[Samba] Compile 3.5.4 on Opensolaris snv_134
Mārcis Lielturks
marcis.lielturks at gmail.com
Thu Jul 22 02:13:40 MDT 2010
Hi!
Ok, I now have compiled samba, that can join domain. Only thing, compiled
before samba, is MIT Kerberos v5 (notice no LDAP!).
* net ads join - WORKS
* wbinfo -u/-g/-m - WORKS
* nsswitch.conf entries are as follows
passwd: files winbind
group: files winbind
* smbd, nmbd, winbind - RUNNING
* id DOMAIN+user - DOESN'T WORK
* connecting to shares - DOESN'T WORK
What I see in the logs (and on CLI if running with "-FiS") is that samba
(and UNIXs "id") is having trouble getting user information from winbind. I
cannot access shares as domain admin and manage shares when connecting to
samba server from "manage computer" dialog.
Were to look/debug next? Recompile it with newest GNUs gettext and libiconv?
Try to fix the socket options problems?
When tracing smbd with "truss smbd -d10 -FiS" I see some unsuccessfull stats
for nss_winbind.so.1 library (I compiled without --enable-nss-wrapper). For
now I'll try to recompile with this option and see what happens.
21017: write(1, " T r y i n g _ G e t _".., 60) = 60
21017: getuid() = 0 [0]
21017: getuid() = 0 [0]
21017: open64("/var/run/name_service_door", O_RDONLY) Err#2 ENOENT
21017: open("/etc/passwd", O_RDONLY) = 32
21017: fstat64(32, 0x080466C0) = 0
21017: fstat64(32, 0x080465D0) = 0
21017: ioctl(32, TCGETA, 0x08046670) Err#25 ENOTTY
21017: read(32, " r o o t : x : 0 : 0 : S".., 1536) = 1255
21017: read(32, 0x0893096C, 1536) = 0
21017: llseek(32, 0, SEEK_CUR) = 1255
21017: close(32) = 0
21017: stat64("/opt/samba/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT
21017: stat64("/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT
21017: stat64("/usr/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT
Checking combinations of 0 uppercase letters in administrator
21017: write(1, " C h e c k i n g c o m".., 62) = 62
Get_Pwnam_internals didn't find user [Administrator]!
21017: write(1, " G e t _ P w n a m _ i n".., 54) = 54
21017: getpid() = 21017 [21016]
21017: getpid() = 21017 [21016]
21017: pollsys(0x08044B50, 1, 0x08044C68, 0x00000000) = 0
21017: write(18, " 0\b\0\0 %\0\0\0\0\0\0\0".., 2096) = 2096
21017: pollsys(0x080445C0, 1, 0x080446D8, 0x00000000) = 1
21017: read(18, "A8\r\0\002\0\0\0\0\0\0\0".., 3496) = 3496
Username PROSERVE+Administrator is invalid on this system
21017: write(1, " T r y i n g _ G e t _".., 60) = 60
21017: getuid() = 0 [0]
21017: getuid() = 0 [0]
21017: open64("/var/run/name_service_door", O_RDONLY) Err#2 ENOENT
21017: open("/etc/passwd", O_RDONLY) = 32
21017: fstat64(32, 0x080466C0) = 0
21017: fstat64(32, 0x080465D0) = 0
21017: ioctl(32, TCGETA, 0x08046670) Err#25 ENOTTY
21017: read(32, " r o o t : x : 0 : 0 : S".., 1536) = 1255
21017: read(32, 0x0893096C, 1536) = 0
21017: llseek(32, 0, SEEK_CUR) = 1255
21017: close(32) = 0
21017: stat64("/opt/samba/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT
21017: stat64("/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT
21017: stat64("/usr/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT
Checking combinations of 0 uppercase letters in administrator
21017: write(1, " C h e c k i n g c o m".., 62) = 62
Get_Pwnam_internals didn't find user [Administrator]!
