[Samba] NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE with Server 2008R2

Oliver R. samba at solar-imperium.com
Sun Apr 15 04:28:38 MDT 2012


Same thing here...

SPNEGO login failed: Trust relationship failure

As already reported in an earlier post ...

Only difference is "security = ads" instead of "domain". So my Linux 
system (POSBIS) is an AD member and shares some directories
on the Linux Box. Samba Version is 3.6.x. The DNS configuration is 
correct and joining the AD works fine. The exact same configuration worked
on an earlier samba version against the same Windows 2008 R2 domain 
controller. Something must have changed in later versions of SAMBA
breaking the Trust Releationship.

Can anybody in short list all group policies needed on Windows Server 
2008 R2 side an all smb.conf settings on the SAMBA client side to get
this constellation to workwith SAMBA 3.6.x (maybe 3.5.x as well).

I really have no idea why it is not working anymore...

Regards,
Oliver

-------------------

[root at posbis ~]# net ads testjoin
Join is OK
[root at posbis ~]#

smbclient -L POSBIS -U rhodan -d10 -s /etc/samba/smb.conf

INFO: Current debug levels:
   all: 10
   tdb: 10
   printdrivers: 10
   lanman: 10
   smb: 10
   rpc_parse: 10
   rpc_srv: 10
   rpc_cli: 10
   passdb: 10
   sam: 10
   auth: 10
   winbind: 10
   vfs: 10
   idmap: 10
   quota: 10
   acls: 10
   locking: 10
   msdfs: 10
   dmapi: 10
   registry: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
   all: 10
   tdb: 10
   printdrivers: 10
   lanman: 10
   smb: 10
   rpc_parse: 10
   rpc_srv: 10
   rpc_cli: 10
   passdb: 10
   sam: 10
   auth: 10
   winbind: 10
   vfs: 10
   idmap: 10
   quota: 10
   acls: 10
   locking: 10
   msdfs: 10
   dmapi: 10
   registry: 10
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = SOLAR-IMPERIUM
doing parameter server string = Samba Server Version %v
doing parameter netbios name = POSBIS
handle_netbios_name: set global_myname to: POSBIS
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter include = /user1/config/samba/ads.conf
params.c:pm_process() - Processing configuration file 
"/user1/config/samba/ads.conf"
doing parameter security = ads
doing parameter passdb backend = tdbsam
doing parameter realm = SOLAR-IMPERIUM.COM
doing parameter username map = /etc/samba/smbusers
doing parameter encrypt passwords = yes
doing parameter client ntlmv2 auth = no
doing parameter send spnego principal = no
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_MEMBER
Substituting charset 'UTF-8' for LOCALE
added interface em1 ip=fe80::20c:76ff:fe24:eefa%em1 
bcast=fe80::ffff:ffff:ffff:ffff%em1 netmask=ffff:ffff:ffff:ffff::
added interface em1 ip=192.168.1.3 bcast=192.168.1.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="POSBIS"
Client started (version 3.6.3-78.fc16).
Opening cache file at /var/lib/samba/gencache.tdb
Opening cache file at /var/lib/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for SOLAR-IMPERIUM.COM: "Solar-System"
internal_resolve_name: looking up POSBIS#20 (sitename Solar-System)
name POSBIS#20 found.
