[Samba] problem with samba 4 as file-server

Stéphane PURNELLE stephane.purnelle at corman.be
Mon Dec 9 05:42:31 MST 2013


Hi,

time is sync as in hour and minutes, not sure for second (but max 5-10 
seconds).



-----------------------------------
Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
Service Informatique       Corman S.A.           Tel : 00 32 (0)87/342467

L.P.H. van Belle <belle at bazuin.nl> wrote on 09/12/2013 13:36:13:

> De : L.P.H. van Belle <belle at bazuin.nl>
> A : Stéphane PURNELLE <stephane.purnelle at corman.be>, 
> Date : 09/12/2013 13:36
> Objet : RE: [Samba] problem with samba 4  as file-server
> 
> Is time in sync ? 
> 
> 
> 
> >-----Oorspronkelijk bericht-----
> >Van: stephane.purnelle at corman.be 
> >[mailto:samba-bounces at lists.samba.org] Namens Stéphane PURNELLE
> >Verzonden: maandag 9 december 2013 13:32
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] problem with samba 4 as file-server
> >
> >Hi,
> >
> >My configuration: 
> >
> >1 server with Samba4 as a DC (dc01)
> >1 server with Samba4 as a file/print server
> >
> >DC seems to work fine.
> >
> >file server is connected to DC using this howto 
> >https://wiki.samba.org/index.php/Samba/Domain_Member
> >
> >smbd, nmbd, winbindd is running on file/print server.
> >
> >Bu when I try with a windows client (a windows 2003 server) to 
> >connect to 
> >file server.
> >client ask for a user and password and password not work.
> >
> >In log file, I can see : 
> >
> >[2013/12/09 13:19:25.025120,  3] 
> >../source3/smbd/sesssetup.c:179(reply_sesssetup_and_X_spnego)
> >  NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] 
> >NativeLanMan=[] 
> >PrimaryDomain=[Windows Server 2003 R2 5.2]
> >[2013/12/09 13:19:25.025267,  5] 
> >../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
> >  check lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.026330,  5] 
> >../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
> >  release lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.026492,  5] 
> >../source3/auth/auth.c:450(make_auth_context_subsystem)
> >  Making default auth method list for server role = 'domain member'
> >[2013/12/09 13:19:25.026577,  5] 
> >../source3/auth/auth.c:351(load_auth_module)
> >  load_auth_module: Attempting to find an auth method to match guest
> >[2013/12/09 13:19:25.026651,  5] 
> >../source3/auth/auth.c:376(load_auth_module)
> >  load_auth_module: auth method guest has a valid init
> >[2013/12/09 13:19:25.026718,  5] 
> >../source3/auth/auth.c:351(load_auth_module)
> >  load_auth_module: Attempting to find an auth method to match sam
> >[2013/12/09 13:19:25.026789,  5] 
> >../source3/auth/auth.c:376(load_auth_module)
> >  load_auth_module: auth method sam has a valid init
> >[2013/12/09 13:19:25.026857,  5] 
> >../source3/auth/auth.c:351(load_auth_module)
> >  load_auth_module: Attempting to find an auth method to match 
> >winbind:ntdomain
> >[2013/12/09 13:19:25.026927,  5] 
> >../source3/auth/auth.c:351(load_auth_module)
> >  load_auth_module: Attempting to find an auth method to match ntdomain
> >[2013/12/09 13:19:25.026997,  5] 
> >../source3/auth/auth.c:376(load_auth_module)
> >  load_auth_module: auth method ntdomain has a valid init
> >[2013/12/09 13:19:25.027063,  5] 
> >../source3/auth/auth.c:376(load_auth_module)
> >  load_auth_module: auth method winbind has a valid init
> >[2013/12/09 13:19:25.027255,  5] 
> >../auth/gensec/gensec_start.c:649(gensec_start_mech)
> >  Starting GENSEC mechanism spnego
> >[2013/12/09 13:19:25.027354,  4] 
> >../source3/smbd/sec_ctx.c:216(push_sec_ctx)
> >  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> >[2013/12/09 13:19:25.027436,  4] 
> >../source3/smbd/uid.c:485(push_conn_ctx)
> >  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> >[2013/12/09 13:19:25.027508,  4] 
> >../source3/smbd/sec_ctx.c:316(set_sec_ctx)
> >  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> >[2013/12/09 13:19:25.027576,  5] 
> >../libcli/security/security_token.c:53(security_token_debug)
> >  Security token: (NULL)
> >[2013/12/09 13:19:25.027642,  5] 