21017: write(1, " G e t _ P w n a m _ i n".., 54) = 54
21017: getpid() = 21017 [21016]
21017: getpid() = 21017 [21016]
21017: pollsys(0x08044B50, 1, 0x08044C68, 0x00000000) = 0
21017: write(18, " 0\b\0\0 %\0\0\0\0\0\0\0".., 2096) = 2096
21017: pollsys(0x080445C0, 1, 0x080446D8, 0x00000000) = 1
21017: read(18, "A8\r\0\002\0\0\0\0\0\0\0".., 3496) = 3496
Username PROSERVE+Administrator is invalid on this system
bored is the machine I tried to connect to shares from
==> var/bored.log <==
[2010/07/22 10:34:52.985835, 5] lib/util_sock.c:462(read_fd_with_timeout)
read_fd_with_timeout: blocking read. EOF from client.
[2010/07/22 10:34:52.985936, 10] smbd/process.c:286(receive_smb_raw_talloc)
receive_smb_raw: NT_STATUS_END_OF_FILE
[2010/07/22 10:34:52.985982, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/07/22 10:34:52.986022, 5] auth/token_util.c:525(debug_nt_user_token)
NT user token: (NULL)
[2010/07/22 10:34:52.986060, 5]
auth/token_util.c:551(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2010/07/22 10:34:52.986130, 5] smbd/uid.c:369(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2010/07/22 10:34:52.986198, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2010/07/22 10:34:52.986272, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked)
Locking key 8E410000FFFFFFFF0000
[2010/07/22 10:34:52.986331, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked)
Allocated locked data 0x891ff50
[2010/07/22 10:34:52.986397, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
Unlocking key 8E410000FFFFFFFF0000
[2010/07/22 10:34:52.986571, 3] smbd/server.c:902(exit_server_common)
Server exit (failed to receive smb request)
==> var/winbindd.log <==
[2010/07/22 10:34:41.543123, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 22
[2010/07/22 10:34:41.543235, 10] winbindd/winbindd.c:620(process_request)
process_request: request fn INTERFACE_VERSION
[2010/07/22 10:34:41.543277, 3]
winbindd/winbindd_misc.c:352(winbindd_interface_version)
[16782]: request interface version
[2010/07/22 10:34:41.543343, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[16782:INTERFACE_VERSION]: deliverd
response to client
[2010/07/22 10:34:41.543410, 10] winbindd/winbindd.c:620(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2010/07/22 10:34:41.543450, 3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)
[16782]: request location of privileged pipe
[2010/07/22 10:34:41.543525, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[16782:WINBINDD_PRIV_PIPE_DIR]: deliverd
response to client
[2010/07/22 10:34:41.543615, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 24
[2010/07/22 10:34:41.543686, 10] winbindd/winbindd.c:593(process_request)
process_request: Handling async request 16782:PING
[2010/07/22 10:34:41.543733, 10] winbindd/winbindd.c:655(wb_request_done)
wb_request_done[16782:PING]: NT_STATUS_OK
[2010/07/22 10:34:41.543795, 10]
winbindd/winbindd.c:716(winbind_client_response_written)
winbind_client_response_written[16782:PING]: deliverd response to client
[2010/07/22 10:34:41.543857, 6]
winbindd/winbindd.c:816(winbind_client_request_read)
closing socket 22, client exited
[2010/07/22 10:34:47.643788, 6] winbindd/winbindd.c:768(new_connection)
accepted socket 22
[2010/07/22 10:34:47.643895, 2]
winbindd/winbindd.c:819(winbind_client_request_read)
Could not read client request from fd 22: I/O error
[2010/07/22 10:34:52.988128, 6]
winbindd/winbindd.c:816(winbind_client_request_read)
closing socket 24, client exited
in mean time samba.log is throwing out following
[2010/07/22 10:34:41.462806, 5] lib/util_sock.c:304(print_socket_options)
Socket options:
SO_KEEPALIVE = 8
SO_REUSEADDR = 4
SO_BROADCAST = 0
TCP_NODELAY = 1
