Hi Niels
The file /usr/lib/samba/en_US.UTF-8.msg really is missing but I can't do
anything against this. This is the official RPM package from Fedora 16
(plus updates).
I doubt that they forgot to add this file to the SAMBA package and if so
I would have expected them to correct this in a later update (there were
several).
Regarding the changes in SAMBA 3.4/5/6 I have no doubt that there could
have been changes affecting my configuration but you can't expect
everybody to
read through the changes of the last n versions to get a previously
working config to fly again.
I would expect a Wiki page titled: SAMBA 3.x in an Windows 2008 R2
Environment
Listing all security settings necessary in the "Default Domain
Controllers Policy", "Default Domain Policy" and on the SAMBA side
(smb.conf) to get it working.
In the meantime there are so many settings involved, a
non-samba-developer can hardly cope with them.
Regards,
Oliver
On 15.04.2012 12:34, Niels Dettenbach (Syndicat IT&Internet) wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
"Oliver R."<[email protected]> schrieb:
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Trust relationship failure
lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or
directory
hmm,
i'm not a deeper samba expert, but firstly i would check this file not found
error in more detail - i.e. if the file is present (anywhere) and try to solve
that.
Afair with samba 3.4/5/6 there was some updates with the database / trust
backend (tdbsam etc.) defaults, so make shure you have read all the CHANGES in
between too.
hth a little,
best regards,
Niels.
netmask=255.255.254.0
added interface bge0 ip=10.10.10.43 bcast=10.10.10.255
netmask=255.255.255.0
added interface bge0:2 ip=10.10.10.60 bcast=10.10.10.255
netmask=255.255.255.0
added interface bge0:4 ip=10.10.10.61 bcast=10.10.10.255
netmask=255.255.255.0
added interface bge0:3 ip=10.10.10.62 bcast=10.10.10.255
netmask=255.255.255.0
add_interface: not adding duplicate interface 0.0.0.0
Netbios name list:-
my_netbios_names[0]="myserver"
Client started (version 3.5.8).
Enter cdavis15's password:
Opening cache file at /cm-views/samba.server/locks/gencache.tdb
Opening cache file at
/cm-views/samba.server/locks/gencache_notrans.tdb
Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
sitename_fetch: No stored sitename for
internal_resolve_name: looking up myserver#20 (sitename (null))
Cache entry with key = NBT/myserver#20 couldn't be found
no entry for myserver#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name myserver<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was
No
such file or directory
resolve_wins: Attempting wins lookup for name myserver<0x20>
resolve_wins: WINS server resolution selected and no WINS servers
listed.
resolve_hosts: Attempting host lookup for name myserver<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for myserver#20: 10.10.10.62
Adding cache entry with key = NBT/myserver#20 and timeout = Fri Apr
13
17:34:17 2012
(660 seconds ahead)
internal_resolve_name: returning 1 addresses: 10.10.10.62:0
Running timed event "tevent_req_timedout" 7b11d0
Connecting to 10.10.10.62 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 49152
SO_RCVBUF = 49152
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
session request ok
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
&negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0007 (7)
DomainNameMaxLen : 0x0007 (7)
DomainName : *
DomainName : 'MYDOMAIN'
WorkstationLen : 0x000f (15)
WorkstationMaxLen : 0x000f (15)
Workstation : *
Workstation : 'myserver'
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
write_socket(6,174)
write_socket(6,174) wrote 174
got smb length of 256
size=256
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 163 (0xA3)
smb_bcc=213
[0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ¡. 0.. .
...¡...+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7..
.......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP..
.......0
[0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y
..,.d...
[0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F
.F.>...S
[0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T
.R.E....
[0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C
.T.R.E..
[0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S
.-.C.C.-
[0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V
.I.E.W.S
[0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........
.c.c.1..
[00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i
.x...S.a
[00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a.
.3...5..
[00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P
.E.C.T.R
[00D0] 00 45 00 00 00 .E...
size=256
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 163 (0xA3)
smb_bcc=213
[0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ¡. 0.. .
...¡...+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7..
.......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP..
.......0
[0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y
..,.d...
