[Samba] Auth fail getpwuid(3000007) failed

Rowland Penny rowlandpenny at googlemail.com
Sat May 3 06:20:55 MDT 2014 

On 03/05/14 13:15, Leander Schäfer wrote:
>
> Am 02.05.14 11:17, schrieb L.P.H. van Belle:
>> and you did try:
>> smbclient -U "DOMAIN\MyUser" \\\\MyServerName\\MyShare MyPassword
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: info at netocean.de [mailto:samba-bounces at lists.samba.org]
>>> Namens Leander Schäfer
>>> Verzonden: vrijdag 2 mei 2014 10:39
>>> Aan: samba at lists.samba.org
>>> CC: Patrick Hald
>>> Onderwerp: [Samba] Auth fail getpwuid(3000007) failed
>>>
>>> Hi
>>>
>>> sorry to bother, but all of a sudden after a fresh install of
>>> samba with
>>> the regular smb4.conf it keeps on failing when users try to
>>> authenticate:
>>>
>>>
>>> smbclient -U MyUser \\\\MyServerName\\MyShare MyPassword
>>> session setup failed: NT_STATUS_UNSUCCESSFUL
>>>
>>> [...]
>>>
>>>    check_ntlm_password:  authentication for user [MyUser] ->
>>> [MyUser] ->
>>> [MyUser] succeeded
>>> [2014/05/02 10:29:40.930648,  3]
>>> ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)
>>>    NTLMSSP Sign/Seal - Initialising with flags:
>>> [2014/05/02 10:29:40.930671,  3]
>>> ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
>>>    Got NTLMSSP neg_flags=0x60088215
>>>      NTLMSSP_NEGOTIATE_UNICODE
>>>      NTLMSSP_REQUEST_TARGET
>>>      NTLMSSP_NEGOTIATE_SIGN
>>>      NTLMSSP_NEGOTIATE_NTLM
>>>      NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>      NTLMSSP_NEGOTIATE_NTLM2
>>>      NTLMSSP_NEGOTIATE_128
>>>      NTLMSSP_NEGOTIATE_KEY_EXCH
>>> [2014/05/02 10:29:40.930799,  4]
>>> ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
>>>    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2014/05/02 10:29:40.930876,  4]
>>> ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
>>>    push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2014/05/02 10:29:40.930905,  4]
>>> ../source3/smbd/uid.c:495(push_conn_ctx)
>>>    push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2014/05/02 10:29:40.930926,  4]
>>> ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
>>>    setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2014/05/02 10:29:40.930947,  5]
>>> ../libcli/security/security_token.c:53(security_token_debug)
>>>    Security token: (NULL)
>>> [2014/05/02 10:29:40.930968,  5]
>>> ../source3/auth/token_util.c:629(debug_unix_user_token)
>>>    UNIX token of user 0
>>>    Primary group is 0 and contains 0 supplementary groups
>>> [2014/05/02 10:29:40.931099,  4]
>>> ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
>>>    pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2014/05/02 10:29:40.931611,  1]
>>> ../source3/auth/token_util.c:430(add_local_groups)
>>>    SID S-1-5-21-2799780924-1191006566-1534516595-1102 ->
>>> getpwuid(3000007) failed
>>> [2014/05/02 10:29:40.931654,  3]
>>> ../source3/auth/token_util.c:316(create_local_nt_token_from_info3)
>>>    Failed to finalize nt token
>>> [2014/05/02 10:29:40.931677,  1]
>>> ../source3/smbd/sesssetup.c:276(reply_sesssetup_and_X_spnego)
>>>    Failed to generate session_info (user and group token) for session
>>> setup: NT_STATUS_UNSUCCESSFUL
>>>
>>> [...]
>>>
>>> What's wrong here?! Any hint is geartfully appreciated ;)
>>>
>>> Kind Regards
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
> Sorrz, I fogot. Here is the provision config:
>
>
>
> samba-tool domain provision \
>            --realm ${DOMAINNAME^^} \
>            --domain "$( echo ${DOMAINNAME^^} | awk -F'.' '{print $1}' 
> )" \
>            --adminpass ${ROOT_PWD} \
>            --server-role=standalone
>
And there is probably where your problems are coming from, I am fairly 
sure that you cannot provision samba4 as a standalone server, you need 
to run samba4 as if it was a samba 3 server, starting and running the 
separate smbd, nmbd and winbind daemons.

Rowland

More information about the samba mailing list