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 49152
SO_RCVBUF = 64240
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
[2010/07/22 10:34:41.463146, 5] lib/util_sock.c:304(print_socket_options)
Socket options:
SO_KEEPALIVE = 8
SO_REUSEADDR = 4
SO_BROADCAST = 0
TCP_NODELAY = 1
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 49152
SO_RCVBUF = 64240
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
my smb.conf
[global]
server string = Cepure
log file = /opt/samba/var/%m.log
log level = 10
max log size = 1024
passwd chat timeout=10
load printers = no
netbios name = cepure
;security = user
security = ADS
workgroup = PROSERVE
realm = PROSERVE.COM
encrypt passwords = yes
;password server = bored.proserve.com
local master = no
domain master = no
;client ntlmv2 auth = Yes
;client lanman auth = Yes
;client plaintext auth = Yes
;lanman auth = Yes
;client use spnego = no
;ldap connection timeout = 10
;ldap ssl = no
;max stat cache size = 1024
;kerberos method = system keytab
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
idmap uid = 10000 - 30000
idmap gid = 10000 - 30000
;case sensitive = yes
;default case = upper
;preserve case = yes
;short preserve case = yes
;vfs objects = zfsacl
;nfs4: mode = special
;nfs4: acedup = merge
[SAMBA]
path = /SAMBA
admin users = @"PROSERVE+domain admins" PROSERVE+administrator
read only = no
comment = test share
guest ok = yes
On 20 July 2010 10:27, Mārcis Lielturks <marcis.lielturks at gmail.com> wrote:
> Hi!
>
> I'm still stuck at the point where samba compiles, but I cannot join
> domain. I see "SPNEGO login failure" when using debug level 3 and "failed to
> lookup DC info for domain 'DOMAIN.COM' over rpc: Logon failure" on STDOUT.
>
> I have compiled:
>
> - openssl 0.9.8o
> - openldap 2.4.21
> - MIT Kerberos5 1.8.2
> - GNU GSS 0.1.5
> - openssl with kerberos support
> - samba 3.5.4
>
> I'm using sunstudio12.1 cc compiler and gnu make on snv_134. Everything is
> "--prefix'ed" to /opt/samba. I have set CPPFLAGS and LDFLAGS to point to
> /opt/samba/include and /opt/samba/lib
>
>
> 1. Can anyone help on explaining this SPNEGO thing? I suspect that it
> means that samba was unable to negotiate some gssapi related stuff, so I
> might have compiled something wrong.
> 2. Why "struct libnet_JoinCtx" suggests that kerberos won't be used
> (see line marked with arrows)?
>
>
>
> Here's some lines from "net -U domainadmin%pass ads join -d10"
>
> [2010/07/20 09:37:05.413534, 2] lib/interface.c:338(add_interface)
> added interface e1000g0:6 ip=192.168.0.84 bcast=192.168.0.255
> netmask=255.255.255.0
> [2010/07/20 09:37:05.413946, 1] libnet/libnet_join.c:1947(libnet_Join)
>
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> in: struct libnet_JoinCtx
> dc_name : NULL
> machine_name : 'SAMBA-DEV'
> domain_name : *
> domain_name : 'DOMAIN.COM'
>
> account_ou : NULL
> admin_account : 'Administrator'
> admin_password : *
> machine_password : NULL
> join_flags : 0x00000023 (35)
> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> os_version : NULL
> os_name : NULL
> create_upn : 0x00 (0)
> upn : NULL
> modify_config : 0x00 (0)
> ads : NULL
> debug : 0x01 (1)
> ----------> use_kerberos : 0x00 (0)
> <--------------------------------------------------------------------------------------
> secure_channel_type : SEC_CHAN_WKSTA (2)
> ....................SKIP......................
> [2010/07/20 09:37:05.521247, 5]
> libsmb/ntlmssp.c:1196(ntlmssp_client_challenge)
> NTLMSSP challenge set by NTLM2
> [2010/07/20 09:37:05.521259, 5]
> libsmb/ntlmssp.c:1197(ntlmssp_client_challenge)
> challenge is:
> [2010/07/20 09:37:05.521270, 5] ../lib/util/util.c:278(_dump_data)
> [0000] A3 7C 51 9D 27 CF 26 FA .|Q.'.&.
