Re: [Samba] samba winbind problem with trusted domains

Fri, 25 Jun 2010 06:15:47 -0700 






--- Original message ---
Subject: Re: [Samba] samba winbind problem with trusted domains
From: *...@ppu <[email protected]>
To: <[email protected]>
Date: Friday, 25/06/2010  4:09 AM

hi


yes netbios is active on windows machines and i m able to ping samba 
server with .domain.extension. it is asking for user authentiation but 
it is not taking when i give user ID and PWD.



I had that problem with 3.0.9 on FreeBSD YEARS ago...can't remember 
what I did.  Let's see:


In smb.conf, this wouldn't hurt:

workgroup = (NETBIOS NAME OF AD DOMAIN)

Since you have WIndoze servers, turning on WINS on it and adding:

       wins server = <wins ip addy>
       remote announce = <wins ip addy>/<netbios workgroup name>
       remore browse sync = <wins ip addy>


You also want to do some nbtstat commands on the workstations to see 
if they are resolving netbios properly.



Something else just dawned on me, something about W2K8 and NTLMv2 
credentials.  IDK maybe the netbios name is trying to auth by NTLMv2 
and IP addy by kerberos...Like I said IDK, need to see packets.


Cheers,

TMS III








On Thu, Jun 24, 2010 at 6:26 PM, <[email protected]> wrote:




SNIP




thanks for your reply .Those are trusted domains and wbinfo-m is 
showing all the trusted domains.



Anyways I have resolved the problem with Likewise open backend 
authentication tool. :) . But now I am facing another problem . i am 
not able to access samba shares using netbios name





Is netbios active on windows machines?  How is netbios being handled



even with full machine FQDN wherears it is accessible with IP address.

Is the samba machine in DNS?  ping <myserver>.<mydomain>.<extention>





can you please help me ....




On Wed, Jun 23, 2010 at 6:16 PM, <[email protected]> wrote:






On Wednesday 23/06/2010 at 12:12 am, *...@ppu  wrote:

hi all


i am new to samba and struggling with trusted domains authentication 
from

many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain (
testraju.ad) .


i have joined samba server as a member to win2k8 domain (testraju.ad) 
using

net ads join commands /


i m able to access samba shares using testraju.ad user ID's 
successfully ,

while authenticating with corp.raju.ad users i m unable to.....log is
showing as NT_STATUS NO_SUCH USER



In such situations, the forrest testaju.ad must have a trust with 
corp.raju.ad, which would be controlled by the Windoze DC's.  Samba NT 
style domain trusts are not applicable to member servers.  Member 
servers are little more than domain joined machines.


Cheers,

TMS III




follwing is my smb.conf file


[global]
               log file = /var/log/samba/%m
               load printers = yes
               idmap gid = 600-2000000
               interfaces = 127.0.0.1 eth0
               encrypt passwords = yes
               realm = testraju.ad
               winbind use default domain = true
               template shell = /bin/bash
               netbios name = slclinuxfs001
               winbind enum users = no
               idmap uid = 600-2000000
               password server = hsttestadc001.testraju.ad
               winbind nested groups = YeS
               workgroup = test
               winbind enum groups = no
               security = ADS
               max log size = 50000
               bind interfaces only = true
               log level = 3


#winbind separator = \


[raju]
               comment = test share
               path = /tmp/raju
               browsable = yes
               available = yes
               writable = yes
               readonly = no
               valid users = "@RAJU\domain users" "@TEST\domain users"



wbinfo -m is listing all trusted domains .

i m able to authenticate trusted domain user with wbinfo
--authenticate=raju\\pa72635%password (2 back slashes)



i have enabled logging on and following is the client log  when i 
access

with trusted domain user ID .


