[Samba] problem with samba 4 as file-server
Stéphane PURNELLE
stephane.purnelle at corman.be
Mon Dec 9 08:43:24 MST 2013
It's seems that user in Domain Admins group cannot have profiles ?
is possible and if yes why ?
thx
-----------------------------------
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-bounces at lists.samba.org wrote on 09/12/2013 14:26:10:
> De : Stéphane PURNELLE <stephane.purnelle at corman.be>
> A : samba at lists.samba.org,
> Date : 09/12/2013 14:26
> Objet : Re: [Samba] problem with samba 4 as file-server
> Envoyé par : samba-bounces at lists.samba.org
>
> It seems that the problem occur when I try to connect to file server
using
> user Administrator or Administrateur
>
>
> Now, I have problem with user's profiles :-(
>
>
>
> -----------------------------------
> Stéphane PURNELLE Admin. Systèmes et Réseaux
> Service Informatique Corman S.A. Tel : 00 32
(0)87/342467
>
> samba-bounces at lists.samba.org wrote on 09/12/2013 13:42:31:
>
> > De : Stéphane PURNELLE <stephane.purnelle at corman.be>
> > A : L.P.H. van Belle <belle at bazuin.nl>,
> > Cc : samba at lists.samba.org
> > Date : 09/12/2013 13:43
> > Objet : Re: [Samba] problem with samba 4 as file-server
> > Envoyé par : samba-bounces at lists.samba.org
> >
> > Hi,
> >
> > time is sync as in hour and minutes, not sure for second (but max 5-10
> > seconds).
> >
> >
> >
> > -----------------------------------
> > Stéphane PURNELLE Admin. Systèmes et Réseaux
> > Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
> >
> > L.P.H. van Belle <belle at bazuin.nl> wrote on 09/12/2013 13:36:13:
> >
> > > De : L.P.H. van Belle <belle at bazuin.nl>
> > > A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> > > Date : 09/12/2013 13:36
> > > Objet : RE: [Samba] problem with samba 4 as file-server
> > >
> > > Is time in sync ?
> > >
> > >
> > >
> > > >-----Oorspronkelijk bericht-----
> > > >Van: stephane.purnelle at corman.be
> > > >[mailto:samba-bounces at lists.samba.org] Namens Stéphane PURNELLE
> > > >Verzonden: maandag 9 december 2013 13:32
> > > >Aan: samba at lists.samba.org
> > > >Onderwerp: [Samba] problem with samba 4 as file-server
> > > >
> > > >Hi,
> > > >
> > > >My configuration:
> > > >
> > > >1 server with Samba4 as a DC (dc01)
> > > >1 server with Samba4 as a file/print server
> > > >
> > > >DC seems to work fine.
> > > >
> > > >file server is connected to DC using this howto
> > > >https://wiki.samba.org/index.php/Samba/Domain_Member
> > > >
> > > >smbd, nmbd, winbindd is running on file/print server.
> > > >
> > > >Bu when I try with a windows client (a windows 2003 server) to
> > > >connect to
> > > >file server.
> > > >client ask for a user and password and password not work.