> [2010/07/20 09:37:05.521349, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug)
> &authenticate: struct AUTHENTICATE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmAuthenticate (3)
> LmChallengeResponseLen : 0x0018 (24)
> LmChallengeResponseMaxLen: 0x0018 (24)
> LmChallengeResponse : *
> LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
> v1: struct LM_RESPONSE
> Response :
> 52ef40e69996a2ef00000000000000000000000000000000
> NtChallengeResponseLen : 0x0018 (24)
> NtChallengeResponseMaxLen: 0x0018 (24)
> NtChallengeResponse : *
> NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case
> 24)
> v1: struct NTLM_RESPONSE
> Response :
> dccf3343610fc15a038074885a333ab7ce0d8aef7cd17728
> DomainNameLen : 0x0000 (0)
> DomainNameMaxLen : 0x0000 (0)
> DomainName : *
> DomainName : ''
> UserNameLen : 0x001a (26)
> UserNameMaxLen : 0x001a (26)
> UserName : *
> UserName : 'Administrator'
> WorkstationLen : 0x0012 (18)
> WorkstationMaxLen : 0x0012 (18)
> Workstation : *
> Workstation : 'SAMBA-DEV'
> EncryptedRandomSessionKeyLen: 0x0010 (16)
> EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
> EncryptedRandomSessionKey: *
> EncryptedRandomSessionKey: DATA_BLOB length=16
> [2010/07/20 09:37:05.521558, 10] ../lib/util/util.c:278(_dump_data)
> [0000] 08 5C F1 71 2B 7B 55 BF E7 25 D6 0D F6 E7 E1 31 .\.q+{U.
> .%.....1
> NegotiateFlags : 0x60088215 (1611170325)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 0: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> 0: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> [2010/07/20 09:37:05.521750, 3]
> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
>
> NTLMSSP Sign/Seal - Initialising with flags:
> [2010/07/20 09:37:05.521763, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> [2010/07/20 09:37:05.521921, 10]
> libsmb/smb_signing.c:209(smb_signing_sign_pdu)
> smb_signing_sign_pdu: sent SMB signature of
> [2010/07/20 09:37:05.521935, 10] ../lib/util/util.c:278(_dump_data)
> [0000] 42 53 52 53 50 59 4C 20 BSRSPYL
> [2010/07/20 09:37:05.521956, 6] libsmb/clientgen.c:323(write_socket)
> write_socket(7,270)
> [2010/07/20 09:37:05.521978, 6] libsmb/clientgen.c:326(write_socket)
> write_socket(7,270) wrote 270
> [2010/07/20 09:37:05.558662, 10]
> lib/util_sock.c:726(read_smb_length_return_keepalive)
> got smb length of 35
> [2010/07/20 09:37:05.558704, 5] lib/util.c:617(show_msg)
> [2010/07/20 09:37:05.558715, 5] lib/util.c:620(show_msg)
> size=35
> smb_com=0x73
> smb_rcls=109
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51205
> smb_tid=0
> smb_pid=16481
> smb_uid=2051
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> [2010/07/20 09:37:05.558782, 5] lib/util.c:617(show_msg)
> [2010/07/20 09:37:05.558791, 5] lib/util.c:620(show_msg)
> size=35
> smb_com=0x73
> smb_rcls=109
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51205
> smb_tid=0
> smb_pid=16481
> smb_uid=2051
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> [2010/07/20 09:37:05.559036, 3]
> libsmb/cliconnect.c:1249(cli_session_setup)
>
> SPNEGO login failed: Logon failure
> [2010/07/20 09:37:05.559098, 1]
> libsmb/cliconnect.c:2307(cli_full_connection)
>
> failed session setup with NT_STATUS_LOGON_FAILURE
> [2010/07/20 09:37:05.559256, 1] libnet/libnet_join.c:1978(libnet_Join)
>
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : NULL
> dns_domain_name : NULL
> forest_name : NULL
> dn : NULL
> domain_sid : NULL
> domain_sid : (NULL SID)
> modified_config : 0x00 (0)
> error_string : 'failed to lookup DC info for
> domain 'DOMAIN.COM' over rpc: Logon failure'
>
> domain_is_ad : 0x00 (0)
> result : WERR_LOGON_FAILURE
> Failed to join domain: failed to lookup DC info for domain 'DOMAIN.COM'
> over rpc: Logon failure
>
>
>
> On 19 July 2010 09:42, Marcis Lielturks <marcis.lielturks at gmail.com>wrote:
>
>> Hi!
