[Samba] Regedit
Nick Pappin
npappin at latahfcu.org
Mon Dec 14 11:34:05 MST 2009
On Fri, Dec 11, 2009 at 8:27 AM, Gaiseric Vandal
<gaiseric.vandal at gmail.com>wrote:
> On 12/10/09 14:39, Nick Pappin wrote:
>
>> On Tue, Dec 8, 2009 at 4:40 PM, Nick Pappin<npappin at latahfcu.org> wrote:
>>
>>
>>
>>> Hey Everyone,
>>> So here is what is going on I have two computers on the same network
>>> that are both connected to the PDC of a samba domain (on the same network
>>> segment):
>>>
>>>
>>> ____________________________________________
>>> |
>>> | |
>>> |
>>> | |
>>> _________
>>> _________ ______
>>> | comp1 | | comp2 |
>>> | PDC |
>>> ---------------
>>> --------------- ----------
>>>
>>> Now when i try to connect to the registry of comp1 from comp2 I get an
>>> error saying i don't have permission to connect using the domain
>>> administrator account. This also coincides with a name mismatch error:
>>>
>>> [2009/12/08 16:10:43, 0] lib/util_sock.c:matchname(1721)
>>> matchname: host name/name mismatch: FOO != FOO.bar.com
>>>
>>> Could this be causing my problem and how should I troubleshoot this
>>> problem. Any ideas would be greatly appreciated.
>>>
>>> Thanks,
>>> Nick
>>>
>>>
>>>
>>>
>> Hi everyone,
>> I have fixed the mismatch error but it still isn't working I was
>> hoping someone could help me. From what I can tell in the logs I am
>> authenticating on the machine however then I see a wrong password entry.
>> Could someone please explain to me what is going on.
>>
>> I have attached a level 2 log file if you need higher I can do that as
>> well.
>>
>>
>>
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
>> init_group_from_ldap: Entry found for group: 512
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
>> check_ntlm_password: authentication for user [root] -> [root] ->
>> [root]
>> succeeded
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 0] lib/util_sock.c:matchname(1749)
>> matchname: host name/address mismatch: ::ffff:192.168.1.200 != it0
>> [2009/12/10 11:21:49, 0] lib/util_sock.c:get_peer_name(1870)
>> Matchname failed on it0 ::ffff:192.168.1.200
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all
>> old resources.
>> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all
>> old resources.
>> [2009/12/10 11:21:49, 2] lib/smbldap.c:smbldap_open_connection(856)
>> smbldap_open_connection: connection opened
>> [2009/12/10 11:21:49, 2] lib/module.c:do_smb_load_module(64)
>> Module '/usr/lib64/samba/vfs/full_audit.so' loaded
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
>> init_ldap_from_sam: Setting entry for user: root
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(318)
>> check_ntlm_password: Authentication for user [Administrator] -> [root]
>> FAILED with error NT_STATUS_WRONG_PASSWORD
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
>> init_group_from_ldap: Entry found for group: 512
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
>> check_ntlm_password: authentication for user [root] -> [root] ->
>> [root]
>> succeeded
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
>> check_ntlm_password: authentication for user [root] -> [root] ->
>> [root]
>> succeeded
>> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
>> init_ldap_from_sam: Setting entry for user: root
>> [2009/12/10 11:21:54, 2] auth/auth.c:check_ntlm_password(318)
>> check_ntlm_password: Authentication for user [Administrator] -> [root]
>> FAILED with error NT_STATUS_WRONG_PASSWORD
>>
>>
>> Thank you for your time,
>> --
>> Nick
>>
>>
>
> Did you map the Administrator account to the root account?
>
> I would try either creating an Administrator account in unix and not have
> the mapping or try adding another WIndows account to the domain admin group
> and seeing if that account can to the remote registry management.
>
>
> If you log in to a PC as a Domain Administrator, are you able to do
> Administrative things like adding local users?
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Yes I have set up a username map. When I log into the PC as a Domain
Administrator I am able to connect to remote machines registry. I did forget
to mention that I am using an ldap backend so my Administrator and root
accounts are one in the same. However when I log in as a local administrator
and try to use domain credentials it fails to work.
--
Nick
More information about the samba
mailing list