Running timed event "tevent_req_timedout" 0x21b636a8
Connecting to ::1 at port 445
Socket options:
     SO_KEEPALIVE = 0
     SO_REUSEADDR = 0
     SO_BROADCAST = 0
     TCP_NODELAY = 1
     TCP_KEEPCNT = 9
     TCP_KEEPIDLE = 7200
     TCP_KEEPINTVL = 75
     IPTOS_LOWDELAY = 0
     IPTOS_THROUGHPUT = 0
     SO_SNDBUF = 170640
     SO_RCVBUF = 87380
     SO_SNDLOWAT = 1
     SO_RCVLOWAT = 1
     SO_SNDTIMEO = 0
     SO_RCVTIMEO = 0
     TCP_QUICKACK = 1
  session request ok
Substituting charset 'UTF-8' for LOCALE
Doing spnego session setup (blob length=112)
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.48018.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
convert_string_internal: Conversion error: Illegal multibyte sequence()
      negotiate: struct NEGOTIATE_MESSAGE
         Signature                : 'NTLMSSP'
         MessageType              : NtLmNegotiate (1)
         NegotiateFlags           : 0x60088215 (1611170325)
                1: NTLMSSP_NEGOTIATE_UNICODE
                0: NTLMSSP_NEGOTIATE_OEM
                1: NTLMSSP_REQUEST_TARGET
                1: NTLMSSP_NEGOTIATE_SIGN
                0: NTLMSSP_NEGOTIATE_SEAL
                0: NTLMSSP_NEGOTIATE_DATAGRAM
                0: NTLMSSP_NEGOTIATE_LM_KEY
                0: NTLMSSP_NEGOTIATE_NETWARE
                1: NTLMSSP_NEGOTIATE_NTLM
                0: NTLMSSP_NEGOTIATE_NT_ONLY
                0: NTLMSSP_ANONYMOUS
                0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                0: NTLMSSP_TARGET_TYPE_DOMAIN
                0: NTLMSSP_TARGET_TYPE_SERVER
                0: NTLMSSP_TARGET_TYPE_SHARE
                1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                0: NTLMSSP_NEGOTIATE_IDENTIFY
                0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                0: NTLMSSP_NEGOTIATE_TARGET_INFO
                0: NTLMSSP_NEGOTIATE_VERSION
                1: NTLMSSP_NEGOTIATE_128
                1: NTLMSSP_NEGOTIATE_KEY_EXCH
                0: NTLMSSP_NEGOTIATE_56
         DomainNameLen            : 0x000e (14)
         DomainNameMaxLen         : 0x000e (14)
         DomainName               : *
             DomainName               : 'SOLAR-IMPERIUM'
         WorkstationLen           : 0x0006 (6)
         WorkstationMaxLen        : 0x0006 (6)
         Workstation              : *
             Workstation              : 'POSBIS'
      challenge: struct CHALLENGE_MESSAGE
         Signature                : 'NTLMSSP'
         MessageType              : NtLmChallenge (0x2)
         TargetNameLen            : 0x001c (28)
         TargetNameMaxLen         : 0x001c (28)
         TargetName               : *
             TargetName               : 'SOLAR-IMPERIUM'
         NegotiateFlags           : 0x60898215 (1619624469)
                1: NTLMSSP_NEGOTIATE_UNICODE
                0: NTLMSSP_NEGOTIATE_OEM
                1: NTLMSSP_REQUEST_TARGET
                1: NTLMSSP_NEGOTIATE_SIGN
                0: NTLMSSP_NEGOTIATE_SEAL
                0: NTLMSSP_NEGOTIATE_DATAGRAM
                0: NTLMSSP_NEGOTIATE_LM_KEY
                0: NTLMSSP_NEGOTIATE_NETWARE
                1: NTLMSSP_NEGOTIATE_NTLM
                0: NTLMSSP_NEGOTIATE_NT_ONLY
                0: NTLMSSP_ANONYMOUS
                0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                1: NTLMSSP_TARGET_TYPE_DOMAIN
                0: NTLMSSP_TARGET_TYPE_SERVER
                0: NTLMSSP_TARGET_TYPE_SHARE
                1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                0: NTLMSSP_NEGOTIATE_IDENTIFY
                0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                1: NTLMSSP_NEGOTIATE_TARGET_INFO
                0: NTLMSSP_NEGOTIATE_VERSION
                1: NTLMSSP_NEGOTIATE_128
                1: NTLMSSP_NEGOTIATE_KEY_EXCH
                0: NTLMSSP_NEGOTIATE_56
         ServerChallenge          : b4184a42ca05636e
         Reserved                 : 0000000000000000
         TargetInfoLen            : 0x0076 (118)
         TargetNameInfoMaxLen     : 0x0076 (118)
         TargetInfo               : *
             TargetInfo: struct AV_PAIR_LIST
                 count                    : 0x00000005 (5)
                 pair: ARRAY(5)
                     pair: struct AV_PAIR
                         AvId                     : MsvAvNbDomainName (0x2)
                         AvLen                    : 0x001c (28)
                         Value                    : union 
ntlmssp_AvValue(case 0x2)
                         AvNbDomainName           : 'SOLAR-IMPERIUM'
                     pair: struct AV_PAIR
                         AvId                     : MsvAvNbComputerName 
(0x1)
                         AvLen                    : 0x000c (12)
                         Value                    : union 
ntlmssp_AvValue(case 0x1)
                         AvNbComputerName         : 'POSBIS'
                     pair: struct AV_PAIR
                         AvId                     : MsvAvDnsDomainName (0x4)
                         AvLen                    : 0x0016 (22)
                         Value                    : union 
ntlmssp_AvValue(case 0x4)
                         AvDnsDomainName          : 'rehmann.org'
                     pair: struct AV_PAIR
                         AvId                     : MsvAvDnsComputerName 
(0x3)
                         AvLen                    : 0x0024 (36)
                         Value                    : union 
ntlmssp_AvValue(case 0x3)
                         AvDnsComputerName        : 'posbis.rehmann.org'
                     pair: struct AV_PAIR
                         AvId                     : MsvAvEOL (0x0)
                         AvLen                    : 0x0000 (0)
                         Value                    : union 
ntlmssp_AvValue(case 0x0)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_NTLM2
   NTLMSSP_NEGOTIATE_TARGET_INFO
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_NTLM2
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 06 23 36 F2 42 36 42 9E                            .#6.B6B.