>>
>> Here's comparison of "net ads join" output, between my first build of
>> samba 3.5.4 that gave "pkcs 11 error" and second build, that is failing with
>> "rpc: Logon failure". Can anyone comment on differences. I'm starting to
>> think, that the "diff -u" output say's that 2nd build is failing sooner than
>> the first build did. As you can see there's a lot of missing lines with
>> "sasl", "ldap" and "krb5".
>>
>> MMM
>>
>>
>> On 07/16/10 04:34 PM, Gaiseric Vandal wrote:
>>
>>> Which version of Samba? I had more trouble with Samba 3.5.x. And I have
>>> never managed to get Samba to compile with sun cc. I figured Samba was
>>> written with gcc in mind.
>>>
>>>
>>> The "failed to lookup DC info for domain 'mydomain.COM' over rpc: Logon
>>> failure' " message is interesting - not sure if you are getting login
>>> errors before lookup errors. Is you samba server configure to use your AD
>>> server as the DNS server? What version of windows is the AD server? What
>>> domain/foreset mode is your AD server in?
>>>
>>> In the "windows" world clients can locate the the login server via
>>> specific resource records in DNS. I don't know if Samba does this do or is
>>> still relying on netbios. I had one AD domain that was in
>>> NT4-compatibility mode and one AD domain that was in Windows 2003 native
>>> mode. Changing the client DNS settings on the samba machine seemed to
>>> help with locating the "2003 native" mode. DC.
>>>
>>>
>>>
>>> On 07/16/2010 05:29 AM, Marcis Lielturks wrote:
>>>
>>>> Hi!
>>>>
>>>> First of all, thanks for replies to all ;)!
>>>>
>>>> Using GCC was a fail for me - too much errors and 2 additional things
>>>> must be compiled (tdb & talloc) . I only managed to compile using Sun's cc
>>>> and gmake and will stick to them. I'm a bit further now. Now I don't get
>>>> PKCS 11 erros, when trying to do "net ads join". I recompiled openldap with
>>>> slapd (but with null backend) and "-lpkcs11" in LDFLAGS (I think this is
>>>> what helped). However now I'm getting following when doing "net ads join"
>>>>
>>>> [2010/07/16 12:16:54, 3] param/loadparm.c:9158(lp_load_ex)
>>>> lp_load_ex: refreshing parameters
>>>> [2010/07/16 12:16:54, 3] param/loadparm.c:4929(init_globals)
>>>> Initialising global parameters
>>>> [2010/07/16 12:16:54, 2] param/loadparm.c:4785(max_open_files)
>>>> rlimit_max: rlimit_max (256) below minimum Windows limit (16384)
>>>> [2010/07/16 12:16:54.047848, 3] ../lib/util/params.c:550(pm_process)
>>>> params.c:pm_process() - Processing configuration file
>>>> "/opt/samba/lib/smb.conf"
>>>> [2010/07/16 12:16:54.047875, 3] param/loadparm.c:7842(do_section)
>>>> Processing section "[global]"
>>>> [2010/07/16 12:16:54.048365, 2] lib/interface.c:338(add_interface)
>>>> added interface e1000g0:3 ip=192.168.0.84 bcast=192.168.0.255
>>>> netmask=255.255.255.0
>>>> [2010/07/16 12:16:54.048517, 1] libnet/libnet_join.c:1947(libnet_Join)
>>>> libnet_Join:
>>>> libnet_JoinCtx: struct libnet_JoinCtx
>>>> in: struct libnet_JoinCtx
>>>> dc_name : NULL
>>>> machine_name : 'SAMBA-DEV'
>>>> domain_name : *
>>>> domain_name : 'mydomain.COM'
>>>> account_ou : NULL
>>>> admin_account : 'Administrator'
>>>> admin_password : *
>>>> machine_password : NULL
>>>> join_flags : 0x00000023 (35)
>>>> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
