 2003 running AD
> in 2000 native mode.
>
> I've done everything I would normally do that my running samba/ad
> authing servers do, and wbinfo -u + wbinfo -g work fine, as do the
> getent commands. However when using the following samba config....
>
> [Projects2]
> comment = Projects2 Share
> path = /shares/projects2
> browseable = yes
> valid users = @URBAN/allstaff
> write list = @URBAN/allstaff
> force group = @URBAN/allstaff
>
> I just get the following in the logs.. (set to 9)
>
> [2009/08/22 23:20:04, 3] winbindd/winbindd_misc.c:winbindd_ping(736)
> [ 2187]: ping
> [2009/08/22 23:20:04, 3] winbindd/winbindd_sid.c:winbindd_sid_to_gid(296)
> [ 2187]: sid to gid S-1-5-21-329002810-2570585304-4148547159-1721
> [2009/08/22 23:20:04, 7] winbindd/winbindd_idmap.c:winbindd_sid2gid_async(363)
> winbindd_sid2gid_async: Resolving S-1-5-21-329002810-2570585304-4148547159-1721 to a gid
> [2009/08/22 23:20:04, 3] winbindd/winbindd_sid.c:winbindd_sid_to_gid(296)
> [ 2187]: sid to gid S-1-5-32-545
> [2009/08/22 23:20:04, 7] winbindd/winbindd_idmap.c:winbindd_sid2gid_async(363)
> winbindd_sid2gid_async: Resolving S-1-5-32-545 to a gid
> [2009/08/22 23:20:04, 3] winbindd/winbindd_sid.c:winbindd_lookupname(102)
> [ 2187]: lookupname Unix User\root
> [2009/08/22 23:20:04, 3] winbindd/winbindd_sid.c:winbindd_lookupname(102)
> [ 2187]: lookupname URBAN\allstaff
> [2009/08/22 23:20:04, 3] winbindd/winbindd_sid.c:winbindd_lookupname(102)
> [ 2187]: lookupname URBAN\allstaff
>
> I've tried using a different seperator (+), also winbind use default
> domain = no (which shows the group as urban\allstaff) then setting the
> config to lowercase. None of this works.
>
> The machine which is trying to log in get's the following log;
>
> [2009/08/22 23:28:54, 6] smbd/process.c:process_smb(1546)
> got message type 0x0 of len 0x27
> [2009/08/22 23:28:54, 3] smbd/process.c:process_smb(1549)
> Transaction 15 of length 43 (0 toread)
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(642)
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(652)
> size=39
> smb_com=0x74
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=24
> smb_flg2=51207
> smb_tid=0
> smb_pid=65279
> smb_uid=101
> smb_mid=960
> smt_wct=2
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_bcc=0
> [2009/08/22 23:28:54, 3] smbd/process.c:switch_message(1361)
> switch message SMBulogoffX (pid 2192) conn 0x0
> [2009/08/22 23:28:54, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_nt_user_token(464)
> NT user token: (NULL)
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_unix_user_token(490)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/08/22 23:28:54, 5] smbd/uid.c:change_to_root_user(287)
> change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/08/22 23:28:54, 3] smbd/reply.c:reply_ulogoffX(1910)
> ulogoffX vuid=101
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(642)
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(652)
> size=39
> smb_com=0x74
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=65279
> smb_uid=101
> smb_mid=960
> smt_wct=2
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_bcc=0
> [2009/08/22 23:28:54, 6] smbd/process.c:process_smb(1546)
> got message type 0x0 of len 0x23
> [2009/08/22 23:28:54, 3] smbd/process.c:process_smb(1549)
> Transaction 16 of length 39 (0 toread)
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(642)
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(652)
> size=35
> smb_com=0x71
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=24
> smb_flg2=51207
> smb_tid=1
> smb_pid=65279
> smb_uid=101
> smb_mid=1024
> smt_wct=0
> smb_bcc=0
> [2009/08/22 23:28:54, 3] smbd/process.c:switch_message(1361)
> switch message SMBtdis (pid 2192) conn 0x2224aa0
> [2009/08/22 23:28:54, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_nt_user_token(464)
> NT user token: (NULL)
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_unix_user_token(490)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/08/22 23:28:54, 5] smbd/uid.c:change_to_root_user(287)
> change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/08/22 23:28:54, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_nt_user_token(464)
> NT user token: (NULL)
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_unix_user_token(490)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/08/22 23:28:54, 5] smbd/uid.c:change_to_root_user(287)
> change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/08/22 23:28:54, 3] smbd/service.c:close_cnum(1405)
> wtsec1070 (::ffff:10.0.0.44) closed connection to service IPC$
> [2009/08/22 23:28:54, 3] smbd/connection.c:yield_connection(31)
> Yielding connection to IPC$
> [2009/08/22 23:28:54, 4] smbd/vfs.c:vfs_ChDir(733)
> vfs_ChDir to /
> [2009/08/22 23:28:54, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_nt_user_token(464)
> NT user token: (NULL)
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_unix_user_token(490)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/08/22 23:28:54, 5] smbd/uid.c:change_to_root_user(287)
> change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(642)
> [2009/08/22 23:28:54, 5] lib/util.c:show_msg(652)
> size=35
> smb_com=0x71
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51201
> smb_tid=1
> smb_pid=65279
> smb_uid=101
> smb_mid=1024
> smt_wct=0
> smb_bcc=0
> [2009/08/22 23:28:54, 5] lib/util_sock.c:read_socket_with_timeout(928)
> read_socket_with_timeout: blocking read. EOF from client.
> [2009/08/22 23:28:54, 3] smbd/process.c:smbd_process(2035)
> receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
> [2009/08/22 23:28:54, 5] lib/gencache.c:gencache_shutdown(93)
> Closing cache file
> [2009/08/22 23:28:54, 5] libsmb/namecache.c:namecache_shutdown(81)
> namecache_shutdown: netbios namecache closed successfully.
> [2009/08/22 23:28:54, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_nt_user_token(464)
> NT user token: (NULL)
> [2009/08/22 23:28:54, 5] auth/token_util.c:debug_unix_user_token(490)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2009/08/22 23:28:54, 5] smbd/uid.c:change_to_root_user(287)
> change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/08/22 23:28:54, 3] smbd/connection.c:yield_connection(31)
> Yielding connection to
> [2009/08/22 23:28:54, 3] smbd/server.c:exit_server_common(949)
> Server exit (normal exit)
>
> Any help on this would be GREATLY appreciated!
>
> Best Regards,
> Mark
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list