> >../source3/auth/token_util.c:528(debug_unix_user_token)
> >  UNIX token of user 0
> >  Primary group is 0 and contains 0 supplementary groups
> >[2013/12/09 13:19:25.028021,  5] 
> >../auth/gensec/gensec_start.c:649(gensec_start_mech)
> >  Starting GENSEC submechanism gse_krb5
> >[2013/12/09 13:19:25.193479,  4] 
> >../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
> >  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> >[2013/12/09 13:19:25.194777,  3] 
> >../auth/kerberos/kerberos_pac.c:386(kerberos_decode_pac)
> >  Found account name from PAC: Axxxxxxxxxxx []
> >[2013/12/09 13:19:25.194977,  3] 
> >../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> >  Kerberos ticket principal name is [Axxxxxxxx at CXXXXXDOM.XXX-XXXXXX.XX]
> >[2013/12/09 13:19:25.195101,  5] 
> >../source3/lib/username.c:181(Get_Pwnam_alloc)
> >  Finding user CORMAN\Administrator
> >[2013/12/09 13:19:25.195178,  5] 
> >../source3/lib/username.c:120(Get_Pwnam_internals)
> >[2013/12/09 13:19:25.195178,  5] 
> >../source3/lib/username.c:120(Get_Pwnam_internals)
> >  Trying _Get_Pwnam(), username as lowercase is corman\administrator
> >[2013/12/09 13:19:25.217981,  5] 
> >../source3/lib/username.c:128(Get_Pwnam_internals)
> >  Trying _Get_Pwnam(), username as given is CXXXXX\Axxxxxxxx
> >[2013/12/09 13:19:25.219448,  5] 
> >../source3/lib/username.c:141(Get_Pwnam_internals)
> >  Trying _Get_Pwnam(), username as uppercase is CXXXXX\AXXXXXXXXXXXX
> >[2013/12/09 13:19:25.222150,  5] 
> >../source3/lib/username.c:153(Get_Pwnam_internals)
> >  Checking combinations of 0 uppercase letters in corman\Axxxxxxxxxxx
> >[2013/12/09 13:19:25.222306,  5] 
> >../source3/lib/username.c:159(Get_Pwnam_internals)
> >  Get_Pwnam_internals didn't find user [CXXXXX\Axxxxxxxxx]!
> >[2013/12/09 13:19:25.222428,  5] 
> >../source3/lib/username.c:181(Get_Pwnam_alloc)
> >  Finding user Axxxxxxxxxx
> >[2013/12/09 13:19:25.222501,  5] 
> >../source3/lib/username.c:120(Get_Pwnam_internals)
> >  Trying _Get_Pwnam(), username as lowercase is axxxxxxxxx
> >[2013/12/09 13:19:25.224239,  5] 
> >../source3/lib/username.c:128(Get_Pwnam_internals)
> >  Trying _Get_Pwnam(), username as given is Axxxxxxxx
> >[2013/12/09 13:19:25.227687,  5] 
> >../source3/lib/username.c:141(Get_Pwnam_internals)
> >  Trying _Get_Pwnam(), username as uppercase is AXXXXXXXXX
> >[2013/12/09 13:19:25.229986,  5] 
> >../source3/lib/username.c:153(Get_Pwnam_internals)
> >  Checking combinations of 0 uppercase letters in axxxxxxxxxx
> >[2013/12/09 13:19:25.230223,  5] 
> >../source3/lib/username.c:159(Get_Pwnam_internals)
> >  Get_Pwnam_internals didn't find user [Axxxxxxxxx]!
> >[2013/12/09 13:19:25.232546,  1] 
> >../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
> >  Username CXXXXX\Axxxxxxxxx is invalid on this system
> >[2013/12/09 13:19:25.232702,  1] 
> >../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
> >  Failed to map kerberos principal to system user 
> >(NT_STATUS_LOGON_FAILURE)
> >[2013/12/09 13:19:25.232813,  1] 
> >../source3/smbd/sesssetup.c:276(reply_sesssetup_and_X_spnego)
> >  Failed to generate session_info (user and group token) for session 
> >setup: NT_STATUS_ACCESS_DENIED
> >[2013/12/09 13:19:25.232903,  5] 
> >../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
> >  check lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.233074,  5] 
> >../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
> >  release lock order 1 for /srv/samba/locks/smbXsrv_session_global.tdb
> >[2013/12/09 13:19:25.233379,  3] 
> >../source3/smbd/error.c:82(error_packet_set)
> >  NT error packet at ../source3/smbd/sesssetup.c(279) cmd=115 
> >(SMBsesssetupX) NT_STATUS_ACCESS_DENIED
> >
> >
> >wbinfo -u and wbinfo -g work fine
> >
> >For me, Samba4 not contact DC for validate account but why ?
> >
> >anyone can help me
> >
> >thx
> >
> >-----------------------------------
> >Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
> >Service Informatique       Corman S.A.           Tel : 00 32 
> >(0)87/342467
> >-- 
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> 


More information about the samba mailing list