On Fri, 22 Oct 2004 18:11:10 -0400, Igor Belyi <[EMAIL PROTECTED]> wrote: I'd guess it's a good idea to check if DNS > name -> IP -> DNS name gives consistent result on all 3 participants: > Samba server, XP client, and ADS. > > Hope it's not useless, > Igor >
Not sure if this covers it: Samba Server : maul(.ddm.apm.bpm.eds.com) ADS Server: ucosddm001(.edsadddm.ddm.apm.bpm.eds.com) WinXP Client: mule(.edsadddm.ddm.apm.bpm.eds.com) ================================================================================ SAMBA SERVER DNS lookups ================================================================================ > maul Server: uscosddm001 Address: 199.42.192.103 Non-authoritative answer: Name: maul.DDM.APM.BPM.EDS.COM Address: 199.42.192.180 # ping -s 199.42.192.180 PING 199.42.192.180: 56 data bytes 64 bytes from maul (199.42.192.180): icmp_seq=0. time=0. ms > mule.edsadddm.ddm.apm.bpm.eds.com Server: uscosddm001 Address: 199.42.192.103 Name: mule.edsadddm.ddm.apm.bpm.eds.com Address: 199.42.192.45 # ping -s 199.42.192.45 PING 199.42.192.45: 56 data bytes 64 bytes from mule (199.42.192.45): icmp_seq=0. time=0. ms > uscosddm001.edsadddm.ddm.apm.bpm.eds.com Server: uscosddm001 Address: 199.42.192.103 Name: uscosddm001.edsadddm.ddm.apm.bpm.eds.com Address: 199.42.192.103 # ping -s 199.42.192.103 PING 199.42.192.103: 56 data bytes 64 bytes from uscosddm001 (199.42.192.103): icmp_seq=0. time=0. ms ================================================================================ ADS SERVER lookups ================================================================================ > maul Server: uscosddm001 Address: 199.42.192.103 Non-authoritative answer: Name: maul.DDM.APM.BPM.EDS.COM Address: 199.42.192.180 > mule Server: uscosddm001 Address: 199.42.192.103 Name: mule.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.45 > uscosddm001 Server: uscosddm001 Address: 199.42.192.103 Name: uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.103 ================================================================================ Windows XP Client lookups ================================================================================ > maul Server: uscosddm001 Address: 199.42.192.103 Non-authoritative answer: Name: maul.DDM.APM.BPM.EDS.COM Address: 199.42.192.180 > mule Server: uscosddm001 Address: 199.42.192.103 Name: mule.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.45 > uscosddm001 Server: uscosddm001 Address: 199.42.192.103 Name: uscosddm001.EDSADDDM.DDM.APM.BPM.EDS.COM Address: 199.42.192.103 ================================================================================ Here's the section of a level 10 log from samba 3.0.7 when connecting from the Windows XP client, and I think it's here that samba decides to choose the NT LM protocol. The question is why? ================================================================================ [2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf last mod_time: Tue Nov 9 14:21:42 2004 [2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1302) open_oplock_ipc: opening loopback UDP socket. [2004/11/09 14:21:57, 10] lib/util_sock.c:open_socket_in(717) bind succeeded on port 0 [2004/11/09 14:21:57, 3] smbd/oplock.c:init_oplocks(1333) open_oplock ipc: pid = 27221, global_oplock_port = 55305 [2004/11/09 14:21:57, 4] lib/time.c:get_serverzone(122) Serverzone is 28800 [2004/11/09 14:21:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(505) got smb length of 133 [2004/11/09 14:21:57, 6] smbd/process.c:process_smb(1091) got message type 0x0 of len 0x85 [2004/11/09 14:21:57, 3] smbd/process.c:process_smb(1092) Transaction 0 of length 137 [2004/11/09 14:21:57, 5] lib/util.c:show_msg(439) [2004/11/09 14:21:57, 5] lib/util.c:show_msg(449) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2004/11/09 14:21:57, 10] lib/util.c:dump_data(1835) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2004/11/09 14:21:57, 3] smbd/process.c:switch_message(887) switch message SMBnegprot (pid 27221) conn 0x0 [2004/11/09 14:21:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/09 14:21:57, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/11/09 14:21:57, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/11/09 14:21:57, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457) Requested protocol [PC NETWORK PROGRAM 1.0] [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457) Requested protocol [LANMAN1.0] [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457) Requested protocol [Windows for Workgroups 3.1a] [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457) Requested protocol [LM1.2X002] [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457) Requested protocol [LANMAN2.1] [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(457) Requested protocol [NT LM 0.12] [2004/11/09 14:21:57, 10] lib/util.c:set_remote_arch(1810) set_remote_arch: Client arch is 'Win2K' [2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf last mod_time: Tue Nov 9 14:21:42 2004 [2004/11/09 14:21:57, 6] param/loadparm.c:lp_file_list_changed(2681) lp_file_list_changed() file /opt/samba/lib/smb.conf -> /opt/samba/lib/smb.conf last mod_time: Tue Nov 9 14:21:42 2004 [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2004/11/09 14:21:57, 3] smbd/negprot.c:reply_negprot(545) Selected protocol NT LM 0.12 [2004/11/09 14:21:57, 5] smbd/negprot.c:reply_negprot(551) negprot index=5 ================================================================================ Do you think that Samba 3.0.8 would fix the problem? I see that there are some changes in user mapping concerning NTLM, but I'd rather figure out why Samba is using that protocol, when I'm convinced it should be using Kerberos authentication. Greg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba