Hi Julien,
I did the fresh install. There was one time i was able to authenticate and
connect. When i logged out and reconnect. I was failing, after that outlook
wasnt able to talk to exchange server. Following are the logs.
dreplsrv_notify_schedule(5) scheduled for: Mon Jan 18 21:21:40 2010 PKT
mapiproxy::mapiproxy_op_bind: [session = 0x0] [session server id = 0x0 0x4f
0x0]
dcerpc_mapiproxy: Delegated credentials acquired
mapiproxy::mapiproxy_op_connect
dcerpc_mapiproxy: RPC proxy: Using specified account
Using binding ncacn_ip_tcp:192.168.0.24[,print]
Mapped to DCERPC endpoint 135
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
Mapped to DCERPC endpoint 1053
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] D4 F7 07 DB A6 6A 3E 5F .....j>_
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: talloc_free with references at mapiproxy/dcesrv_mapiproxy.c:161
reference at auth/gensec/gensec.c:1089
dcerpc_mapiproxy: RPC proxy: CONNECTED
Starting GENSEC mechanism ntlmssp
Got NTLMSSP neg_flags=0xa2088207
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_56
Got user=[wazhar] domain=[exchange.cdocs.local] workstation=[cdocs-TESTING]
len1=24 len2=24
auth_check_password_send: Checking password for unmapped user
[exchange.cdocs.local]\[wazh...@[cdocs-testing]
map_user_info: Mapping user [exchange.cdocs.local]\[wazhar] from workstation
[cdocs-TESTING]
auth_check_password_send: mapped user is:
[exchange.cdocs.local]\[wazh...@[cdocs-testing]
auth_get_challenge: returning previous challenge by module NTLMSSP callback
(NTLM2) (normal)
[0000] 60 2D 7B A4 D4 B6 92 03 `-{.....
(normal if no LDAP backend required) Could not find entry to match filter:
'(&(objectclass=ldapSecret)(cn=SAMDB Credentials))' base: '(null)'
ntlm_password_check: Checking NT MD4 password
authsam_account_ok: Checking SMB password for user wazhar
logon_hours_ok: No hours restrictions for user wazhar
auth_check_password_recv: sam_ignoredomain authentication for user
[cdocs\wazhar] succeeded
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: RfrGetNewDSA(0x0): 56 bytes
RfrGetNewDSA: struct RfrGetNewDSA
in: struct RfrGetNewDSA
ulFlags : 0x00000000 (0)
pUserDN : *
pUserDN : '/o=First Organization/ou=First
Administrative Group/cn=Recipients/cn=wazhar'
ppszUnused : NULL
ppszServer : *
ppszServer : NULL
RfrGetNewDSA: struct RfrGetNewDSA
out: struct RfrGetNewDSA
ppszUnused : NULL
ppszServer : *
ppszServer : *
ppszServer : 'exchange.cdocs.local'
result : MAPI_E_SUCCESS (0x0)
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
Terminating connection - 'NT_STATUS_CONNECTION_RESET'
single_terminate: reason[NT_STATUS_CONNECTION_RESET]
mapiproxy::mapiproxy_op_unbind
WARNING: attempt to remove unset id 163593 in idtree
rpc_server/dcerpc_server.c:78: Failed to remove assoc_group 0x00027f09
mapiproxy::mapiproxy_op_bind: [session = 0x0] [session server id = 0x0 0x4f
0x0]
dcerpc_mapiproxy: Delegated credentials acquired
mapiproxy::mapiproxy_op_connect
dcerpc_mapiproxy: RPC proxy: Using specified account
Using binding ncacn_ip_tcp:192.168.0.24[,print]
Mapped to DCERPC endpoint 135
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
Mapped to DCERPC endpoint 1053
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 9C 22 D1 FA 1D 45 31 0F ."...E1.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: talloc_free with references at mapiproxy/dcesrv_mapiproxy.c:161
reference at auth/gensec/gensec.c:1089
dcerpc_mapiproxy: RPC proxy: CONNECTED
Starting GENSEC mechanism ntlmssp
Got NTLMSSP neg_flags=0xa2088207
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_56
Got user=[wazhar] domain=[exchange.cdocs.local] workstation=[cdocs-TESTING]
len1=24 len2=24
auth_check_password_send: Checking password for unmapped user
[exchange.cdocs.local]\[wazh...@[cdocs-testing]
map_user_info: Mapping user [exchange.cdocs.local]\[wazhar] from workstation
[cdocs-TESTING]
auth_check_password_send: mapped user is:
[exchange.cdocs.local]\[wazh...@[cdocs-testing]
auth_get_challenge: returning previous challenge by module NTLMSSP callback
(NTLM2) (normal)
[0000] 4E 50 F9 F6 28 DA 06 0B NP..(...
