natalie, disabling packet signing on AD side did the trick, thanks what will be the nevada release to incorporate a fix for packet signing?
thanks for your help s- On Dec 15, 2007 6:12 AM, Natalie Li <[EMAIL PROTECTED]> wrote: > Please disable packet signing on your domain controller and try again. > This is a known issue. > > Natalie > > > Selim Daoud wrote: > > >btw..I'm on b79 > > > > > >On Dec 15, 2007 3:31 AM, Selim Daoud <[EMAIL PROTECTED]> wrote: > > > > > >>Hi all, > >>can someone give me a hint to solve this problem. thanks a lot > >>(working in workgroup mode is fine though) > >> > >>When trying to join the domain, I obtain following: > >> > >>[EMAIL PROTECTED] smbadm join -u sam kuada > >>Enter domain password: > >>Joining 'kuada' ... this may take a minute ... > >>failed to join domain 'kuada' (LOGON_FAILURE) > >>[EMAIL PROTECTED] dmesg | tail > >> > >>Dec 15 02:53:25 blade smbd[2074]: [ID 995127 daemon.error] dyndns: UDP > >>send error (Bad file number) > >>Dec 15 02:53:25 blade smbd[2074]: [ID 342079 daemon.error] smb_ads: > >>send/receive error > >>Dec 15 02:53:27 blade smbd[2074]: [ID 350819 daemon.error] > >>SmbrdrExchange[115]: bad signature > >>Dec 15 02:53:27 blade smbd[2074]: [ID 286894 daemon.error] > >>SmbrdrSessionSetup: INVALID_NETWORK_RESPONSE > >>Dec 15 02:53:27 blade smbd[2074]: [ID 871254 daemon.error] smbd: > >>failed joining kuada (LOGON_FAILURE) > >> > >>from the AD server (Security Event Viewer) , I can see user "sam" > >>connecting fine: > >>(here are 3 event viewer event I get) > >>******************************************************* > >>Event Type: Success Audit > >>Event Source: Security > >>Event Category: Logon/Logoff > >>Event ID: 540 > >>Date: 15/12/2007 > >>Time: 02:53:27 > >>User: KUADA\sam > >>Computer: EXLUDUS > >>Description: > >>Successful Network Logon: > >> User Name: sam > >> Domain: KUADA > >> Logon ID: (0x0,0x979813) > >> Logon Type: 3 > >> Logon Process: NtLmSsp > >> Authentication Package: NTLM > >> Workstation Name: \\192.168.2.150 > >> Logon GUID: - > >> Caller User Name: - > >> Caller Domain: - > >> Caller Logon ID: - > >> Caller Process ID: - > >> Transited Services: - > >> Source Network Address: 192.168.2.150 > >> Source Port: 0 > >>----------------------------------------------- > >>Event Type: Success Audit > >>Event Source: Security > >>Event Category: Logon/Logoff > >>Event ID: 576 > >>Date: 15/12/2007 > >>Time: 02:53:27 > >>User: KUADA\sam > >>Computer: EXLUDUS > >>Description: > >>Special privileges assigned to new logon: > >> User Name: sam > >> Domain: KUADA > >> Logon ID: (0x0,0x979813) > >> Privileges: SeSecurityPrivilege > >> SeBackupPrivilege > >> SeRestorePrivilege > >> SeTakeOwnershipPrivilege > >> SeDebugPrivilege > >> SeSystemEnvironmentPrivilege > >> SeLoadDriverPrivilege > >> SeImpersonatePrivilege > >> SeEnableDelegationPrivilege > >>----------------------------------------------- > >>Event Type: Success Audit > >>Event Source: Security > >>Event Category: Account Logon > >>Event ID: 680 > >>Date: 15/12/2007 > >>Time: 02:53:27 > >>User: KUADA\sam > >>Computer: EXLUDUS > >>Description: > >>Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > >> Logon account: SAM > >> Source Workstation: \\192.168.2.150 > >> Error Code: 0x0 > >>******************************************************* > >> > >>Here are some more info on my configuration: > >>[EMAIL PROTECTED] sharectl get smb > >>system_comment= > >>max_workers=64 > >>netbios_scope= > >>rdr_ipcmode=auth > >>lmauth_level=4 > >>keep_alive=5400 > >>wins_server_1= > >>wins_server_2= > >>wins_exclude= > >>signing_enabled=false > >>signing_required=false > >>restrict_anonymous=false > >>pdc= > >>ads_enable=true > >>ads_user=QWRtaW5pc3RyYXRvcg== > >>ads_user_container= > >>ads_domain=kuada.dyndns.org > >>ads_passwd=Q2Ezc2Fy > >>ads_ip_lookup=false > >>ads_site= > >>ddns_enable=true > >>ddns_retry_sec=2 > >>ddns_retry_cnt=3 > >>autohome_map=/etc > >> > >> > >>here's the same session with a snoop > >>********************************************** > >>[EMAIL PROTECTED] svcadm disable smb/server; svcadm enable -r smb/server > >>svcadm: svc:/milestone/network depends on svc:/network/physical, which > >>has multiple instances. > >>[EMAIL PROTECTED] > >>[EMAIL PROTECTED] snoop not port 22 & > >>[2] 2134 > >>[EMAIL PROTECTED] Using device qfe3 (promiscuous mode) > >> > >>[EMAIL PROTECTED] smbadm join -u sam kuada > >>Enter domain password: > >>Joining 'kuada' ... this may take a minute ... > >> blade -> exludus.kuada.dyndns.org DNS C Internet Unknown (33) ? > >>exludus.kuada.dyndns.org -> blade DNS R > >> blade -> exludus.kuada.dyndns.org DNS C > >>_ldap._tcp.dc._msdcs.kuada.dyndns.org. Internet Unknown (33) ? > >>exludus.kuada.dyndns.org -> blade DNS R > >>_ldap._tcp.dc._msdcs.kuada.dyndns.org. Internet Unknown (33) > >> blade -> 192.168.2.255 NBT NS Release Request for BLADE[0], Success > >> blade -> 192.168.2.255 NBT NS Release Request for WORKGROUP[0], > >> Success > >> blade -> 192.168.2.255 NBT NS Release Request for BLADE[20], Success > >> blade -> 192.168.2.255 NBT NS Registration Request for BLADE[0], > >> Success > >> blade -> 192.168.2.255 NBT NS Registration Request for BLADE[20], > >> Success > >> blade -> exludus.kuada.dyndns.org DNS C > >>255.2.168.192.in-addr.arpa. Internet PTR ? > >>exludus.kuada.dyndns.org -> blade DNS R Error: 3(Name Error) > >> blade -> exludus.kuada.dyndns.org DNS C > >>255.2.168.192.in-addr.arpa. Internet PTR ? > >>exludus.kuada.dyndns.org -> blade DNS R Error: 3(Name Error) > >> blade -> 192.168.2.255 NBT NS Query Request for WORKGROUP[0], Success > >>failed to join domain 'kuada' (LOGON_FAILURE) > >>[EMAIL PROTECTED] blade -> exludus.kuada.dyndns.org SMB C port=44420 > >>exludus.kuada.dyndns.org -> blade SMB R port=44420 > >> blade -> exludus.kuada.dyndns.org SMB C port=44420 > >> blade -> exludus.kuada.dyndns.org SMB C Code=0x72 > >>Name=SMBnegprot LastDialect=NT LM 0.12 Error=0 > >>exludus.kuada.dyndns.org -> blade SMB R Code=0x72 > >>Name=SMBnegprot Dialect#=0 Error=0 > >> blade -> exludus.kuada.dyndns.org SMB C port=44420 > >> blade -> exludus.kuada.dyndns.org SMB C Code=0x73 > >>Name=SMBsesssetupX Username=SAM Error=0 > >>exludus.kuada.dyndns.org -> blade SMB R Code=0x73 > >>Name=SMBsesssetupX Error=0 > >> blade -> exludus.kuada.dyndns.org SMB C port=44420 > >> blade -> 192.168.2.255 NBT NS Query Request for WORKGROUP[0], Success > >> blade -> 192.168.2.255 NBT NS Registration Request for > >>WORKGROUP[0], Success > >> blade -> 192.168.2.255 NBT NS Query Request for WORKGROUP[1d], > >> Success > >> blade -> 192.168.2.255 NBT NS Query Request for WORKGROUP[1d], > >> Success > >> blade -> 192.168.2.255 NBT NS Query Request for WORKGROUP[1b], > >> Success > >> blade -> 192.168.2.255 NBT NS Query Request for WORKGROUP[1b], > >> Success > >> > >>[EMAIL PROTECTED] dmesg | tail > >>Dec 15 03:02:57 blade smbd[2127]: [ID 995127 daemon.error] dyndns: UDP > >>send error (Bad file number) > >>Dec 15 03:02:57 blade smbd[2127]: [ID 342079 daemon.error] smb_ads: > >>send/receive error > >>Dec 15 03:03:00 blade smbd[2127]: [ID 350819 daemon.error] > >>SmbrdrExchange[115]: bad signature > >>Dec 15 03:03:00 blade smbd[2127]: [ID 286894 daemon.error] > >>SmbrdrSessionSetup: INVALID_NETWORK_RESPONSE > >>Dec 15 03:03:00 blade smbd[2127]: [ID 871254 daemon.error] smbd: > >>failed joining kuada (LOGON_FAILURE) > >> > >> > >> > > > > > > > > > > > > -- ------------------------------------------------------ Blog: http://fakoli.blogspot.com/ _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