> > > >
> > > >In log file, I can see :
> > > >
> > > >[2013/12/09 13:19:25.025120, 3]
> > > >../source3/smbd/sesssetup.c:179(reply_sesssetup_and_X_spnego)
> > > > NativeOS=[Windows Server 2003 R2 3790 Service Pack 2]
> > > >NativeLanMan=[]
> > > >PrimaryDomain=[Windows Server 2003 R2 5.2]
> > > >[2013/12/09 13:19:25.025267, 5]
> > > >../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
> > > > check lock order 1 for
/srv/samba/locks/smbXsrv_session_global.tdb
> > > >[2013/12/09 13:19:25.026330, 5]
> > > >../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
> > > > release lock order 1 for
> /srv/samba/locks/smbXsrv_session_global.tdb
> > > >[2013/12/09 13:19:25.026492, 5]
> > > >../source3/auth/auth.c:450(make_auth_context_subsystem)
> > > > Making default auth method list for server role = 'domain member'
> > > >[2013/12/09 13:19:25.026577, 5]
> > > >../source3/auth/auth.c:351(load_auth_module)
> > > > load_auth_module: Attempting to find an auth method to match
guest
> > > >[2013/12/09 13:19:25.026651, 5]
> > > >../source3/auth/auth.c:376(load_auth_module)
> > > > load_auth_module: auth method guest has a valid init
> > > >[2013/12/09 13:19:25.026718, 5]
> > > >../source3/auth/auth.c:351(load_auth_module)
> > > > load_auth_module: Attempting to find an auth method to match sam
> > > >[2013/12/09 13:19:25.026789, 5]
> > > >../source3/auth/auth.c:376(load_auth_module)
> > > > load_auth_module: auth method sam has a valid init
> > > >[2013/12/09 13:19:25.026857, 5]
> > > >../source3/auth/auth.c:351(load_auth_module)
> > > > load_auth_module: Attempting to find an auth method to match
> > > >winbind:ntdomain
> > > >[2013/12/09 13:19:25.026927, 5]
> > > >../source3/auth/auth.c:351(load_auth_module)
> > > > load_auth_module: Attempting to find an auth method to match
> ntdomain
> > > >[2013/12/09 13:19:25.026997, 5]
> > > >../source3/auth/auth.c:376(load_auth_module)
> > > > load_auth_module: auth method ntdomain has a valid init
> > > >[2013/12/09 13:19:25.027063, 5]
> > > >../source3/auth/auth.c:376(load_auth_module)
> > > > load_auth_module: auth method winbind has a valid init
> > > >[2013/12/09 13:19:25.027255, 5]
> > > >../auth/gensec/gensec_start.c:649(gensec_start_mech)
> > > > Starting GENSEC mechanism spnego
> > > >[2013/12/09 13:19:25.027354, 4]
> > > >../source3/smbd/sec_ctx.c:216(push_sec_ctx)
> > > > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> > > >[2013/12/09 13:19:25.027436, 4]
> > > >../source3/smbd/uid.c:485(push_conn_ctx)
> > > > push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> > > >[2013/12/09 13:19:25.027508, 4]
> > > >../source3/smbd/sec_ctx.c:316(set_sec_ctx)
> > > > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> > > >[2013/12/09 13:19:25.027576, 5]
> > > >../libcli/security/security_token.c:53(security_token_debug)
> > > > Security token: (NULL)
> > > >[2013/12/09 13:19:25.027642, 5]
> > > >../source3/auth/token_util.c:528(debug_unix_user_token)
> > > > UNIX token of user 0
> > > > Primary group is 0 and contains 0 supplementary groups
> > > >[2013/12/09 13:19:25.028021, 5]
> > > >../auth/gensec/gensec_start.c:649(gensec_start_mech)
> > > > Starting GENSEC submechanism gse_krb5
> > > >[2013/12/09 13:19:25.193479, 4]
> > > >../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
> > > > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> > > >[2013/12/09 13:19:25.194777, 3]
> > > >../auth/kerberos/kerberos_pac.c:386(kerberos_decode_pac)
> > > > Found account name from PAC: Axxxxxxxxxxx []
> > > >[2013/12/09 13:19:25.194977, 3]
> > > >../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> > > > Kerberos ticket principal name is
> [Axxxxxxxx at CXXXXXDOM.XXX-XXXXXX.XX]
> > > >[2013/12/09 13:19:25.195101, 5]
> > > >../source3/lib/username.c:181(Get_Pwnam_alloc)
> > > > Finding user CORMAN\Administrator
> > > >[2013/12/09 13:19:25.195178, 5]
> > > >../source3/lib/username.c:120(Get_Pwnam_internals)
> > > >[2013/12/09 13:19:25.195178, 5]
> > > >../source3/lib/username.c:120(Get_Pwnam_internals)
> > > > Trying _Get_Pwnam(), username as lowercase is
corman\administrator
> > > >[2013/12/09 13:19:25.217981, 5]
> > > >../source3/lib/username.c:128(Get_Pwnam_internals)
> > > > Trying _Get_Pwnam(), username as given is CXXXXX\Axxxxxxxx
> > > >[2013/12/09 13:19:25.219448, 5]
> > > >../source3/lib/username.c:141(Get_Pwnam_internals)
> > > > Trying _Get_Pwnam(), username as uppercase is
CXXXXX\AXXXXXXXXXXXX
> > > >[2013/12/09 13:19:25.222150, 5]
> > > >../source3/lib/username.c:153(Get_Pwnam_internals)
> > > > Checking combinations of 0 uppercase letters in
corman\Axxxxxxxxxxx
> > > >[2013/12/09 13:19:25.222306, 5]
> > > >../source3/lib/username.c:159(Get_Pwnam_internals)
> > > > Get_Pwnam_internals didn't find user [CXXXXX\Axxxxxxxxx]!