[0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F
.F.>...S
[0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T
.R.E....
[0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C
.T.R.E..
[0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S
.-.C.C.-
[0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V
.I.E.W.S
[0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........
.c.c.1..
[00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i
.x...S.a
[00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a.
.3...5..
[00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P
.E.C.T.R
[00D0] 00 45 00 00 00 .E...
&challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x000e (14)
TargetNameMaxLen : 0x000e (14)
TargetName : *
TargetName : 'MYDOMAIN'
NegotiateFlags : 0x60898215 (1619624469)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : 790cb42ca364a6ad
Reserved : 0000000000000000
TargetInfoLen : 0x0046 (70)
TargetNameInfoMaxLen : 0x0046 (70)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName
(0x2)
AvLen : 0x000e (14)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'MYDOMAIN'
pair: struct AV_PAIR
AvId :
MsvAvNbComputerName
(0x1)
AvLen : 0x001e (30)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'myserver'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName
(0x4)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : ''
pair: struct AV_PAIR
AvId :
MsvAvDnsComputerName (0x3)
AvLen : 0x0006 (6)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'cc1'
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
&authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case
24)
v1: struct LM_RESPONSE
Response :
078e894cc35e1708df68607b51c47cd6fc4cd6febd7d4ca4
NtChallengeResponseLen : 0x0072 (114)
NtChallengeResponseMaxLen: 0x0072 (114)
NtChallengeResponse : *
NtChallengeResponse : union
ntlmssp_NTLM_RESPONSE(case 114)
v2: struct NTLMv2_RESPONSE
Response :
ff564e232df73299417995e0973dd4e3
Challenge: struct NTLMv2_CLIENT_CHALLENGE
RespType : 0x01 (1)
HiRespType : 0x01 (1)
Reserved1 : 0x0000 (0)
Reserved2 : 0x00000000 (0)
TimeStamp : April 13, 2012
05:23:17
PM GMT GMT
ChallengeFromClient : 7cc0c9cc205d2ce2
Reserved3 : 0x00000000 (0)
AvPairs: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId :
MsvAvNbDomainName (0x2)
AvLen : 0x000e
(14)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'MYDOMAIN'
pair: struct AV_PAIR
AvId :
MsvAvNbComputerName (0x1)
AvLen : 0x001e
(30)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'myserver'
pair: struct AV_PAIR
AvId :
MsvAvDnsDomainName (0x4)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : ''
pair: struct AV_PAIR
AvId :
MsvAvDnsComputerName (0x3)
AvLen : 0x0006 (6)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'cc1'
pair: struct AV_PAIR
AvId : MsvAvEOL
(0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
DomainNameLen : 0x000e (14)
DomainNameMaxLen : 0x000e (14)
DomainName : *
DomainName : 'MYDOMAIN'
UserNameLen : 0x0010 (16)
UserNameMaxLen : 0x0010 (16)
UserName : *
UserName : 'cdavis15'
WorkstationLen : 0x001e (30)
WorkstationMaxLen : 0x001e (30)
Workstation : *
Workstation : 'myserver'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[0000] 7F 69 AF 9D 61 58 E0 8F FB 4B BF 94 3B B4 B9 EE .i..aXà.
ûK¿.;..î
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
write_socket(6,380)
write_socket(6,380) wrote 380
got smb length of 35
size=35
smb_com=0x73
smb_rcls=141
smb_reh=1
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
size=35
smb_com=0x73
smb_rcls=141
smb_reh=1
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
SPNEGO login failed: Trust relationship failure
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
- --
Niels Dettenbach
Syndicat IT&Internet
http://www.syndicat.com
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8
iIEEAREIAEEFAk+KpBo6HE5pZWxzIERldHRlbmJhY2ggKFN5bmRpY2F0IElUJklu
dGVybmV0KSA8bmRAc3luZGljYXQuY29tPgAKCRBU3ERlZRyiDUa0AJ9wnIVXJnW6
WdKRIyhNsbh7Bc+xFQCfdDQrO+dlZjVuTg+h8k4hMPwgRr0=
=4E7g
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
