[Samba] Samba 4.17 AD Cannot connect to shares as administrator
Daniel Müller
mueller at tropenklinik.de
Mon May 18 00:42:00 MDT 2015
So you use images!?
Are you shure you used different host names for each client.
We found using install images will do this confusion some times because
windows announced with the image name not with the new one.
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Timo Altun
Gesendet: Samstag, 16. Mai 2015 17:29
An: samba at lists.samba.org
Betreff: [Samba] Samba 4.17 AD Cannot connect to shares as administrator
Hi,
I encountered a strange problem...some of my windows machines cannot be
joined to an Samba 4.17 AD domain (8 of ~90 clients). These are 7 Win7
clients and one WinXP client.
The message I receive in windows is: "Logon failure: unknown user name or
bad password".
All other Win7 and XP machines could be joined...the same OS image has been
used to install both the machines that could be joined and those that
couldn't.
The AD DC is on Debian Jessie with Samba 4.17 from debian sources. Win 7
clients are Win7 Ultimate SP1, XP is SP3.
If I'm interpreting the logs correctly, it seems the clients are trying to
join as anonymous, even though I enter the administrators account
information. I tried using workgroup and realm name, and other domain admin
accounts to join the computers, but get the same error over and over.
Does somebody have a hint where to look? I'd of course like to avoid
reinstalling these machines.
I attached the smb.conf and the log file of a Win7 PC while I was trying to
join.
Greetings,
Timo
*smb.conf:*
# Global parameters
[global]
workgroup = MAYWEG
realm = MAYWEG.NET
netbios name = SERVER27
interfaces = lo, eth0
bind interfaces only = Yes
server role = active directory domain controller server services = s3fs,
rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
[netlogon]
path = /var/lib/samba/sysvol/mayweg.net/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
*Samba-log of a Win7 machine while trying to join:*
[2015/05/16 17:04:22.607986, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 192.168.111.236 (192.168.111.236)
[2015/05/16 17:04:22.608616, 3] ../source3/smbd/oplock.c:873(init_oplocks)
init_oplocks: initializing messages.
[2015/05/16 17:04:22.609217, 3] ../source3/smbd/process.c:1802(process_smb)
Transaction 0 of length 159 (0 toread)
[2015/05/16 17:04:22.609385, 3]
../source3/smbd/process.c:1405(switch_message)
switch message SMBnegprot (pid 4587) conn 0x0
[2015/05/16 17:04:22.611816, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2015/05/16 17:04:22.612015, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [LANMAN1.0]
[2015/05/16 17:04:22.612176, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2015/05/16 17:04:22.612272, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [LM1.2X002]
[2015/05/16 17:04:22.612397, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [LANMAN2.1]
[2015/05/16 17:04:22.612520, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [NT LM 0.12]
[2015/05/16 17:04:22.612643, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [SMB 2.002]
[2015/05/16 17:04:22.612989, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [SMB 2.???]
[2015/05/16 17:04:22.613738, 3]
../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2015/05/16 17:04:22.622803, 2]
../lib/util/modules.c:191(do_smb_load_module)
Module 'samba4' loaded
[2015/05/16 17:04:22.626230, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2015/05/16 17:04:22.626428, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2015/05/16 17:04:22.626515, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2015/05/16 17:04:22.626591, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'schannel' registered
[2015/05/16 17:04:22.626657, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'spnego' registered
[2015/05/16 17:04:22.626752, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'ntlmssp' registered
[2015/05/16 17:04:22.626841, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'krb5' registered
[2015/05/16 17:04:22.626911, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2015/05/16 17:04:22.632051, 3]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2015/05/16 17:04:22.638717, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'sam' registered
[2015/05/16 17:04:22.638915, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'sam_ignoredomain' registered
[2015/05/16 17:04:22.639031, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'anonymous' registered
[2015/05/16 17:04:22.639194, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'winbind' registered
[2015/05/16 17:04:22.639277, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'winbind_wbclient' registered
[2015/05/16 17:04:22.639379, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'name_to_ntstatus' registered
[2015/05/16 17:04:22.639460, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'unix' registered
[2015/05/16 17:04:22.662528, 3]
../source3/smbd/negprot.c:672(reply_negprot)
Selected protocol SMB 2.???
[2015/05/16 17:04:22.663344, 3]
../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
Selected protocol SMB2_10
[2015/05/16 17:04:22.664437, 3]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2015/05/16 17:04:22.690034, 3]
../source3/smbd/server_exit.c:221(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
[2015/05/16 17:04:22.999939, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 192.168.111.236 (192.168.111.236)
[2015/05/16 17:04:23.000705, 3] ../source3/smbd/oplock.c:873(init_oplocks)
init_oplocks: initializing messages.