      authenticate: struct AUTHENTICATE_MESSAGE
         Signature                : 'NTLMSSP'
         MessageType              : NtLmAuthenticate (3)
         LmChallengeResponseLen   : 0x0018 (24)
         LmChallengeResponseMaxLen: 0x0018 (24)
         LmChallengeResponse      : *
             LmChallengeResponse      : union ntlmssp_LM_RESPONSE(case 24)
             v1: struct LM_RESPONSE
                 Response                 : 
9a7094be3dc810ca00000000000000000000000000000000
         NtChallengeResponseLen   : 0x0018 (24)
         NtChallengeResponseMaxLen: 0x0018 (24)
         NtChallengeResponse      : *
             NtChallengeResponse      : union ntlmssp_NTLM_RESPONSE(case 24)
             v1: struct NTLM_RESPONSE
                 Response                 : 
cc27c54ccb09bfa7bf80c69fde723b4f218769db65228e49
         DomainNameLen            : 0x001c (28)
         DomainNameMaxLen         : 0x001c (28)
         DomainName               : *
             DomainName               : 'SOLAR-IMPERIUM'
         UserNameLen              : 0x000c (12)
         UserNameMaxLen           : 0x000c (12)
         UserName                 : *
             UserName                 : 'rhodan'
         WorkstationLen           : 0x000c (12)
         WorkstationMaxLen        : 0x000c (12)
         Workstation              : *
             Workstation              : 'POSBIS'
         EncryptedRandomSessionKeyLen: 0x0010 (16)
         EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
         EncryptedRandomSessionKey: *
             EncryptedRandomSessionKey: DATA_BLOB length=16
[0000] 26 63 57 46 C3 10 E5 D8   22 66 65 69 36 36 D9 43 &cWF.... "fei66.C
         NegotiateFlags           : 0x60088215 (1611170325)
                1: NTLMSSP_NEGOTIATE_UNICODE
                0: NTLMSSP_NEGOTIATE_OEM
                1: NTLMSSP_REQUEST_TARGET
                1: NTLMSSP_NEGOTIATE_SIGN
                0: NTLMSSP_NEGOTIATE_SEAL
                0: NTLMSSP_NEGOTIATE_DATAGRAM
                0: NTLMSSP_NEGOTIATE_LM_KEY
                0: NTLMSSP_NEGOTIATE_NETWARE
                1: NTLMSSP_NEGOTIATE_NTLM
                0: NTLMSSP_NEGOTIATE_NT_ONLY
                0: NTLMSSP_ANONYMOUS
                0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
                0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
                0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
                1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
                0: NTLMSSP_TARGET_TYPE_DOMAIN
                0: NTLMSSP_TARGET_TYPE_SERVER
                0: NTLMSSP_TARGET_TYPE_SHARE
                1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
                0: NTLMSSP_NEGOTIATE_IDENTIFY
                0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
                0: NTLMSSP_NEGOTIATE_TARGET_INFO
                0: NTLMSSP_NEGOTIATE_VERSION
                1: NTLMSSP_NEGOTIATE_128
                1: NTLMSSP_NEGOTIATE_KEY_EXCH
                0: NTLMSSP_NEGOTIATE_56
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
   NTLMSSP_NEGOTIATE_UNICODE
   NTLMSSP_REQUEST_TARGET
   NTLMSSP_NEGOTIATE_SIGN
   NTLMSSP_NEGOTIATE_NTLM
   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
   NTLMSSP_NEGOTIATE_NTLM2
   NTLMSSP_NEGOTIATE_128
   NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Trust relationship failure
lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE








On 15.04.2012 01:31, Chrisopher R Davis wrote:
> I am having problems implementing Samba using security=domain against 
> a Windows 2008R2 server.
>
> I have been able to successfully join the domain via a net rpc join.  
> Anytime I try to access a share through smbclient I get a 
> NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE but nothing in the logs (on 
> either side) seems to be giving me any leads on where to look.  The 
> system is locked down to allow NTLv2 ONLY.