> > > >[2013/12/09 13:19:25.222428, 5]
> > > >../source3/lib/username.c:181(Get_Pwnam_alloc)
> > > > Finding user Axxxxxxxxxx
> > > >[2013/12/09 13:19:25.222501, 5]
> > > >../source3/lib/username.c:120(Get_Pwnam_internals)
> > > > Trying _Get_Pwnam(), username as lowercase is axxxxxxxxx
> > > >[2013/12/09 13:19:25.224239, 5]
> > > >../source3/lib/username.c:128(Get_Pwnam_internals)
> > > > Trying _Get_Pwnam(), username as given is Axxxxxxxx
> > > >[2013/12/09 13:19:25.227687, 5]
> > > >../source3/lib/username.c:141(Get_Pwnam_internals)
> > > > Trying _Get_Pwnam(), username as uppercase is AXXXXXXXXX
> > > >[2013/12/09 13:19:25.229986, 5]
> > > >../source3/lib/username.c:153(Get_Pwnam_internals)
> > > > Checking combinations of 0 uppercase letters in axxxxxxxxxx
> > > >[2013/12/09 13:19:25.230223, 5]
> > > >../source3/lib/username.c:159(Get_Pwnam_internals)
> > > > Get_Pwnam_internals didn't find user [Axxxxxxxxx]!
> > > >[2013/12/09 13:19:25.232546, 1]
> > > >../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
> > > > Username CXXXXX\Axxxxxxxxx is invalid on this system
> > > >[2013/12/09 13:19:25.232702, 1]
> > > >../source3/auth/auth_generic.c:97(auth3_generate_session_info_pac)
> > > > Failed to map kerberos principal to system user
> > > >(NT_STATUS_LOGON_FAILURE)
> > > >[2013/12/09 13:19:25.232813, 1]
> > > >../source3/smbd/sesssetup.c:276(reply_sesssetup_and_X_spnego)
> > > > Failed to generate session_info (user and group token) for
session
> > > >setup: NT_STATUS_ACCESS_DENIED
> > > >[2013/12/09 13:19:25.232903, 5]
> > > >../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
> > > > check lock order 1 for
/srv/samba/locks/smbXsrv_session_global.tdb
> > > >[2013/12/09 13:19:25.233074, 5]
> > > >../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
> > > > release lock order 1 for
> /srv/samba/locks/smbXsrv_session_global.tdb
> > > >[2013/12/09 13:19:25.233379, 3]
> > > >../source3/smbd/error.c:82(error_packet_set)
> > > > NT error packet at ../source3/smbd/sesssetup.c(279) cmd=115
> > > >(SMBsesssetupX) NT_STATUS_ACCESS_DENIED
> > > >
> > > >
> > > >wbinfo -u and wbinfo -g work fine
> > > >
> > > >For me, Samba4 not contact DC for validate account but why ?
> > > >
> > > >anyone can help me
> > > >
> > > >thx
> > > >
> > > >-----------------------------------
> > > >Stéphane PURNELLE Admin. Systèmes et
Réseaux
> > > >Service Informatique Corman S.A. Tel : 00 32
> > > >(0)87/342467
> > > >--
> > > >To unsubscribe from this list go to the following URL and read the
> > > >instructions: https://lists.samba.org/mailman/options/samba
> > > >
> > > >
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list