[Samba] Regedit

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Dec 11 09:27:17 MST 2009 

On 12/10/09 14:39, Nick Pappin wrote:
> On Tue, Dec 8, 2009 at 4:40 PM, Nick Pappin<npappin at latahfcu.org>  wrote:
>
>    
>> Hey Everyone,
>>       So here is what is going on I have two computers on the same network
>> that are both connected to the PDC of a samba domain (on the same network
>> segment):
>>
>>
>>                            ____________________________________________
>>                            |
>> |                                     |
>>                            |
>> |                                     |
>>                     _________
>> _________                        ______
>>                    |   comp1   |                      |  comp2    |
>>                       |  PDC  |
>>                     ---------------
>> ---------------                         ----------
>>
>> Now when i try to connect to the registry of comp1 from comp2 I get an
>> error saying i don't have permission to connect using the domain
>> administrator account. This also coincides with a name mismatch error:
>>
>> [2009/12/08 16:10:43,  0] lib/util_sock.c:matchname(1721)
>>    matchname: host name/name mismatch: FOO != FOO.bar.com
>>
>> Could this be causing my problem and how should I troubleshoot this
>> problem. Any ideas would be greatly appreciated.
>>
>> Thanks,
>> Nick
>>
>>
>>      
> Hi everyone,
>        I have fixed the mismatch error but it still isn't working I was
> hoping someone could help me. From what I can tell in the logs I am
> authenticating on the machine however then I see a wrong password entry.
> Could someone please explain to me what is going on.
>
> I have attached a level 2 log file if you need higher I can do that as well.
>
>
>
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>    init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
>    init_group_from_ldap: Entry found for group: 512
> [2009/12/10 11:21:49,  2] auth/auth.c:check_ntlm_password(308)
>    check_ntlm_password:  authentication for user [root] ->  [root] ->  [root]
> succeeded
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>    init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49,  0] lib/util_sock.c:matchname(1749)
>    matchname: host name/address mismatch: ::ffff:192.168.1.200 != it0
> [2009/12/10 11:21:49,  0] lib/util_sock.c:get_peer_name(1870)
>    Matchname failed on it0 ::ffff:192.168.1.200
> [2009/12/10 11:21:49,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>    Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>    Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>    Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>    Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49,  2] smbd/sesssetup.c:setup_new_vc_session(1368)
>    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
> old resources.
> [2009/12/10 11:21:49,  2] smbd/sesssetup.c:setup_new_vc_session(1368)
>    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
> old resources.
> [2009/12/10 11:21:49,  2] lib/smbldap.c:smbldap_open_connection(856)
>    smbldap_open_connection: connection opened
> [2009/12/10 11:21:49,  2] lib/module.c:do_smb_load_module(64)
>    Module '/usr/lib64/samba/vfs/full_audit.so' loaded
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>    init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
>    init_ldap_from_sam: Setting entry for user: root
> [2009/12/10 11:21:49,  2] auth/auth.c:check_ntlm_password(318)
>    check_ntlm_password:  Authentication for user [Administrator] ->  [root]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>    init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
>    init_group_from_ldap: Entry found for group: 512
> [2009/12/10 11:21:49,  2] auth/auth.c:check_ntlm_password(308)
>    check_ntlm_password:  authentication for user [root] ->  [root] ->  [root]
> succeeded
> [2009/12/10 11:21:49,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>    init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49,  2] auth/auth.c:check_ntlm_password(308)
>    check_ntlm_password:  authentication for user [root] ->  [root] ->  [root]
> succeeded
> [2009/12/10 11:21:54,  2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>    init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:54,  2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
>    init_ldap_from_sam: Setting entry for user: root
> [2009/12/10 11:21:54,  2] auth/auth.c:check_ntlm_password(318)
>    check_ntlm_password:  Authentication for user [Administrator] ->  [root]
> FAILED with error NT_STATUS_WRONG_PASSWORD
>
>
> Thank you for your time,
> --
> Nick
>    

Did you map the Administrator account to the root account?

I would try either creating an Administrator account in unix and not 
have the mapping or try adding another WIndows account to the domain 
admin group and seeing if that account can to the remote registry 
management.


If you log in to a PC as a Domain Administrator, are you able to do 
Administrative things like adding local users?

More information about the samba mailing list