[Samba] Internal LDAP problem

Luis Angel Fernandez Fernandez laffdez at gmail.com
Wed Feb 6 09:00:32 MST 2013 

I keep dealing with this issue and now I launched samba this way:

 /usr/local/samba/sbin/samba -s /usr/local/samba/etc/smb.conf -l
/var/log/samba/ -i -M single -d5

And when I try to change the password for  "CN=celia.centeno,OU=alisys.net
,OU=dominios,DC=aliratiun,DC=tic" this is what I see in logs:

Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got NTLMSSP neg_flags=0xe2088297
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_NEGOTIATE_OEM
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_LM_KEY
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
  NTLMSSP_NEGOTIATE_56
Got user=[Administrator] domain=[] workstation=[NOMADA29] len1=24 len2=268
auth_check_password_send: Checking password for unmapped user
[]\[Administrator]@[NOMADA29]
map_user_info_cracknames: Mapping user []\[Administrator] from workstation
[NOMADA29]
auth_check_password_send: mapped user is:
[ALIRATIUN]\[Administrator]@[NOMADA29]
auth_get_challenge: returning previous challenge by module random (normal)
[0000] 97 82 6D 69 6E FA 71 B7                            ..min.q.
ntlm_password_check: Checking NTLMv2 password with domain []
authsam_account_ok: Checking SMB password for user Administrator
logon_hours_ok: No hours restrictions for user Administrator
auth_check_password_recv: sam_ignoredomain authentication for user
[ALIRATIUN\Administrator] succeeded
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0xe2088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
  NTLMSSP_NEGOTIATE_56
ldb: Added timed event "ltdb_callback": 0xa9fe958
ldb: Added timed event "ltdb_timeout": 0xb24ebe0
ldb: Destroying timer event 0xb24ebe0 "ltdb_timeout"
ldb: Ending timer event 0xa9fe958 "ltdb_callback"

[... Many of those ...]
BAD SIG NTLM2: wanted signature of
[0000] 01 00 00 00 82 A3 B0 6E   D2 87 8B B6 00 00 00 00   .......n ........
BAD SIG: got signature of
[0000] 01 00 00 00 02 0C A7 DE   7E 39 C6 8D 00 00 00 00   ........ ~9......
NTLMSSP NTLM2 packet check failed due to invalid signature!
ldb_request BASE
dn=CN=celia.centeno,OU=alisys.net,OU=dominios,DC=aliratiun,DC=tic
filter=(objectClass=*)
ldb_request BASE
dn=CN=celia.centeno,OU=alisys.net,OU=dominios,DC=aliratiun,DC=tic
filter=(objectClass=*)
ldb_request BASE
dn=CN=celia.centeno,OU=alisys.net,OU=dominios,DC=aliratiun,DC=tic
filter=(objectClass=*)
dreplsrv_notify_schedule(5) scheduled for: Wed Feb  6 16:52:00 2013 CET
dreplsrv_notify_schedule(5) scheduled for: Wed Feb  6 16:52:05 2013 CET
dreplsrv_notify_schedule(5) scheduled for: Wed Feb  6 16:52:10 2013 CET
smbsrv_accept
Shutdown SMB signing
switch message SMBnegprot (task_id 0.88)
Requested protocol [0][PC NETWORK PROGRAM 1.0]
Requested protocol [1][LANMAN1.0]
Requested protocol [2][Windows for Workgroups 3.1a]
Requested protocol [3][LM1.2X002]
Requested protocol [4][LANMAN2.1]
Requested protocol [5][NT LM 0.12]
Requested protocol [6][SMB 2.002]
Requested protocol [7][SMB 2.???]
ldb: Added timed event "ltdb_callback": 0xa723468

ldb: Added timed event "ltdb_timeout": 0xa8d7430

ldb: Destroying timer event 0xa8d7430 "ltdb_timeout"

ldb: Ending timer event 0xa723468 "ltdb_callback"

Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
using SPNEGO
Selected protocol [5][NT LM 0.12]
switch message SMBsesssetupX (task_id 0.88)
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got NTLMSSP neg_flags=0xe2088297
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_NEGOTIATE_OEM
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_LM_KEY
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
  NTLMSSP_NEGOTIATE_56
switch message SMBsesssetupX (task_id 0.88)
Got user=[Administrator] domain=[] workstation=[NOMADA29] len1=24 len2=268
auth_check_password_send: Checking password for unmapped user
[]\[Administrator]@[NOMADA29]
map_user_info_cracknames: Mapping user []\[Administrator] from workstation
[NOMADA29]
auth_check_password_send: mapped user is:
[ALIRATIUN]\[Administrator]@[NOMADA29]
auth_get_challenge: returning previous challenge by module random (normal)
[0000] 12 BC E9 A7 F8 30 02 D1                            .....0..
ntlm_password_check: Checking NTLMv2 password with domain []
authsam_account_ok: Checking SMB password for user Administrator
logon_hours_ok: No hours restrictions for user Administrator
auth_check_password_recv: sam_ignoredomain authentication for user
[ALIRATIUN\Administrator] succeeded
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0xe2088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
  NTLMSSP_NEGOTIATE_56
ldb: Added timed event "ltdb_callback": 0xb5cd408
ldb: Added timed event "ltdb_timeout": 0xb5cd468
ldb: Destroying timer event 0xb5cd468 "ltdb_timeout"
ldb: Ending timer event 0xb5cd408 "ltdb_callback"

[... Many of those ...]

Mandatory SMB signing enabled!
SMB signing enabled!
sign_outgoing_message: SENT SIG (seq: 1): sent SMB signature of
[0000] 02 D0 C8 FB BD 69 94 9C                            .....i..
[0000] B3 46 BE 26 A3 7F 0F CA                            .F.&....
Seen valid packet, so turning signing on
Seen valid packet, so marking signing as 'seen valid'
switch message SMBtconX (task_id 0.88)
sign_outgoing_message: SENT SIG (seq: 3): sent SMB signature of
[0000] 55 5D E8 D4 4F 28 D2 38                            U]..O(.8
[0000] DC 8F EF AD FF 7C D6 A5                            .....|..
switch message SMBntcreateX (task_id 0.88)
sign_outgoing_message: SENT SIG (seq: 5): sent SMB signature of
[0000] 81 B7 63 3D BD 37 9E 72                            ..c=.7.r
Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.0.86
single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]




2013/2/5 Luis Angel Fernandez Fernandez <laffdez at gmail.com>

> I forgot to mention I'm using Samba 4.0.0.
>
> I'd appreciate any help here since I can't figure it out and I don't know
> where else I can look at.
>
>
> 2013/2/4 Luis Angel Fernandez Fernandez <laffdez at gmail.com>
>
>>   Hi!
>>
>>   I'm trying to use the internal LDAP provided by Samba4 to store mail
>> domains used by SOGo. I have two sets of users. Those used by Samba and
>> created through samba-tool and those created under some "ou" I have made
>> up. A few days ago I was able to change the latter users passwords using
>> "ldapadmin" (a windows LDAP client) but today I am not. When I try to
>> change a password I get an error message like "RPC server unavailable".
>>
>>   And I have another problem with LDAP. I have to use ldapadmin to change
>> users' password because ldappasswd gives me this error:
>>
>> ldappasswd -d4 -h 192.168.0.137 "cn=juan.lapuerta,ou=alisys.net
>> ,dc=aliratiun,dc=tic"
>> ldap_build_search_req ATTRS: supportedSASLMechanisms
>> SASL/GSSAPI authentication started
>> SASL username: Administrator at ALIRATIUN.TIC
>> SASL SSF: 56
>> SASL data security layer installed.
>> Result: Protocol error (2)
>> Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported
>>
>>   But I think I read somewhere that that extended operation is supported.
>>
>>   Thanks in advance.
>>
>>   Regards,
>>
>> --
>> Linkedin profile (http://es.linkedin.com/in/lafdez)
>> G+ profile (https://plus.google.com/u/0/115320207805121303027/about)
>> Twitter (@lafdez @_lafdez_)
>> Identi.ca (@lafdez)
>>
>
>
>
> --
> Linkedin profile (http://es.linkedin.com/in/lafdez)
> G+ profile (https://plus.google.com/u/0/115320207805121303027/about)
> Twitter (@lafdez @_lafdez_)
> Identi.ca (@lafdez)
>



-- 
Linkedin profile (http://es.linkedin.com/in/lafdez)
G+ profile (https://plus.google.com/u/0/115320207805121303027/about)
Twitter (@lafdez @_lafdez_)
Identi.ca (@lafdez)

More information about the samba mailing list