I've set up Samba on Mac OS X to do pass through authentication to
the nt domain in AD several times now. No big deal, it usually just
works.
Now, however, it doesn't appear to be working. Note the relevant part
of the transaction below (loglevel 4).
Steps to replicate:
a) Add pre-Win2K account with AD Users and computers
b) sudo smbpasswd -j EXAMPLE -r WINSERVER -U Administrator%passwd
(happens successfully)
c) in smb.conf:
security = domain
password server = WINSERVER
nmblookup works for WINSERVER.
[xserve:~] zinch% smbd -V
Version 2.2.3a
[xserve:~] zinch% sw_vers
ProductName: Mac OS X Server
ProductVersion: 10.2.3
BuildVersion: 6G30
transaction in log:
[2003/01/05 16:49:38, 3]
/SourceCache/samba/samba-21/source/lib/util_sock.c:open_socket_out(830)
Connecting to 192.168.1.2 at port 445
[2003/01/05 16:49:38, 4]
/SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_req_chal(221)
cli_net_req_chal: LSA Request Challenge from WINSERVER to XSERVE:
965B45EE4F419A71
[2003/01/05 16:49:38, 4]
/SourceCache/samba/samba-21/source/libsmb/credentials.c:cred_session_key(60)
cred_session_key
[2003/01/05 16:49:38, 4]
/SourceCache/samba/samba-21/source/libsmb/credentials.c:cred_create(91)
cred_create
[2003/01/05 16:49:38, 4]
/SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_auth2(132)
cli_net_auth2: srv:\\WINSERVER acct:XSERVE$ sc:2 mc: XSERVE chal
B58AF439B186C221 neg: 1ff
[2003/01/05 16:49:38, 0]
/SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_auth2(157)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/01/05 16:49:38, 0]
/SourceCache/samba/samba-21/source/rpc_client/cli_login.c:cli_nt_setup_creds(74)
cli_nt_setup_creds: auth2 challenge failed
[2003/01/05 16:49:38, 0]
/SourceCache/samba/samba-21/source/smbd/password.c:connect_to_domain_password_server(1340)
connect_to_domain_password_server: unable to setup the PDC
credentials to machine WINSERVER. Error was : NT_STATUS_OK.
[2003/01/05 16:49:38, 0]
/SourceCache/samba/samba-21/source/smbd/password.c:domain_client_validate(1558)
domain_client_validate: Domain password server not available.
nmblookup (snipped)
[xserve:~] root# nmblookup -d4 WINSERVER
<snip>
querying WINSERVER on 192.168.1.255
nmb packet from 192.168.1.2(137) header: id=7983 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=WINSERVER<00> rr_type=32 rr_class=1 ttl=300000
answers 0 char `..... hex 6000C0A80102
Got a positive name query response from 192.168.1.2 ( 192.168.1.2 )
192.168.1.2 WINSERVER<00>
I've done it this way (as far as I remember) 5-6 times- in addition
to sending these directions to several folks who reported back
success. Not sure what's different here.
--
http://www.4am-media.com
Mac OS X Consulting and Training
Michael Bartosh
[EMAIL PROTECTED]
303.517.0272
Denver, CO
"The surest way to corrupt a youth is to instruct him to hold in higher
regard those who think alike than those who think differently."
- -- Nietzsche
Think Different.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
- Re: [Samba] security = domain and Mac OS X Michael Bartosh
- Re: [Samba] security = domain and Mac OS X Michael Bartosh