>
> The 2008R2 server is running with a number of additional security 
> lock-downs and it is somewhat likely one or more of those may be the 
> culprit but I'm hoping someone might have an idea of a specific place 
> to start looking.
>
>
> Any help would be much appreciated - I can dig up more logs if needed.
>
>
>
> I have included my smb.conf, the output from a a net rpg testjoin and 
> output from my test run of smbclient
>
> ######################################################################################################### 
>
>
> My smb.conf:
>
>
> [global]
>         workgroup = MYDOMAIN
>         netbios name = myserver
>         security = domain
>         password server = dc1
>         server string = Samba (%v) domain (%h)
>         username map = /cm-views/samba.server/lib/users.map
>         log level = 10
>         log file = /cm-views/samba.server/logs/log.%m
>         lock dir = /cm-views/samba.server/locks
>         private dir = /cm-views/samba.server/private
>         client use spnego = yes
>         client ntlmv2 auth = yes
>         client signing = yes
>         server signing = yes
>         client ldap sasl wrapping = seal
>         client schannel = yes
>         server schannel = yes
>         encrypt passwords = yes
>
>
>
> [test]
>         comment = Monitor Directory for Sun Cluster
>         path = /cm-views/samba.server/logs
>         guest ok = Yes
>
> ######################################################################################################### 
>
>
>
>
>
>
> [root at cc1 /cm-views/samba.server/logs ]# net rpc testjoin -s 
> ../lib/smb.conf
> Join to 'MYDOMAIN' is OK
>
>
>
> ######################################################################################################### 
>
>
>
>
> [root at cc1 /cm-views/samba.server/logs ]# smbclient -L myserver -U 
> cdavis15 -s ../lib/smb.conf -d10
> INFO: Current debug levels:
>   all: True/10
>   tdb: False/0
>   printdrivers: False/0
>   lanman: False/0
>   smb: False/0
>   rpc_parse: False/0
>   rpc_srv: False/0
>   rpc_cli: False/0
>   passdb: False/0
>   sam: False/0
>   auth: False/0
>   winbind: False/0
>   vfs: False/0
>   idmap: False/0
>   quota: False/0
>   acls: False/0
>   locking: False/0
>   msdfs: False/0
>   dmapi: False/0
>   registry: False/0
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file "../lib/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = MYDOMAIN
> doing parameter netbios name = myserver
> handle_netbios_name: set global_myname to: myserver
> doing parameter security = domain
> doing parameter password server = dc1
> doing parameter server string = Samba (%v) domain (%h)
> doing parameter username map = /cm-views/samba.server/lib/users.map
> doing parameter log level = 10
> doing parameter log file = /cm-views/samba.server/logs/log.%m
> doing parameter lock dir = /cm-views/samba.server/locks
> doing parameter private dir = /cm-views/samba.server/private
> doing parameter client use spnego = yes
> doing parameter client ntlmv2 auth = yes
> doing parameter client signing = yes
> doing parameter server signing = yes
> doing parameter client ldap sasl wrapping = seal
> doing parameter client schannel = yes
> doing parameter server schannel = yes
> doing parameter encrypt passwords = yes
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> set_server_role: role = ROLE_DOMAIN_MEMBER
> Attempting to register new charset UCS-2LE
> Registered charset UCS-2LE
> Attempting to register new charset UTF-16LE
> Registered charset UTF-16LE
> Attempting to register new charset UCS-2BE
> Registered charset UCS-2BE
> Attempting to register new charset UTF-16BE
> Registered charset UTF-16BE
> Attempting to register new charset UTF8
> Registered charset UTF8
> Attempting to register new charset UTF-8
> Registered charset UTF-8
> Attempting to register new charset ASCII
> Registered charset ASCII
> Attempting to register new charset 646
> Registered charset 646
> Attempting to register new charset ISO-8859-1
> Registered charset ISO-8859-1
> Attempting to register new charset UCS2-HEX
> Registered charset UCS2-HEX
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> added interface bge1 ip=172.16.0.130 bcast=172.16.0.255 
> netmask=255.255.255.128
> added interface bge3 ip=172.16.1.2 bcast=172.16.1.127 
> netmask=255.255.255.128
> added interface clprivnet0 ip=172.16.4.2 bcast=172.16.5.255 
> netmask=255.255.254.0
> added interface bge0 ip=10.10.10.43 bcast=10.10.10.255 
> netmask=255.255.255.0
> added interface bge0:2 ip=10.10.10.60 bcast=10.10.10.255 
> netmask=255.255.255.0
> added interface bge0:4 ip=10.10.10.61 bcast=10.10.10.255 
> netmask=255.255.255.0
> added interface bge0:3 ip=10.10.10.62 bcast=10.10.10.255 
> netmask=255.255.255.0
> add_interface: not adding duplicate interface 0.0.0.0
> Netbios name list:-
> my_netbios_names[0]="myserver"
> Client started (version 3.5.8).
> Enter cdavis15's password:
> Opening cache file at /cm-views/samba.server/locks/gencache.tdb
> Opening cache file at /cm-views/samba.server/locks/gencache_notrans.tdb
> Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
> sitename_fetch: No stored sitename for
> internal_resolve_name: looking up myserver#20 (sitename (null))
> Cache entry with key = NBT/myserver#20 couldn't be found
> no entry for myserver#20 found.
> resolve_lmhosts: Attempting lmhosts lookup for name myserver<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No 
> such file or directory
> resolve_wins: Attempting wins lookup for name myserver<0x20>
> resolve_wins: WINS server resolution selected and no WINS servers listed.
> resolve_hosts: Attempting host lookup for name myserver<0x20>
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> namecache_store: storing 1 address for myserver#20: 10.10.10.62
> Adding cache entry with key = NBT/myserver#20 and timeout = Fri Apr 13 
> 17:34:17 2012
>  (660 seconds ahead)
> internal_resolve_name: returning 1 addresses: 10.10.10.62:0
> Running timed event "tevent_req_timedout" 7b11d0
> Connecting to 10.10.10.62 at port 445
> Socket options:
>         SO_KEEPALIVE = 0
>         SO_REUSEADDR = 0
>         SO_BROADCAST = 0
>         TCP_NODELAY = 1
>         IPTOS_LOWDELAY = 0
>         IPTOS_THROUGHPUT = 0
>         SO_SNDBUF = 49152
>         SO_RCVBUF = 49152
>         Could not test socket option SO_SNDLOWAT.
>         Could not test socket option SO_RCVLOWAT.
>         Could not test socket option SO_SNDTIMEO.
>         Could not test socket option SO_RCVTIMEO.
>  session request ok
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Doing spnego session setup (blob length=58)
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=NONE
> &negotiate: struct NEGOTIATE_MESSAGE
>         Signature                : 'NTLMSSP'
>         MessageType              : NtLmNegotiate (1)
>         NegotiateFlags           : 0x60088215 (1611170325)
>                1: NTLMSSP_NEGOTIATE_UNICODE
>                0: NTLMSSP_NEGOTIATE_OEM
>                1: NTLMSSP_REQUEST_TARGET
>                1: NTLMSSP_NEGOTIATE_SIGN
>                0: NTLMSSP_NEGOTIATE_SEAL
>                0: NTLMSSP_NEGOTIATE_DATAGRAM
>                0: NTLMSSP_NEGOTIATE_LM_KEY
>                0: NTLMSSP_NEGOTIATE_NETWARE
>                1: NTLMSSP_NEGOTIATE_NTLM
>                0: NTLMSSP_NEGOTIATE_NT_ONLY
>                0: NTLMSSP_ANONYMOUS
>                0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
>                0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
>                0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
>                1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>                0: NTLMSSP_TARGET_TYPE_DOMAIN
>                0: NTLMSSP_TARGET_TYPE_SERVER
>                0: NTLMSSP_TARGET_TYPE_SHARE
>                1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>                0: NTLMSSP_NEGOTIATE_IDENTIFY
>                0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
>                0: NTLMSSP_NEGOTIATE_TARGET_INFO
>                0: NTLMSSP_NEGOTIATE_VERSION
>                1: NTLMSSP_NEGOTIATE_128
>                1: NTLMSSP_NEGOTIATE_KEY_EXCH
>                0: NTLMSSP_NEGOTIATE_56
>         DomainNameLen            : 0x0007 (7)
>         DomainNameMaxLen         : 0x0007 (7)
>         DomainName               : *
>             DomainName               : 'MYDOMAIN'
>         WorkstationLen           : 0x000f (15)
>         WorkstationMaxLen        : 0x000f (15)
>         Workstation              : *
>             Workstation              : 'myserver'
> smb_signing_sign_pdu: sent SMB signature of
> [0000] 42 53 52 53 50 59 4C 20                            BSRSPYL
> write_socket(6,174)
> write_socket(6,174) wrote 174
> got smb length of 256
> size=256
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]=  255 (0xFF)
> smb_vwv[ 1]=    0 (0x0)
> smb_vwv[ 2]=    0 (0x0)
> smb_vwv[ 3]=  163 (0xA3)
> smb_bcc=213
> [0000] A1 81 A0 30 81 9D A0 03   0A 01 01 A1 0C 06 0A 2B   ¡. 0.. . 