>>>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>>>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>>>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>>>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>>>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>>>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>>>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>>>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>>>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>>>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>>>> os_version : NULL
>>>> os_name : NULL
>>>> create_upn : 0x00 (0)
>>>> upn : NULL
>>>> modify_config : 0x00 (0)
>>>> ads : NULL
>>>> debug : 0x01 (1)
>>>> use_kerberos : 0x00 (0)
>>>> secure_channel_type : SEC_CHAN_WKSTA (2)
>>>> [2010/07/16 12:17:00.052208, 2] libads/cldap.c:97(ads_cldap_netlogon)
>>>> cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT
>>>> [2010/07/16 12:17:00.141661, 3]
>>>> libsmb/cliconnect.c:2201(cli_start_connection)
>>>> Connecting to host=BORED.mydomain.com
>>>> [2010/07/16 12:17:00.141828, 3]
>>>> lib/util_sock.c:974(open_socket_out_send)
>>>> Connecting to 192.168.0.94 at port 445
>>>> [2010/07/16 12:17:00.143207, 3]
>>>> libsmb/cliconnect.c:991(cli_session_setup_spnego)
>>>> Doing spnego session setup (blob length=107)
>>>> [2010/07/16 12:17:00.143274, 3]
>>>> libsmb/cliconnect.c:1019(cli_session_setup_spnego)
>>>> got OID=1.2.840.48018.1.2.2
>>>> got OID=1.2.840.113554.1.2.2
>>>> got OID=1.2.840.113554.1.2.2.3
>>>> got OID=1.3.6.1.4.1.311.2.2.10
>>>> [2010/07/16 12:17:00.143302, 3]
>>>> libsmb/cliconnect.c:1029(cli_session_setup_spnego)
>>>> got principal=bored$@mydomain.COM
>>>> [2010/07/16 12:17:00.143856, 3]
>>>> libsmb/ntlmssp.c:1101(ntlmssp_client_challenge)
>>>> Got challenge flags:
>>>> [2010/07/16 12:17:00.143870, 3]
>>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>>> Got NTLMSSP neg_flags=0x62898215
>>>> [2010/07/16 12:17:00.143883, 3]
>>>> libsmb/ntlmssp.c:1123(ntlmssp_client_challenge)
>>>> NTLMSSP: Set final flags:
>>>> [2010/07/16 12:17:00.143894, 3]
>>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>>> Got NTLMSSP neg_flags=0x60088215
>>>> [2010/07/16 12:17:00.143984, 3]
>>>> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
>>>> NTLMSSP Sign/Seal - Initialising with flags:
>>>> [2010/07/16 12:17:00.143997, 3]
>>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>>> Got NTLMSSP neg_flags=0x60088215
>>>> [2010/07/16 12:17:00.177128, 3]
>>>> libsmb/cliconnect.c:1249(cli_session_setup)
>>>> SPNEGO login failed: Logon failure
>>>> [2010/07/16 12:17:00.177159, 1]
>>>> libsmb/cliconnect.c:2307(cli_full_connection)
>>>> failed session setup with NT_STATUS_LOGON_FAILURE
>>>> [2010/07/16 12:17:00.177271, 1] libnet/libnet_join.c:1978(libnet_Join)
>>>> libnet_Join:
>>>> libnet_JoinCtx: struct libnet_JoinCtx
>>>> out: struct libnet_JoinCtx
>>>> account_name : NULL
>>>> netbios_domain_name : NULL
>>>> dns_domain_name : NULL
>>>> forest_name : NULL
>>>> dn : NULL
>>>> domain_sid : NULL
>>>> domain_sid : (NULL SID)
>>>> modified_config : 0x00 (0)
>>>> error_string : 'failed to lookup DC info for
>>>> domain 'mydomain.COM' over rpc: Logon failure'
>>>> domain_is_ad : 0x00 (0)
>>>> result : WERR_LOGON_FAILURE
>>>> [2010/07/16 12:17:00.177442, 2] utils/net.c:916(main)
>>>>
>>>>
>>>> Intersting is that if I supply wrong username output doesn't differ
>>>> much. Below you can see differences (I stripped time to be able to use
>>>> diff).