(normal if no LDAP backend required) Could not find entry to match filter:
'(&(objectclass=ldapSecret)(cn=SAMDB Credentials))' base: '(null)'
ntlm_password_check: Checking NT MD4 password
authsam_account_ok: Checking SMB password for user wazhar
logon_hours_ok: No hours restrictions for user wazhar
auth_check_password_recv: sam_ignoredomain authentication for user
[cdocs\wazhar] succeeded
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: RfrGetNewDSA(0x0): 56 bytes
RfrGetNewDSA: struct RfrGetNewDSA
in: struct RfrGetNewDSA
ulFlags : 0x00000000 (0)
pUserDN : *
pUserDN : '/o=First Organization/ou=First
Administrative Group/cn=Recipients/cn=wazhar'
ppszUnused : NULL
ppszServer : *
ppszServer : NULL
RfrGetNewDSA: struct RfrGetNewDSA
out: struct RfrGetNewDSA
ppszUnused : NULL
ppszServer : *
ppszServer : *
ppszServer : 'exchange.cdocs.local'
result : MAPI_E_SUCCESS (0x0)
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
Terminating connection - 'NT_STATUS_CONNECTION_RESET'
single_terminate: reason[NT_STATUS_CONNECTION_RESET]
mapiproxy::mapiproxy_op_unbind
WARNING: attempt to remove unset id 163594 in idtree
rpc_server/dcerpc_server.c:78: Failed to remove assoc_group 0x00027f0a
mapiproxy::mapiproxy_op_bind: [session = 0x0] [session server id = 0x0 0x4f
0x0]
dcerpc_mapiproxy: Delegated credentials acquired
mapiproxy::mapiproxy_op_connect
dcerpc_mapiproxy: RPC proxy: Using specified account
Using binding ncacn_ip_tcp:192.168.0.24[,print]
Mapped to DCERPC endpoint 135
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
Mapped to DCERPC endpoint 1026
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
added interface ip=192.168.0.249 nmask=255.255.255.0
added interface ip=192.168.0.250 nmask=255.255.255.0
added interface ip=192.168.122.1 nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 7D BA 03 BB E6 79 4F A7 }....yO.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: talloc_free with references at mapiproxy/dcesrv_mapiproxy.c:161
reference at auth/gensec/gensec.c:1089
dcerpc_mapiproxy: RPC proxy: CONNECTED
Starting GENSEC mechanism ntlmssp
Got NTLMSSP neg_flags=0xa2088207
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_56
Got user=[wazhar] domain=[exchange.cdocs.local] workstation=[cdocs-TESTING]
len1=24 len2=24
auth_check_password_send: Checking password for unmapped user
[exchange.cdocs.local]\[wazh...@[cdocs-testing]
map_user_info: Mapping user [exchange.cdocs.local]\[wazhar] from workstation
[cdocs-TESTING]
auth_check_password_send: mapped user is:
[exchange.cdocs.local]\[wazh...@[cdocs-testing]
auth_get_challenge: returning previous challenge by module NTLMSSP callback
(NTLM2) (normal)
[0000] D9 4B F8 59 63 95 FD 03 .K.Yc...
