[Samba] problem with samba 4 as file-server
Stéphane PURNELLE
stephane.purnelle at corman.be
Mon Dec 9 05:42:31 MST 2013
Hi,
time is sync as in hour and minutes, not sure for second (but max 5-10
seconds).
-----------------------------------
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
L.P.H. van Belle <belle at bazuin.nl> wrote on 09/12/2013 13:36:13:
> De : L.P.H. van Belle <belle at bazuin.nl>
> A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> Date : 09/12/2013 13:36
> Objet : RE: [Samba] problem with samba 4 as file-server
>
> Is time in sync ?
>
>
>
> >-----Oorspronkelijk bericht-----
> >Van: stephane.purnelle at corman.be
> >[mailto:samba-bounces at lists.samba.org] Namens Stéphane PURNELLE
> >Verzonden: maandag 9 december 2013 13:32
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] problem with samba 4 as file-server
> >
> >Hi,
> >
> >My configuration:
> >
> >1 server with Samba4 as a DC (dc01)
> >1 server with Samba4 as a file/print server
> >
> >DC seems to work fine.
> >
> >file server is connected to DC using this howto
> >https://wiki.samba.org/index.php/Samba/Domain_Member
> >
> >smbd, nmbd, winbindd is running on file/print server.
> >
> >Bu when I try with a windows client (a windows 2003 server) to
> >connect to
> >file server.
> >client ask for a user and password and password not work.
> >
> >In log file, I can see :
> >
> >[2013/12/09 13:19:25.025120, 3]
> >../source3/smbd/sesssetup.c:179(reply_sesssetup_and_X_spnego)
> > NativeOS=[Windows Server 2003 R2 3790 Service Pack 2]
> >NativeLanMan=[]
> >PrimaryDomain=[Windows Server 2003 R2 5.2]
> >[2013/12/09 13:19:25.025267, 5]
> >../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
> > check lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.026330, 5]
> >../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
> > release lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.026492, 5]
> >../source3/auth/auth.c:450(make_auth_context_subsystem)
> > Making default auth method list for server role = 'domain member'
> >[2013/12/09 13:19:25.026577, 5]
> >../source3/auth/auth.c:351(load_auth_module)
> > load_auth_module: Attempting to find an auth method to match guest
> >[2013/12/09 13:19:25.026651, 5]
> >../source3/auth/auth.c:376(load_auth_module)
> > load_auth_module: auth method guest has a valid init
> >[2013/12/09 13:19:25.026718, 5]
> >../source3/auth/auth.c:351(load_auth_module)
> > load_auth_module: Attempting to find an auth method to match sam
> >[2013/12/09 13:19:25.026789, 5]
> >../source3/auth/auth.c:376(load_auth_module)
> > load_auth_module: auth method sam has a valid init
> >[2013/12/09 13:19:25.026857, 5]
> >../source3/auth/auth.c:351(load_auth_module)
> > load_auth_module: Attempting to find an auth method to match
> >winbind:ntdomain
> >[2013/12/09 13:19:25.026927, 5]
> >../source3/auth/auth.c:351(load_auth_module)
> > load_auth_module: Attempting to find an auth method to match ntdomain
> >[2013/12/09 13:19:25.026997, 5]
> >../source3/auth/auth.c:376(load_auth_module)
> > load_auth_module: auth method ntdomain has a valid init
> >[2013/12/09 13:19:25.027063, 5]
> >../source3/auth/auth.c:376(load_auth_module)
> > load_auth_module: auth method winbind has a valid init
> >[2013/12/09 13:19:25.027255, 5]
> >../auth/gensec/gensec_start.c:649(gensec_start_mech)
> > Starting GENSEC mechanism spnego
> >[2013/12/09 13:19:25.027354, 4]
> >../source3/smbd/sec_ctx.c:216(push_sec_ctx)
> > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> >[2013/12/09 13:19:25.027436, 4]
> >../source3/smbd/uid.c:485(push_conn_ctx)
> > push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> >[2013/12/09 13:19:25.027508, 4]
> >../source3/smbd/sec_ctx.c:316(set_sec_ctx)
> > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> >[2013/12/09 13:19:25.027576, 5]
