[Samba] Re: Strange Usermapping problem with 3.0.23b

Mon, 21 Aug 2006 13:17:16 -0700 

Hello Volker,

On 2006-08-19 20:10:23 +0200, Volker Lendecke <[EMAIL PROTECTED]> said:


On Sat, Aug 19, 2006 at 05:36:00PM +0200, Matthias Sch=FCndeh=FCtte wrote:

It's FreeBSD 5.5-RELEASE (on my Server) and FreeBSD-6.1-STABLE (on my=20
Workstation), both with Heimdal-Kerberos.
=20
I must admit that the/my previous version of Samba (3.0.22) was=20
compiled using MITs Kerberos V 1.5... But 'kinit' worked with Heimdal=20
as well as 'net ads join' so I thought that was Ok... I prefer Heimdal=20
because it's part of the base OS.


The fact that net ads join works is a good indication but
not a 100% guarantee that the libs can correctly verify the
ticket that comes in. Without really knowing what's going on
I'd still recommend to try with a different Kerberos
version.


Did this today. I (re)installed MIT-Kerberos V 1.5 and recompiled samba-3.0.23b
*and verified* that it's using the MIT libraries...

OK - the errors are gone but the double-mapping remains there:

[...]
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(687)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] 
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(547)
 Got OID 1 2 840 48018 1 2 2
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(547)
 Got OID 1 2 840 113554 1 2 2
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(547)
 Got OID 1 3 6 1 4 1 311 2 2 10
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(550)
 Got secblob of size 2668
[2006/08/21 11:05:42, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
 Ticket name is [EMAIL PROTECTED]
[2006/08/21 11:05:42, 3] smbd/map_username.c:map_username(155)
 Mapped user WW004\SchuendeMa to matthias
[2006/08/21 11:05:42, 3] smbd/map_username.c:map_username(155)
 Mapped user WW004\matthias to smb
[2006/08/21 11:05:42, 3] passdb/lookup_sid.c:store_gid_sid_cache(1107)
 store_gid_sid_cache: gid 256 in cache -> S-1-22-2-256
[...]
If someone is interested, I saved a tar-archive with *all* logfiles of three sessions: 

1. Heimdal-working
2. Heimdal-notworking
3. MIT-notworking

I still think there has something gone wrong...

Matthias
--
Ciao/BSD - Matthias

Matthias Schuendehuette <msch [at] snafu.de>, Berlin (Germany)
PGP-Key at <pgp.mit.edu> and <wwwkeys.de.pgp.net> ID: 0xDDFB0A5F


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to