[2015/05/16 17:04:23.001398, 3] ../source3/smbd/process.c:1802(process_smb)
Transaction 0 of length 108 (0 toread)
[2015/05/16 17:04:23.001849, 3]
../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
Selected protocol SMB2_10
[2015/05/16 17:04:23.013135, 2]
../lib/util/modules.c:191(do_smb_load_module)
Module 'samba4' loaded
[2015/05/16 17:04:23.016389, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2015/05/16 17:04:23.016571, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2015/05/16 17:04:23.016671, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2015/05/16 17:04:23.016750, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'schannel' registered
[2015/05/16 17:04:23.016882, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'spnego' registered
[2015/05/16 17:04:23.016985, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'ntlmssp' registered
[2015/05/16 17:04:23.017066, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'krb5' registered
[2015/05/16 17:04:23.017156, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2015/05/16 17:04:23.022258, 3]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2015/05/16 17:04:23.028125, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'sam' registered
[2015/05/16 17:04:23.028321, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'sam_ignoredomain' registered
[2015/05/16 17:04:23.028421, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'anonymous' registered
[2015/05/16 17:04:23.028499, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'winbind' registered
[2015/05/16 17:04:23.028593, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'winbind_wbclient' registered
[2015/05/16 17:04:23.028677, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'name_to_ntstatus' registered
[2015/05/16 17:04:23.028774, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'unix' registered
[2015/05/16 17:04:23.054566, 3]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2015/05/16 17:04:23.082930, 3]
../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
[2015/05/16 17:04:23.084961, 3]
../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth)
Got user=[] domain=[] workstation=[PC65] len1=1 len2=0
[2015/05/16 17:04:23.085136, 3]
../source4/auth/ntlm/auth.c:270(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user []\[]@[PC65]
auth_check_password_send: mapped user is: [MAYWEG]\[]@[PC65]
[2015/05/16 17:04:23.085396, 3]
../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2015/05/16 17:04:23.085480, 3]
../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088215
[2015/05/16 17:04:23.089748, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 192.168.111.236 (192.168.111.236)
[2015/05/16 17:04:23.090331, 3]
../source3/smbd/service.c:612(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2015/05/16 17:04:23.090587, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2015/05/16 17:04:23.090745, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2015/05/16 17:04:23.090851, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [acl_xattr]
[2015/05/16 17:04:23.095703, 2]
../lib/util/modules.c:191(do_smb_load_module)
Module 'acl_xattr' loaded
[2015/05/16 17:04:23.095910, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [dfs_samba4]
[2015/05/16 17:04:23.100971, 2]
../lib/util/modules.c:191(do_smb_load_module)
Module 'dfs_samba4' loaded
[2015/05/16 17:04:23.101172, 2]
../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true'
and 'force unknown acl user = true' for service IPC$
[2015/05/16 17:04:23.109088, 3]
../source3/smbd/service.c:856(make_connection_snum)
192.168.111.236 (ipv4:192.168.111.236:1174) connect to service IPC$
initially as user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000008) (pid
4588)
[2015/05/16 17:04:31.383878, 3] ../source3/smbd/service.c:1130(close_cnum)
192.168.111.236 (ipv4:192.168.111.236:1174) closed connection to service
IPC$
[2015/05/16 17:04:31.387550, 3]
../source3/smbd/server_exit.c:221(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
[2015/05/16 17:04:31.704078, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 192.168.111.236 (192.168.111.236)
[2015/05/16 17:04:31.704942, 3] ../source3/smbd/oplock.c:873(init_oplocks)
init_oplocks: initializing messages.
[2015/05/16 17:04:31.705594, 3] ../source3/smbd/process.c:1802(process_smb)
Transaction 0 of length 159 (0 toread)
[2015/05/16 17:04:31.705775, 3]
../source3/smbd/process.c:1405(switch_message)
switch message SMBnegprot (pid 4589) conn 0x0
[2015/05/16 17:04:31.708376, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2015/05/16 17:04:31.708616, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [LANMAN1.0]
[2015/05/16 17:04:31.708763, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2015/05/16 17:04:31.708887, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [LM1.2X002]
[2015/05/16 17:04:31.709044, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [LANMAN2.1]
[2015/05/16 17:04:31.709181, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [NT LM 0.12]
[2015/05/16 17:04:31.709309, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [SMB 2.002]
[2015/05/16 17:04:31.709438, 3]
../source3/smbd/negprot.c:564(reply_negprot)
Requested protocol [SMB 2.???]
[2015/05/16 17:04:31.710062, 3]
../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2015/05/16 17:04:31.719910, 2]
../lib/util/modules.c:191(do_smb_load_module)
Module 'samba4' loaded
[2015/05/16 17:04:31.723681, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2015/05/16 17:04:31.723880, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2015/05/16 17:04:31.723978, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2015/05/16 17:04:31.724079, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'schannel' registered
[2015/05/16 17:04:31.724173, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'spnego' registered
[2015/05/16 17:04:31.724263, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'ntlmssp' registered
[2015/05/16 17:04:31.724360, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'krb5' registered
[2015/05/16 17:04:31.724449, 3]
../auth/gensec/gensec_start.c:870(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2015/05/16 17:04:31.730008, 3]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2015/05/16 17:04:31.736065, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'sam' registered
[2015/05/16 17:04:31.736216, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'sam_ignoredomain' registered
[2015/05/16 17:04:31.736307, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'anonymous' registered
[2015/05/16 17:04:31.736427, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'winbind' registered
[2015/05/16 17:04:31.736491, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'winbind_wbclient' registered
[2015/05/16 17:04:31.736576, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'name_to_ntstatus' registered
[2015/05/16 17:04:31.736668, 3]
../source4/auth/ntlm/auth.c:673(auth_register)
AUTH backend 'unix' registered
[2015/05/16 17:04:31.757056, 3]
../source3/smbd/negprot.c:672(reply_negprot)
Selected protocol SMB 2.???
[2015/05/16 17:04:31.757823, 3]
../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
Selected protocol SMB2_10
[2015/05/16 17:04:31.759042, 3]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2015/05/16 17:04:31.786446, 3]
../source3/smbd/server_exit.c:221(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list