(normal if no LDAP backend required) Could not find entry to match filter:
'(&(objectclass=ldapSecret)(cn=SAMDB Credentials))' base: '(null)'
ntlm_password_check: Checking NT MD4 password
authsam_account_ok: Checking SMB password for user wazhar
logon_hours_ok: No hours restrictions for user wazhar
auth_check_password_recv: sam_ignoredomain authentication for user
[cdocs\wazhar] succeeded
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: NspiBind(0x0): 48 bytes
NspiBind: struct NspiBind
in: struct NspiBind
dwFlags : 0x00000000 (0)
0: fAnonymousLogin
pStat : *
pStat: struct STAT
SortType : SortTypeDisplayName (0)
ContainerID : 0x00000000 (0)
CurrentRec : 0x00000000 (0)
Delta : 0x00000000 (0)
NumPos : 0x00000000 (0)
TotalRecs : 0x00000000 (0)
CodePage : 0x000004e4 (1252)
TemplateLocale : 0x00000409 (1033)
SortLocale : 0x00000409 (1033)
mapiuid : *
mapiuid :
00000000-0000-0000-0000-000000000000
NspiBind: struct NspiBind
out: struct NspiBind
mapiuid : *
mapiuid :
eb64bd15-aca5-42f0-af80-6d3e78bba938
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
0678517d-4661-4e95-b204-e2413c1de078
result : MAPI_E_SUCCESS (0x0)
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
dreplsrv_notify_schedule(5) scheduled for: Mon Jan 18 21:21:45 2010 PKT
Received dgram packet of length 201 from 192.168.0.196:138
Browse LocalMasterAnnouncement (Op 15) on 'CAMBRIDGEDOCS<1e>'
'\MAILSLOT\BROWSE' from 192.168.0.196:138
Received dgram packet of length 201 from 192.168.0.196:138
Browse LocalMasterAnnouncement (Op 15) on 'CAMBRIDGEDOCS<1e>'
'\MAILSLOT\BROWSE' from 192.168.0.196:138
Received dgram packet of length 201 from 192.168.0.196:138
Browse LocalMasterAnnouncement (Op 15) on 'CAMBRIDGEDOCS<1e>'
'\MAILSLOT\BROWSE' from 192.168.0.196:138
dreplsrv_notify_schedule(5) scheduled for: Mon Jan 18 21:21:50 2010 PKT
Received dgram packet of length 245 from 192.168.0.201:138
nbtd netlogon handler failed from 192.168.0.201:138 to CDOCS<1c> -
NT_STATUS_BAD_NETWORK_NAME
Received dgram packet of length 245 from 192.168.0.201:138
nbtd netlogon handler failed from 192.168.0.201:138 to CDOCS<1c> -
NT_STATUS_BAD_NETWORK_NAME
Received dgram packet of length 245 from 192.168.0.201:138
nbtd netlogon handler failed from 192.168.0.201:138 to CDOCS<1c> -
NT_STATUS_BAD_NETWORK_NAME
Thanks,
-WAzhar
On Mon, Jan 18, 2010 at 8:27 PM, Waseem Azhar <[email protected]> wrote:
> Letme do a fresh mapiproxy configuration. I let you know in 30 min.
>
> Thanks,
> WAzhar.
>
>
> On Mon, Jan 18, 2010 at 8:24 PM, Julien Kerihuel <
> [email protected]> wrote:
>
>> On Mon, 2010-01-18 at 20:01 +0500, Waseem Azhar wrote:
>>
>> Hi Julien,
>>
>> Following is my smb.conf file :
>>
>> [globals]
>> netbios name = WAZHAR
>> workgroup = CODCS
>> realm = CODCS.LOCAL
>> server role = domain controller
>>
>> dcerpc endpoint servers = epmapper, mapiproxy
>> dcerpc_mapiproxy:username = wazhar
>> dcerpc_mapiproxy:password = secret
>> dcerpc_mapiproxy:binding = ncacn_ip_tcp:192.168.0.24[print]
>> dcerpc_mapiproxy:domain = CDOCS
>> dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
>> exchange_ds_rfr
>> dcerpc_mapiproxy:modules = downgrade
>>
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/cdocs.local/scripts
>> read only = no
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = no
>>
>>
>> The conf looks correct.
>>
>> I see in your output that you have "dcerpc_mapiproxy: Delegated
>> credentials acquired" which next fall back to specified account mode. There
>> shouldn't be such line when connecting Outlook to mapiproxy unless you have
>> setup kerberos. It is possible mapiproxy fails to associate the
>> Outlook-mapiproxy connection with delegated credentials set and the
>> mapiproxy-Exchange connection with specified account.
>>
>> This may also potentially explain why you have assoc_group errors showing
>> up.
>>
>>
>> ---
>>
>>
>> Julien Kerihuel
>> [email protected]
>> OpenChange Project Manager
>>
>> GPG Fingerprint: 0B55 783D A781 6329 108A B609 7EF6 FE11 A35F 1F79
>>
>>
>>
>
_______________________________________________
devel mailing list
[email protected]
http://mailman.openchange.org/listinfo/devel
