On Fri, Dec 11, 2009 at 8:27 AM, Gaiseric Vandal <[email protected]>wrote:
> On 12/10/09 14:39, Nick Pappin wrote: > >> On Tue, Dec 8, 2009 at 4:40 PM, Nick Pappin<[email protected]> wrote: >> >> >> >>> Hey Everyone, >>> So here is what is going on I have two computers on the same network >>> that are both connected to the PDC of a samba domain (on the same network >>> segment): >>> >>> >>> ____________________________________________ >>> | >>> | | >>> | >>> | | >>> _________ >>> _________ ______ >>> | comp1 | | comp2 | >>> | PDC | >>> --------------- >>> --------------- ---------- >>> >>> Now when i try to connect to the registry of comp1 from comp2 I get an >>> error saying i don't have permission to connect using the domain >>> administrator account. This also coincides with a name mismatch error: >>> >>> [2009/12/08 16:10:43, 0] lib/util_sock.c:matchname(1721) >>> matchname: host name/name mismatch: FOO != FOO.bar.com >>> >>> Could this be causing my problem and how should I troubleshoot this >>> problem. Any ideas would be greatly appreciated. >>> >>> Thanks, >>> Nick >>> >>> >>> >>> >> Hi everyone, >> I have fixed the mismatch error but it still isn't working I was >> hoping someone could help me. From what I can tell in the logs I am >> authenticating on the machine however then I see a wrong password entry. >> Could someone please explain to me what is going on. >> >> I have attached a level 2 log file if you need higher I can do that as >> well. >> >> >> >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) >> init_sam_from_ldap: Entry found for user: root >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366) >> init_group_from_ldap: Entry found for group: 512 >> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308) >> check_ntlm_password: authentication for user [root] -> [root] -> >> [root] >> succeeded >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) >> init_sam_from_ldap: Entry found for user: root >> [2009/12/10 11:21:49, 0] lib/util_sock.c:matchname(1749) >> matchname: host name/address mismatch: ::ffff:192.168.1.200 != it0 >> [2009/12/10 11:21:49, 0] lib/util_sock.c:get_peer_name(1870) >> Matchname failed on it0 ::ffff:192.168.1.200 >> [2009/12/10 11:21:49, 2] >> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) >> Returning domain sid for domain LATAHFCU -> >> S-1-5-21-2238568125-4161709326-2298815865 >> [2009/12/10 11:21:49, 2] >> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) >> Returning domain sid for domain LATAHFCU -> >> S-1-5-21-2238568125-4161709326-2298815865 >> [2009/12/10 11:21:49, 2] >> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) >> Returning domain sid for domain LATAHFCU -> >> S-1-5-21-2238568125-4161709326-2298815865 >> [2009/12/10 11:21:49, 2] >> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) >> Returning domain sid for domain LATAHFCU -> >> S-1-5-21-2238568125-4161709326-2298815865 >> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368) >> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >> all >> old resources. >> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368) >> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >> all >> old resources. >> [2009/12/10 11:21:49, 2] lib/smbldap.c:smbldap_open_connection(856) >> smbldap_open_connection: connection opened >> [2009/12/10 11:21:49, 2] lib/module.c:do_smb_load_module(64) >> Module '/usr/lib64/samba/vfs/full_audit.so' loaded >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) >> init_sam_from_ldap: Entry found for user: root >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128) >> init_ldap_from_sam: Setting entry for user: root >> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(318) >> check_ntlm_password: Authentication for user [Administrator] -> [root] >> FAILED with error NT_STATUS_WRONG_PASSWORD >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) >> init_sam_from_ldap: Entry found for user: root >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366) >> init_group_from_ldap: Entry found for group: 512 >> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308) >> check_ntlm_password: authentication for user [root] -> [root] -> >> [root] >> succeeded >> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) >> init_sam_from_ldap: Entry found for user: root >> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308) >> check_ntlm_password: authentication for user [root] -> [root] -> >> [root] >> succeeded >> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) >> init_sam_from_ldap: Entry found for user: root >> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128) >> init_ldap_from_sam: Setting entry for user: root >> [2009/12/10 11:21:54, 2] auth/auth.c:check_ntlm_password(318) >> check_ntlm_password: Authentication for user [Administrator] -> [root] >> FAILED with error NT_STATUS_WRONG_PASSWORD >> >> >> Thank you for your time, >> -- >> Nick >> >> > > Did you map the Administrator account to the root account? > > I would try either creating an Administrator account in unix and not have > the mapping or try adding another WIndows account to the domain admin group > and seeing if that account can to the remote registry management. > > > If you log in to a PC as a Domain Administrator, are you able to do > Administrative things like adding local users? > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > Yes I have set up a username map. When I log into the PC as a Domain Administrator I am able to connect to remote machines registry. I did forget to mention that I am using an ldap backend so my Administrator and root accounts are one in the same. However when I log in as a local administrator and try to use domain credentials it fails to work. -- Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