> ...¡...+
> [0010] 06 01 04 01 82 37 02 02   0A A2 81 87 04 81 84 4E   .....7.. 
> .......N
> [0020] 54 4C 4D 53 53 50 00 02   00 00 00 0E 00 0E 00 30   TLMSSP.. 
> .......0
> [0030] 00 00 00 15 82 89 60 79   0C B4 2C A3 64 A6 AD 00   ......`y 
> ..,.d...
> [0040] 00 00 00 00 00 00 00 46   00 46 00 3E 00 00 00 53   .......F 
> .F.>...S
> [0050] 00 50 00 45 00 43 00 54   00 52 00 45 00 02 00 0E   .P.E.C.T 
> .R.E....
> [0060] 00 53 00 50 00 45 00 43   00 54 00 52 00 45 00 01   .S.P.E.C 
> .T.R.E..
> [0070] 00 1E 00 43 00 4F 00 53   00 2D 00 43 00 43 00 2D   ...C.O.S 
> .-.C.C.-
> [0080] 00 43 00 4D 00 2D 00 56   00 49 00 45 00 57 00 53   .C.M.-.V 
> .I.E.W.S
> [0090] 00 04 00 00 00 03 00 06   00 63 00 63 00 31 00 00   ........ 
> .c.c.1..
> [00A0] 00 00 00 55 00 6E 00 69   00 78 00 00 00 53 00 61   ...U.n.i 
> .x...S.a
> [00B0] 00 6D 00 62 00 61 00 20   00 33 00 2E 00 35 00 2E   .m.b.a.  
> .3...5..
> [00C0] 00 38 00 00 00 53 00 50   00 45 00 43 00 54 00 52   .8...S.P 
> .E.C.T.R
> [00D0] 00 45 00 00 00                                    .E...
> size=256
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]=  255 (0xFF)
> smb_vwv[ 1]=    0 (0x0)
> smb_vwv[ 2]=    0 (0x0)
> smb_vwv[ 3]=  163 (0xA3)
> smb_bcc=213
> [0000] A1 81 A0 30 81 9D A0 03   0A 01 01 A1 0C 06 0A 2B   ¡. 0.. . 
> ...¡...+
> [0010] 06 01 04 01 82 37 02 02   0A A2 81 87 04 81 84 4E   .....7.. 
> .......N
> [0020] 54 4C 4D 53 53 50 00 02   00 00 00 0E 00 0E 00 30   TLMSSP.. 
> .......0
> [0030] 00 00 00 15 82 89 60 79   0C B4 2C A3 64 A6 AD 00   ......`y 
> ..,.d...
> [0040] 00 00 00 00 00 00 00 46   00 46 00 3E 00 00 00 53   .......F 
> .F.>...S
> [0050] 00 50 00 45 00 43 00 54   00 52 00 45 00 02 00 0E   .P.E.C.T 
> .R.E....
> [0060] 00 53 00 50 00 45 00 43   00 54 00 52 00 45 00 01   .S.P.E.C 
> .T.R.E..
> [0070] 00 1E 00 43 00 4F 00 53   00 2D 00 43 00 43 00 2D   ...C.O.S 
> .-.C.C.-
> [0080] 00 43 00 4D 00 2D 00 56   00 49 00 45 00 57 00 53   .C.M.-.V 
> .I.E.W.S
> [0090] 00 04 00 00 00 03 00 06   00 63 00 63 00 31 00 00   ........ 
> .c.c.1..
> [00A0] 00 00 00 55 00 6E 00 69   00 78 00 00 00 53 00 61   ...U.n.i 
> .x...S.a
> [00B0] 00 6D 00 62 00 61 00 20   00 33 00 2E 00 35 00 2E   .m.b.a.  
> .3...5..
> [00C0] 00 38 00 00 00 53 00 50   00 45 00 43 00 54 00 52   .8...S.P 
> .E.C.T.R
> [00D0] 00 45 00 00 00                                    .E...