>>>>
>>>> --- pass_ok_stripped.txt 2010-07-16 12:19:11.869234402 +0300
>>>> +++ pass_wrong_stripped.txt 2010-07-16 12:19:22.318101275 +0300
>>>> @@ -19,7 +19,7 @@
>>>> domain_name : *
>>>> domain_name : 'mydomain.COM'
>>>> account_ou : NULL
>>>> - admin_account : 'Administrator'
>>>> + admin_account : 'Adminisdgasgasdtor'
>>>> admin_password : *
>>>> machine_password : NULL
>>>> join_flags : 0x00000023 (35)
>>>> @@ -43,8 +43,6 @@
>>>> debug : 0x01 (1)
>>>> use_kerberos : 0x00 (0)
>>>> secure_channel_type : SEC_CHAN_WKSTA (2)
>>>> - libads/cldap.c:97(ads_cldap_netlogon)
>>>> - cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT
>>>> libsmb/cliconnect.c:2201(cli_start_connection)
>>>> Connecting to host=BORED.ProServe.com
>>>> lib/util_sock.c:974(open_socket_out_send)
>>>>
>>>>
>>>> Maybe I'm missing some rpc things? "smbd -b | tail -2" says:
>>>>
>>>> Builtin modules:
>>>> pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_winreg
>>>> rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon
>>>> rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog rpc_samr idmap_ldap idmap_tdb
>>>> idmap_passdb idmap_nss idmap_rid idmap_hash nss_info_template auth_sam
>>>> auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin
>>>> auth_netlogond vfs_default vfs_solarisacl vfs_zfsacl
>>>>
>>>>
>>>> MMM
>>>>
>>>> On 07/15/10 04:32 PM, Gaiseric Vandal wrote:
>>>>
>>>>> I compiled Samba 3.4.x on Solaris 10. (I have a Samba 3.4.x pdc with
>>>>> two Samba 3.0.x BDC's.) Samba 3.0.x DC"s will not support Windows 7 clients
>>>>> (don't have any yet but it is probably inevitable) and doesn't seem to
>>>>> support trusts with Windows 2003 Native domains (at least it didn't for me.)
>>>>>
>>>>>
>>>>> If you following the opensolaris forums it seems unlikely that there
>>>>> will be compiled build of 3.4.x or 3.5.x of samba in Solaris 10 or
>>>>> OpenSolaris in the near future. I don't think it really is a licensing or
>>>>> even major technical issue. There is seems to more interest in CIFS
>>>>> project as an alternative to Samba. Oracle/Sun sells a NAS server that
>>>>> runs on opensolaris and users CIFS so I don't think they have much interest
>>>>> in Samba. I don't see Oracle/Sun paying any one work on Samba 3.4.x or
>>>>> 3.5.x integration when they have "better" solutions and more important
>>>>> priorities.
>>>>>
>>>>> To be specific, Samba doesn't require OpenLDAP but it does require LDAP
>>>>> with certain functionality. The Solaris-bundled Samba does use OpenLDAP.
>>>>> But if you are compiling it yourself OpenLDAP is the way to do it.
>>>>> Easiest to just get the openldap precompiled from blastwave or
>>>>> sunfreeware.com. And there is precompiled Samba available from
>>>>> Sunfreeware and Blastwave but it may lack the features you need, so you
>>>>> probably need to compile anyway.
>>>>>
>>>>> If you don't need AD support, then then the Sun ldap client
>>>>> functionality should be sufficient.
>>>>>
>>>>>
>>>>> I didn't know about the NGROUPS_MAX option. I would have disabled it
>>>>> if I had known, since I am subject to the 16 group NFS v3 limit. (What I
>>>>> really need to do is switch to NFS v4 and use kerberos authentication for
>>>>> NFS clients.)