> >../libcli/security/security_token.c:53(security_token_debug)
> > Security token: (NULL)
> >[2013/12/09 13:19:25.027642, 5]
> >../source3/auth/token_util.c:528(debug_unix_user_token)
> > UNIX token of user 0
> > Primary group is 0 and contains 0 supplementary groups
> >[2013/12/09 13:19:25.028021, 5]
> >../auth/gensec/gensec_start.c:649(gensec_start_mech)
> > Starting GENSEC submechanism gse_krb5
> >[2013/12/09 13:19:25.193479, 4]
> >../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
> > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> >[2013/12/09 13:19:25.194777, 3]
> >../auth/kerberos/kerberos_pac.c:386(kerberos_decode_pac)
> > Found account name from PAC: Axxxxxxxxxxx []
> >[2013/12/09 13:19:25.194977, 3]
> >../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> > Kerberos ticket principal name is [Axxxxxxxx at CXXXXXDOM.XXX-XXXXXX.XX]
> >[2013/12/09 13:19:25.195101, 5]
> >../source3/lib/username.c:181(Get_Pwnam_alloc)
> > Finding user CORMAN\Administrator
> >[2013/12/09 13:19:25.195178, 5]
> >../source3/lib/username.c:120(Get_Pwnam_internals)
> >[2013/12/09 13:19:25.195178, 5]
> >../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is corman\administrator
> >[2013/12/09 13:19:25.217981, 5]
> >../source3/lib/username.c:128(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as given is CXXXXX\Axxxxxxxx
> >[2013/12/09 13:19:25.219448, 5]
> >../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is CXXXXX\AXXXXXXXXXXXX
> >[2013/12/09 13:19:25.222150, 5]
> >../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in corman\Axxxxxxxxxxx
> >[2013/12/09 13:19:25.222306, 5]
> >../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [CXXXXX\Axxxxxxxxx]!
> >[2013/12/09 13:19:25.222428, 5]
> >../source3/lib/username.c:181(Get_Pwnam_alloc)
> > Finding user Axxxxxxxxxx
> >[2013/12/09 13:19:25.222501, 5]
> >../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is axxxxxxxxx
> >[2013/12/09 13:19:25.224239, 5]
> >../source3/lib/username.c:128(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as given is Axxxxxxxx
> >[2013/12/09 13:19:25.227687, 5]
> >../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is AXXXXXXXXX
> >[2013/12/09 13:19:25.229986, 5]
> >../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in axxxxxxxxxx
> >[2013/12/09 13:19:25.230223, 5]
> >../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [Axxxxxxxxx]!
> >[2013/12/09 13:19:25.232546, 1]
> >../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
> > Username CXXXXX\Axxxxxxxxx is invalid on this system
> >[2013/12/09 13:19:25.232702, 1]
> >../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
> > Failed to map kerberos principal to system user
> >(NT_STATUS_LOGON_FAILURE)
> >[2013/12/09 13:19:25.232813, 1]
> >../source3/smbd/sesssetup.c:276(reply_sesssetup_and_X_spnego)
> > Failed to generate session_info (user and group token) for session
> >setup: NT_STATUS_ACCESS_DENIED
> >[2013/12/09 13:19:25.232903, 5]
> >../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
> > check lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.233074, 5]
> >../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
> > release lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.233379, 3]
> >../source3/smbd/error.c:82(error_packet_set)
> > NT error packet at ../source3/smbd/sesssetup.c(279) cmd=115
> >(SMBsesssetupX) NT_STATUS_ACCESS_DENIED
> >
> >
> >wbinfo -u and wbinfo -g work fine
> >
> >For me, Samba4 not contact DC for validate account but why ?
> >
> >anyone can help me
> >
> >thx
> >
> >-----------------------------------
> >Stéphane PURNELLE Admin. Systèmes et Réseaux
> >Service Informatique Corman S.A. Tel : 00 32
> >(0)87/342467
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
More information about the samba
mailing list