> &challenge: struct CHALLENGE_MESSAGE
>         Signature                : 'NTLMSSP'
>         MessageType              : NtLmChallenge (0x2)
>         TargetNameLen            : 0x000e (14)
>         TargetNameMaxLen         : 0x000e (14)
>         TargetName               : *
>             TargetName               : 'MYDOMAIN'
>         NegotiateFlags           : 0x60898215 (1619624469)
>                1: NTLMSSP_NEGOTIATE_UNICODE
>                0: NTLMSSP_NEGOTIATE_OEM
>                1: NTLMSSP_REQUEST_TARGET
>                1: NTLMSSP_NEGOTIATE_SIGN
>                0: NTLMSSP_NEGOTIATE_SEAL
>                0: NTLMSSP_NEGOTIATE_DATAGRAM
>                0: NTLMSSP_NEGOTIATE_LM_KEY
>                0: NTLMSSP_NEGOTIATE_NETWARE
>                1: NTLMSSP_NEGOTIATE_NTLM
>                0: NTLMSSP_NEGOTIATE_NT_ONLY
>                0: NTLMSSP_ANONYMOUS
>                0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
>                0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
>                0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
>                1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>                1: NTLMSSP_TARGET_TYPE_DOMAIN
>                0: NTLMSSP_TARGET_TYPE_SERVER
>                0: NTLMSSP_TARGET_TYPE_SHARE
>                1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>                0: NTLMSSP_NEGOTIATE_IDENTIFY
>                0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
>                1: NTLMSSP_NEGOTIATE_TARGET_INFO
>                0: NTLMSSP_NEGOTIATE_VERSION
>                1: NTLMSSP_NEGOTIATE_128
>                1: NTLMSSP_NEGOTIATE_KEY_EXCH
>                0: NTLMSSP_NEGOTIATE_56
>         ServerChallenge          : 790cb42ca364a6ad
>         Reserved                 : 0000000000000000
>         TargetInfoLen            : 0x0046 (70)
>         TargetNameInfoMaxLen     : 0x0046 (70)
>         TargetInfo               : *
>             TargetInfo: struct AV_PAIR_LIST
>                 count                    : 0x00000005 (5)
>                 pair: ARRAY(5)
>                     pair: struct AV_PAIR
>                         AvId                     : MsvAvNbDomainName 
> (0x2)
>                         AvLen                    : 0x000e (14)
>                         Value                    : union 
> ntlmssp_AvValue(case 0x2)
>                         AvNbDomainName           : 'MYDOMAIN'
>                     pair: struct AV_PAIR
>                         AvId                     : MsvAvNbComputerName 
> (0x1)
>                         AvLen                    : 0x001e (30)
>                         Value                    : union 
> ntlmssp_AvValue(case 0x1)
>                         AvNbComputerName         : 'myserver'
>                     pair: struct AV_PAIR
>                         AvId                     : MsvAvDnsDomainName 
> (0x4)
>                         AvLen                    : 0x0000 (0)
>                         Value                    : union 
> ntlmssp_AvValue(case 0x4)
>                         AvDnsDomainName          : ''
>                     pair: struct AV_PAIR
>                         AvId                     : 
> MsvAvDnsComputerName (0x3)
>                         AvLen                    : 0x0006 (6)
>                         Value                    : union 
> ntlmssp_AvValue(case 0x3)
>                         AvDnsComputerName        : 'cc1'
>                     pair: struct AV_PAIR
>                         AvId                     : MsvAvEOL (0x0)
>                         AvLen                    : 0x0000 (0)
>                         Value                    : union 
> ntlmssp_AvValue(case 0x0)
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_NTLM2
>   NTLMSSP_NEGOTIATE_TARGET_INFO
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_NTLM2
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> &authenticate: struct AUTHENTICATE_MESSAGE
>         Signature                : 'NTLMSSP'
>         MessageType              : NtLmAuthenticate (3)
>         LmChallengeResponseLen   : 0x0018 (24)
>         LmChallengeResponseMaxLen: 0x0018 (24)
>         LmChallengeResponse      : *
>             LmChallengeResponse      : union ntlmssp_LM_RESPONSE(case 24)
>             v1: struct LM_RESPONSE
>                 Response                 : 
> 078e894cc35e1708df68607b51c47cd6fc4cd6febd7d4ca4
>         NtChallengeResponseLen   : 0x0072 (114)
>         NtChallengeResponseMaxLen: 0x0072 (114)
>         NtChallengeResponse      : *
>             NtChallengeResponse      : union 
> ntlmssp_NTLM_RESPONSE(case 114)
>             v2: struct NTLMv2_RESPONSE
>                 Response                 : 
> ff564e232df73299417995e0973dd4e3
>                 Challenge: struct NTLMv2_CLIENT_CHALLENGE
>                     RespType                 : 0x01 (1)
>                     HiRespType               : 0x01 (1)
>                     Reserved1                : 0x0000 (0)
>                     Reserved2                : 0x00000000 (0)