>>>>>
>>>>> The OpenSolaris developer build (from earlier this year- not the
>>>>> official release from last year- has updated GCC and other tools that may
>>>>> make compiling easier. Gcc from Sun (and even Sunfreeware) use
>>>>> "/usr/ccs/bin/ld" as the linker. You may need to renamed the file and
>>>>> symlink it to gld (gnu linker.) Samba compiling also requires that you
>>>>> get set the CPPFLAGS and LDFLAGS as well.
>>>>>
>>>>> e.g.
>>>>>
>>>>>
>>>>> PATH=/usr/swf/bin:/usr/ccs/bin:$PATH
>>>>> PATH=/usr/local/samba-3.4.5/bin:/usr/local/samba-3.4.5/sbin:$PATH
>>>>> LD_LIBRARY_PATH=/usr/sfw/lib:/usr/ccs/lib:$LD_LIBRARY PATH
>>>>> LD_LIBRARY_PATH=/usr/local/samba- 3.4.5:$LD_LIBRARY_PATH
>>>>>
>>>>> export LD_LIBRARY_PATH
>>>>> export CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include
>>>>> -I/usr/include"
>>>>> export LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib
>>>>> -L/usr/local/lib -R/usr/local/lib -L/usr/lib -R/usr/lib"
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I posted questions/results to the list earlier this year about my
>>>>> experiences.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 07/14/2010 05:38 PM, Mārcis Lielturks wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On 15 July 2010 00:28, Jeremy Allison <jra at samba.org <mailto:
>>>>>> jra at samba.org>> wrote:
>>>>>>
>>>>>> On Thu, Jul 15, 2010 at 12:26:05AM +0300, Mārcis Lielturks wrote:
>>>>>> > Thanks, machine wont provide NFS or ssh login services, so
>>>>>> fiddling with max
>>>>>> > groups should do no harm!
>>>>>> >
>>>>>> > I googled a bit at found that samba should be recompiled to take
>>>>>> advantage
>>>>>> > of new NGROUPS_MAX. "./configure" logs also suggested that
>>>>>> NGROUPS_MAX is
>>>>>> > evaluated only at compile time.
>>>>>>
>>>>>> Yep. Recompilation should do the trick once the kernel understands
>>>>>> large numbers of groups.
>>>>>>
>>>>>> > Can anybody share experience on compiling samba on OpenSolaris?
>>>>>> What's the
>>>>>> > most painless way? I'm considering to use latest 3.5.5 but maybe
>>>>>> I should
>>>>>> > use same version Sun (Oracle) is using - 3.0.37? I have to set
>>>>>> up Samba on 2
>>>>>> > servers, which already replicate storage, so ID mapping must be
>>>>>> consistent
>>>>>> > between both Samba servers. Servers have to provide shares also
>>>>>> to trusted
>>>>>> > domains, but 3.0.37 doesn't have idmap_hash and seems that
>>>>>> idmap_rid is not
>>>>>> > supported to provide mappings for more than one domain, so
>>>>>> anything newer
>>>>>> > than 3.0.37 sounds like the right choice.
>>>>>>
>>>>>> The only reason they use 3.0.x is they're still unable to cope
>>>>>> with the GPLv3 in (Open?)Solaris. Which is ironic as Oracle
>>>>>> Linux has been shipping GPLv3 Samba for a while. But it's a big
>>>>>> company, you can't expect one part to know what another part is
>>>>>> up to :-).
>>>>>>
>>>>>> Yeah, I read about that, but still, I was thinking that as they ship
>>>>>> 3.0.37, it should also be easier to compile because OS has all that's
>>>>>> necessary for 3.0.37. Newer Samba versions may have some dependencies (new
>>>>>> libs or newer version of libs), that might be harder to satisfy. I have
>>>>>> never compiled samba so far and all I know at the moment (from
>>>>>> documentation) is that AD support requires krb5 and openldap development
>>>>>> libraries and files.
>>>>>>
>>>>>>
>>>>>> Jeremy.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> ML
>>>>>>
>>>>>
>>>>>
>>>
>
>
> --
> ML
>
--
ML
More information about the samba
mailing list