[2010/06/23 12:47:38.010714,  3] auth/auth.c:216(check_ntlm_password)
   check_ntlm_password:  Checking password for unmapped user
[]...@[hicmbsa001] with the new password interface
[2010/06/23 12:47:38.010761,  3] auth/auth.c:219(check_ntlm_password)

   check_ntlm_password:  mapped user is: 
[slclinuxfs001]...@[hicmbsa001]

[2010/06/23 12:47:38.011642,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011670,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011709,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011812,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011921,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011946,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011969,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.012000,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.012286,  3] auth/auth.c:265(check_ntlm_password)
   check_ntlm_password: guest authentication for user [] succeeded
[2010/06/23 12:47:38.082054,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.082095,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.082119,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.082356,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.082422,  3] lib/privileges.c:63(get_privileges)
   get_privileges: No privileges assigned to SID
[S-1-5-21-2180847254-3007464121-335579984-501]
[2010/06/23 12:47:38.082464,  3] lib/privileges.c:63(get_privileges)
   get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/06/23 12:47:38.082503,  3] lib/privileges.c:63(get_privileges)
   get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2010/06/23 12:47:38.082587,  3]
libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
   NTLMSSP Sign/Seal - Initialising with flags:

[2010/06/23 12:47:38.082624,  3] 
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)

   Got NTLMSSP neg_flags=0xa2088205

[2010/06/23 12:47:38.082676,  3] 
smbd/password.c:282(register_existing_vuid)

   register_existing_vuid: User name: nobody     Real name: Nobody

[2010/06/23 12:47:38.082731,  3] 
smbd/password.c:292(register_existing_vuid)
   register_existing_vuid: UNIX uid 99 is UNIX user nobody, and will 
be vuid

100
[2010/06/23 12:47:38.097021,  3] smbd/process.c:1485(process_smb)
   Transaction 3 of length 94 (0 toread)
[2010/06/23 12:47:38.097084,  3] smbd/process.c:1294(switch_message)
   switch message SMBtconX (pid 13230) conn 0x0
[2010/06/23 12:47:38.097120,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097407,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097438,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097460,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097502,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097552,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097577,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.097599,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.097631,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0

[2010/06/23 12:47:38.097691,  3] 
smbd/service.c:807(make_connection_snum)

   Connect path is '/tmp' for service [IPC$]
[2010/06/23 12:47:38.097843,  3] smbd/vfs.c:97(vfs_init_default)
   Initialising default vfs hooks
[2010/06/23 12:47:38.097960,  3] smbd/vfs.c:122(vfs_init_custom)
   Initialising custom vfs hooks from [/[Default VFS]/]
[2010/06/23 12:47:38.098162,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098186,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098208,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098240,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098277,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098395,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098418,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.098449,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098494,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0

[2010/06/23 12:47:38.098535,  3] 
smbd/service.c:1069(make_connection_snum)
   hicmbsa001 (172.16.203.119) connect to service IPC$ initially as 
user

nobody (uid=99, gid=99) (pid 13230)
[2010/06/23 12:47:38.098564,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.098595,  3] smbd/reply.c:846(reply_tcon_and_X)
   tconX service=IPC$
[2010/06/23 12:47:38.117760,  3] smbd/process.c:1485(process_smb)
   Transaction 4 of length 116 (0 toread)
[2010/06/23 12:47:38.117820,  3] smbd/process.c:1294(switch_message)
   switch message SMBtrans2 (pid 13230) conn 0x9a3ea28
[2010/06/23 12:47:38.117855,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.118074,  3] smbd/msdfs.c:848(get_referred_path)

   get_referred_path: |RAJU| in dfs path \172.27.97.53\raju is not a 
dfs

root.
[2010/06/23 12:47:38.118118,  3] smbd/error.c:80(error_packet_set)

   error packet at smbd/trans2.c(8002) cmd=50 (SMBtrans2) 
NT_STATUS_NOT_FOUND

[2010/06/23 12:47:38.147166,  3] smbd/process.c:1485(process_smb)
   Transaction 5 of length 270 (0 toread)
[2010/06/23 12:47:38.147235,  3] smbd/process.c:1294(switch_message)
   switch message SMBsesssetupX (pid 13230) conn 0x0
[2010/06/23 12:47:38.147264,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.147297,  3]
smbd/sesssetup.c:1435(reply_sesssetup_and_X)
   wct=12 flg2=0xc807
[2010/06/23 12:47:38.147321,  3]
smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
   Doing spnego session setup
[2010/06/23 12:47:38.147376,  3]
smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
   NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 5.2]
[2010/06/23 12:47:38.147451,  3]
smbd/sesssetup.c:805(reply_spnego_negotiate)
   reply_spnego_negotiate: Got secblob of size 40