>                     TimeStamp                : April 13, 2012 05:23:17 
> PM GMT GMT
>                     ChallengeFromClient      : 7cc0c9cc205d2ce2
>                     Reserved3                : 0x00000000 (0)
>                     AvPairs: struct AV_PAIR_LIST
>                         count                    : 0x00000005 (5)
>                         pair: ARRAY(5)
>                             pair: struct AV_PAIR
>                                 AvId                     : 
> MsvAvNbDomainName (0x2)
>                                 AvLen                    : 0x000e (14)
>                                 Value                    : union 
> ntlmssp_AvValue(case 0x2)
>                                 AvNbDomainName           : 'MYDOMAIN'
>                             pair: struct AV_PAIR
>                                 AvId                     : 
> MsvAvNbComputerName (0x1)
>                                 AvLen                    : 0x001e (30)
>                                 Value                    : union 
> ntlmssp_AvValue(case 0x1)
>                                 AvNbComputerName         : 'myserver'
>                             pair: struct AV_PAIR
>                                 AvId                     : 
> MsvAvDnsDomainName (0x4)
>                                 AvLen                    : 0x0000 (0)
>                                 Value                    : union 
> ntlmssp_AvValue(case 0x4)
>                                 AvDnsDomainName          : ''
>                             pair: struct AV_PAIR
>                                 AvId                     : 
> MsvAvDnsComputerName (0x3)
>                                 AvLen                    : 0x0006 (6)
>                                 Value                    : union 
> ntlmssp_AvValue(case 0x3)
>                                 AvDnsComputerName        : 'cc1'
>                             pair: struct AV_PAIR
>                                 AvId                     : MsvAvEOL (0x0)
>                                 AvLen                    : 0x0000 (0)
>                                 Value                    : union 
> ntlmssp_AvValue(case 0x0)
>         DomainNameLen            : 0x000e (14)
>         DomainNameMaxLen         : 0x000e (14)
>         DomainName               : *
>             DomainName               : 'MYDOMAIN'
>         UserNameLen              : 0x0010 (16)
>         UserNameMaxLen           : 0x0010 (16)
>         UserName                 : *
>             UserName                 : 'cdavis15'
>         WorkstationLen           : 0x001e (30)
>         WorkstationMaxLen        : 0x001e (30)
>         Workstation              : *
>             Workstation              : 'myserver'
>         EncryptedRandomSessionKeyLen: 0x0010 (16)
>         EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
>         EncryptedRandomSessionKey: *
>             EncryptedRandomSessionKey: DATA_BLOB length=16
> [0000] 7F 69 AF 9D 61 58 E0 8F   FB 4B BF 94 3B B4 B9 EE   .i..aXà. 
> ûK¿.;..î
>         NegotiateFlags           : 0x60088215 (1611170325)
>                1: NTLMSSP_NEGOTIATE_UNICODE
>                0: NTLMSSP_NEGOTIATE_OEM
>                1: NTLMSSP_REQUEST_TARGET
>                1: NTLMSSP_NEGOTIATE_SIGN
>                0: NTLMSSP_NEGOTIATE_SEAL
>                0: NTLMSSP_NEGOTIATE_DATAGRAM
>                0: NTLMSSP_NEGOTIATE_LM_KEY
>                0: NTLMSSP_NEGOTIATE_NETWARE
>                1: NTLMSSP_NEGOTIATE_NTLM
>                0: NTLMSSP_NEGOTIATE_NT_ONLY
>                0: NTLMSSP_ANONYMOUS
>                0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
>                0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
>                0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
>                1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>                0: NTLMSSP_TARGET_TYPE_DOMAIN
>                0: NTLMSSP_TARGET_TYPE_SERVER
>                0: NTLMSSP_TARGET_TYPE_SHARE
>                1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>                0: NTLMSSP_NEGOTIATE_IDENTIFY
>                0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
>                0: NTLMSSP_NEGOTIATE_TARGET_INFO
>                0: NTLMSSP_NEGOTIATE_VERSION
>                1: NTLMSSP_NEGOTIATE_128
>                1: NTLMSSP_NEGOTIATE_KEY_EXCH
>                0: NTLMSSP_NEGOTIATE_56
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_NTLM2
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> smb_signing_sign_pdu: sent SMB signature of
> [0000] 42 53 52 53 50 59 4C 20                            BSRSPYL
> write_socket(6,380)
> write_socket(6,380) wrote 380
> got smb length of 35
> size=35
> smb_com=0x73
> smb_rcls=141
> smb_reh=1
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> size=35
> smb_com=0x73
> smb_rcls=141
> smb_reh=1
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> SPNEGO login failed: Trust relationship failure
> session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
>
>



More information about the samba mailing list