[Samba] samba winbind problem with trusted domains

****@ppu appaji04cn002 at gmail.com
Wed Jun 23 01:13:07 MDT 2010


hi all

i am new to samba and struggling with trusted domains authentication from
many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain (
testraju.ad) .

i have joined samba server as a member to win2k8 domain (testraju.ad) using
net ads join commands /

i m able to access samba shares using testraju.ad user ID's successfully ,
while authenticating with corp.raju.ad users i m unable to.....log is
showing as NT_STATUS NO_SUCH USER

follwing is my smb.conf file


[global]
        log file = /var/log/samba/%m
        load printers = yes
        idmap gid = 600-2000000
        interfaces = 127.0.0.1 eth0
        encrypt passwords = yes
        realm = testraju.ad
        winbind use default domain = true
        template shell = /bin/bash
        netbios name = slclinuxfs001
        winbind enum users = no
        idmap uid = 600-2000000
        password server = hsttestadc001.testraju.ad
        winbind nested groups = YeS
        workgroup = test
        winbind enum groups = no
        security = ADS
        max log size = 50000
        bind interfaces only = true
        log level = 3


#winbind separator = \


[raju]
        comment = test share
        path = /tmp/raju
        browsable = yes
        available = yes
        writable = yes
        readonly = no
        valid users = "@RAJU\domain users" "@TEST\domain users"



wbinfo -m is listing all trusted domains .

i m able to authenticate trusted domain user with wbinfo
--authenticate=raju\\pa72635%password (2 back slashes)


i have enabled logging on and following is the client log  when i access
with trusted domain user ID .


[2010/06/23 12:47:38.010714,  3] auth/auth.c:216(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[]\[]@[HICMBSA001] with the new password interface
[2010/06/23 12:47:38.010761,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  mapped user is: [SLCLINUXFS001]\[]@[HICMBSA001]
[2010/06/23 12:47:38.011642,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011670,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011709,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011812,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011921,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011946,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011969,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.012000,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.012286,  3] auth/auth.c:265(check_ntlm_password)
  check_ntlm_password: guest authentication for user [] succeeded
[2010/06/23 12:47:38.082054,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.082095,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.082119,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.082356,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.082422,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2180847254-3007464121-335579984-501]
[2010/06/23 12:47:38.082464,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/06/23 12:47:38.082503,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2010/06/23 12:47:38.082587,  3]
libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
  NTLMSSP Sign/Seal - Initialising with flags:
[2010/06/23 12:47:38.082624,  3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xa2088205
[2010/06/23 12:47:38.082676,  3] smbd/password.c:282(register_existing_vuid)
  register_existing_vuid: User name: nobody     Real name: Nobody
[2010/06/23 12:47:38.082731,  3] smbd/password.c:292(register_existing_vuid)
  register_existing_vuid: UNIX uid 99 is UNIX user nobody, and will be vuid
100
[2010/06/23 12:47:38.097021,  3] smbd/process.c:1485(process_smb)
  Transaction 3 of length 94 (0 toread)
[2010/06/23 12:47:38.097084,  3] smbd/process.c:1294(switch_message)
  switch message SMBtconX (pid 13230) conn 0x0
[2010/06/23 12:47:38.097120,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097407,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097438,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097460,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097502,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097552,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097577,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097599,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097631,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097691,  3] smbd/service.c:807(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2010/06/23 12:47:38.097843,  3] smbd/vfs.c:97(vfs_init_default)
  Initialising default vfs hooks
[2010/06/23 12:47:38.097960,  3] smbd/vfs.c:122(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2010/06/23 12:47:38.098162,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098186,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098208,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098240,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098277,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098395,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098418,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098449,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098494,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098535,  3] smbd/service.c:1069(make_connection_snum)
  hicmbsa001 (172.16.203.119) connect to service IPC$ initially as user
nobody (uid=99, gid=99) (pid 13230)
[2010/06/23 12:47:38.098564,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098595,  3] smbd/reply.c:846(reply_tcon_and_X)
  tconX service=IPC$
[2010/06/23 12:47:38.117760,  3] smbd/process.c:1485(process_smb)
  Transaction 4 of length 116 (0 toread)
[2010/06/23 12:47:38.117820,  3] smbd/process.c:1294(switch_message)
  switch message SMBtrans2 (pid 13230) conn 0x9a3ea28
[2010/06/23 12:47:38.117855,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.118074,  3] smbd/msdfs.c:848(get_referred_path)
  get_referred_path: |RAJU| in dfs path \172.27.97.53\raju is not a dfs
root.
[2010/06/23 12:47:38.118118,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/trans2.c(8002) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2010/06/23 12:47:38.147166,  3] smbd/process.c:1485(process_smb)
  Transaction 5 of length 270 (0 toread)
[2010/06/23 12:47:38.147235,  3] smbd/process.c:1294(switch_message)
  switch message SMBsesssetupX (pid 13230) conn 0x0
[2010/06/23 12:47:38.147264,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.147297,  3]
smbd/sesssetup.c:1435(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2010/06/23 12:47:38.147321,  3]
smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2010/06/23 12:47:38.147376,  3]
smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
  NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 5.2]
[2010/06/23 12:47:38.147451,  3]
smbd/sesssetup.c:805(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 40
[2010/06/23 12:47:38.147493,  3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xa2088207
[2010/06/23 12:47:38.293953,  3]
../lib/util/util_net.c:68(interpret_string_addr_internal)
  interpret_string_addr_internal: getaddrinfo failed for name slclinuxfs001
[Name or service not known]
[2010/06/23 12:47:38.298064,  3] lib/util_sock.c:1796(get_mydnsfullname)
  get_mydnsfullname: getaddrinfo failed for name slclinuxfs001 [Unknown
error]
[2010/06/23 12:47:38.309704,  3]
../lib/util/util_net.c:68(interpret_string_addr_internal)
  interpret_string_addr_internal: getaddrinfo failed for name slclinuxfs001
[Name or service not known]
[2010/06/23 12:47:38.309860,  3] lib/util_sock.c:1796(get_mydnsfullname)
  get_mydnsfullname: getaddrinfo failed for name slclinuxfs001 [Unknown
error]
[2010/06/23 12:47:38.337483,  3] smbd/process.c:1485(process_smb)
  Transaction 6 of length 378 (0 toread)
[2010/06/23 12:47:38.337555,  3] smbd/process.c:1294(switch_message)
  switch message SMBsesssetupX (pid 13230) conn 0x0
[2010/06/23 12:47:38.337583,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.337623,  3]
smbd/sesssetup.c:1435(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2010/06/23 12:47:38.337780,  3]
smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2010/06/23 12:47:38.337812,  3]
smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
  NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 5.2]
[2010/06/23 12:47:38.337856,  3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
  Got user=[BK72598_S] domain=[raju] workstation=[HICMBSA001] len1=24
len2=24
[2010/06/23 12:47:38.338582,  3] auth/auth.c:216(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user
[RAJU]\[BK72598_S]@[HICMBSA001] with the new password interface
[2010/06/23 12:47:38.338624,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  mapped user is: [RAJU]\[BK72598_S]@[HICMBSA001]
[2010/06/23 12:47:38.338659,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.338684,  3] smbd/uid.c:429(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.338708,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.383705,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.485606,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [BK72598_S] -> [BK72598_S]
FAILED with error NT_STATUS_NO_SUCH_USER
[2010/06/23 12:47:38.485672,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2010/06/23 12:47:48.362075,  3] smbd/process.c:1485(process_smb)
  Transaction 7 of length 43 (0 toread)
[2010/06/23 12:47:48.362301,  3] smbd/process.c:1294(switch_message)
  switch message SMBulogoffX (pid 13230) conn 0x0
[2010/06/23 12:47:48.362360,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.362605,  3] smbd/reply.c:2055(reply_ulogoffX)
  ulogoffX vuid=100
[2010/06/23 12:47:48.372969,  3] smbd/process.c:1485(process_smb)
  Transaction 8 of length 39 (0 toread)
[2010/06/23 12:47:48.372999,  3] smbd/process.c:1294(switch_message)
  switch message SMBtdis (pid 13230) conn 0x9a3ea28
[2010/06/23 12:47:48.373023,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.373073,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.373104,  3] smbd/service.c:1250(close_cnum)
  hicmbsa001 (172.16.203.119) closed connection to service IPC$
[2010/06/23 12:47:48.373204,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to IPC$
[2010/06/23 12:47:48.373415,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.392269,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.392370,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2010/06/23 12:47:48.392613,  3] smbd/server.c:902(exit_server_common)
  Server exit (failed to receive smb request)




please help me :(


More information about the samba mailing list