[2010/06/23 12:47:38.147493,  3] 
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)

   Got NTLMSSP neg_flags=0xa2088207
[2010/06/23 12:47:38.293953,  3]
../lib/util/util_net.c:68(interpret_string_addr_internal)

   interpret_string_addr_internal: getaddrinfo failed for name 
slclinuxfs001

[Name or service not known]

[2010/06/23 12:47:38.298064,  3] 
lib/util_sock.c:1796(get_mydnsfullname)
   get_mydnsfullname: getaddrinfo failed for name slclinuxfs001 
[Unknown

error]
[2010/06/23 12:47:38.309704,  3]
../lib/util/util_net.c:68(interpret_string_addr_internal)

   interpret_string_addr_internal: getaddrinfo failed for name 
slclinuxfs001

[Name or service not known]

[2010/06/23 12:47:38.309860,  3] 
lib/util_sock.c:1796(get_mydnsfullname)
   get_mydnsfullname: getaddrinfo failed for name slclinuxfs001 
[Unknown

error]
[2010/06/23 12:47:38.337483,  3] smbd/process.c:1485(process_smb)
   Transaction 6 of length 378 (0 toread)
[2010/06/23 12:47:38.337555,  3] smbd/process.c:1294(switch_message)
   switch message SMBsesssetupX (pid 13230) conn 0x0
[2010/06/23 12:47:38.337583,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.337623,  3]
smbd/sesssetup.c:1435(reply_sesssetup_and_X)
   wct=12 flg2=0xc807
[2010/06/23 12:47:38.337780,  3]
smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
   Doing spnego session setup
[2010/06/23 12:47:38.337812,  3]
smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
   NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 5.2]

[2010/06/23 12:47:38.337856,  3] 
libsmb/ntlmssp.c:747(ntlmssp_server_auth)

   Got user=[BK72598_S] domain=[raju] workstation=[HICMBSA001] len1=24
len2=24
[2010/06/23 12:47:38.338582,  3] auth/auth.c:216(check_ntlm_password)
   check_ntlm_password:  Checking password for unmapped user
[raju]\[bk72598...@[hicmbsa001] with the new password interface
[2010/06/23 12:47:38.338624,  3] auth/auth.c:219(check_ntlm_password)

   check_ntlm_password:  mapped user is: 
[raju]\[bk72598...@[hicmbsa001]

[2010/06/23 12:47:38.338659,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.338684,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.338708,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.383705,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.485606,  2] auth/auth.c:314(check_ntlm_password)

   check_ntlm_password:  Authentication for user [BK72598_S] -> 
[BK72598_S]

FAILED with error NT_STATUS_NO_SUCH_USER
[2010/06/23 12:47:38.485672,  3] smbd/error.c:80(error_packet_set)
   error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2010/06/23 12:47:48.362075,  3] smbd/process.c:1485(process_smb)
   Transaction 7 of length 43 (0 toread)
[2010/06/23 12:47:48.362301,  3] smbd/process.c:1294(switch_message)
   switch message SMBulogoffX (pid 13230) conn 0x0
[2010/06/23 12:47:48.362360,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.362605,  3] smbd/reply.c:2055(reply_ulogoffX)
   ulogoffX vuid=100
[2010/06/23 12:47:48.372969,  3] smbd/process.c:1485(process_smb)
   Transaction 8 of length 39 (0 toread)
[2010/06/23 12:47:48.372999,  3] smbd/process.c:1294(switch_message)
   switch message SMBtdis (pid 13230) conn 0x9a3ea28
[2010/06/23 12:47:48.373023,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.373073,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.373104,  3] smbd/service.c:1250(close_cnum)
   hicmbsa001 (172.16.203.119) closed connection to service IPC$

[2010/06/23 12:47:48.373204,  3] 
smbd/connection.c:31(yield_connection)

   Yielding connection to IPC$
[2010/06/23 12:47:48.373415,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:48.392269,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2010/06/23 12:47:48.392370,  3] 
smbd/connection.c:31(yield_connection)

   Yielding connection to
[2010/06/23 12:47:48.392613,  3] smbd/server.c:902(exit_server_common)
   Server exit (failed to receive smb request)




please help me :(
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba










--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to