Hi! Ok, I now have compiled samba, that can join domain. Only thing, compiled before samba, is MIT Kerberos v5 (notice no LDAP!). * net ads join - WORKS * wbinfo -u/-g/-m - WORKS * nsswitch.conf entries are as follows passwd: files winbind group: files winbind * smbd, nmbd, winbind - RUNNING * id DOMAIN+user - DOESN'T WORK * connecting to shares - DOESN'T WORK
What I see in the logs (and on CLI if running with "-FiS") is that samba (and UNIXs "id") is having trouble getting user information from winbind. I cannot access shares as domain admin and manage shares when connecting to samba server from "manage computer" dialog. Were to look/debug next? Recompile it with newest GNUs gettext and libiconv? Try to fix the socket options problems? When tracing smbd with "truss smbd -d10 -FiS" I see some unsuccessfull stats for nss_winbind.so.1 library (I compiled without --enable-nss-wrapper). For now I'll try to recompile with this option and see what happens. 21017: write(1, " T r y i n g _ G e t _".., 60) = 60 21017: getuid() = 0 [0] 21017: getuid() = 0 [0] 21017: open64("/var/run/name_service_door", O_RDONLY) Err#2 ENOENT 21017: open("/etc/passwd", O_RDONLY) = 32 21017: fstat64(32, 0x080466C0) = 0 21017: fstat64(32, 0x080465D0) = 0 21017: ioctl(32, TCGETA, 0x08046670) Err#25 ENOTTY 21017: read(32, " r o o t : x : 0 : 0 : S".., 1536) = 1255 21017: read(32, 0x0893096C, 1536) = 0 21017: llseek(32, 0, SEEK_CUR) = 1255 21017: close(32) = 0 21017: stat64("/opt/samba/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT 21017: stat64("/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT 21017: stat64("/usr/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT Checking combinations of 0 uppercase letters in administrator 21017: write(1, " C h e c k i n g c o m".., 62) = 62 Get_Pwnam_internals didn't find user [Administrator]! 21017: write(1, " G e t _ P w n a m _ i n".., 54) = 54 21017: getpid() = 21017 [21016] 21017: getpid() = 21017 [21016] 21017: pollsys(0x08044B50, 1, 0x08044C68, 0x00000000) = 0 21017: write(18, " 0\b\0\0 %\0\0\0\0\0\0\0".., 2096) = 2096 21017: pollsys(0x080445C0, 1, 0x080446D8, 0x00000000) = 1 21017: read(18, "A8\r\0\002\0\0\0\0\0\0\0".., 3496) = 3496 Username PROSERVE+Administrator is invalid on this system 21017: write(1, " T r y i n g _ G e t _".., 60) = 60 21017: getuid() = 0 [0] 21017: getuid() = 0 [0] 21017: open64("/var/run/name_service_door", O_RDONLY) Err#2 ENOENT 21017: open("/etc/passwd", O_RDONLY) = 32 21017: fstat64(32, 0x080466C0) = 0 21017: fstat64(32, 0x080465D0) = 0 21017: ioctl(32, TCGETA, 0x08046670) Err#25 ENOTTY 21017: read(32, " r o o t : x : 0 : 0 : S".., 1536) = 1255 21017: read(32, 0x0893096C, 1536) = 0 21017: llseek(32, 0, SEEK_CUR) = 1255 21017: close(32) = 0 21017: stat64("/opt/samba/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT 21017: stat64("/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT 21017: stat64("/usr/lib/nss_winbind.so.1", 0x08045FF0) Err#2 ENOENT Checking combinations of 0 uppercase letters in administrator 21017: write(1, " C h e c k i n g c o m".., 62) = 62 Get_Pwnam_internals didn't find user [Administrator]! 21017: write(1, " G e t _ P w n a m _ i n".., 54) = 54 21017: getpid() = 21017 [21016] 21017: getpid() = 21017 [21016] 21017: pollsys(0x08044B50, 1, 0x08044C68, 0x00000000) = 0 21017: write(18, " 0\b\0\0 %\0\0\0\0\0\0\0".., 2096) = 2096 21017: pollsys(0x080445C0, 1, 0x080446D8, 0x00000000) = 1 21017: read(18, "A8\r\0\002\0\0\0\0\0\0\0".., 3496) = 3496 Username PROSERVE+Administrator is invalid on this system bored is the machine I tried to connect to shares from ==> var/bored.log <== [2010/07/22 10:34:52.985835, 5] lib/util_sock.c:462(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2010/07/22 10:34:52.985936, 10] smbd/process.c:286(receive_smb_raw_talloc) receive_smb_raw: NT_STATUS_END_OF_FILE [2010/07/22 10:34:52.985982, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/07/22 10:34:52.986022, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/07/22 10:34:52.986060, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/07/22 10:34:52.986130, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/07/22 10:34:52.986198, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/07/22 10:34:52.986272, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 8E410000FFFFFFFF0000 [2010/07/22 10:34:52.986331, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x891ff50 [2010/07/22 10:34:52.986397, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 8E410000FFFFFFFF0000 [2010/07/22 10:34:52.986571, 3] smbd/server.c:902(exit_server_common) Server exit (failed to receive smb request) ==> var/winbindd.log <== [2010/07/22 10:34:41.543123, 6] winbindd/winbindd.c:768(new_connection) accepted socket 22 [2010/07/22 10:34:41.543235, 10] winbindd/winbindd.c:620(process_request) process_request: request fn INTERFACE_VERSION [2010/07/22 10:34:41.543277, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [16782]: request interface version [2010/07/22 10:34:41.543343, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[16782:INTERFACE_VERSION]: deliverd response to client [2010/07/22 10:34:41.543410, 10] winbindd/winbindd.c:620(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2010/07/22 10:34:41.543450, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [16782]: request location of privileged pipe [2010/07/22 10:34:41.543525, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[16782:WINBINDD_PRIV_PIPE_DIR]: deliverd response to client [2010/07/22 10:34:41.543615, 6] winbindd/winbindd.c:768(new_connection) accepted socket 24 [2010/07/22 10:34:41.543686, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 16782:PING [2010/07/22 10:34:41.543733, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[16782:PING]: NT_STATUS_OK [2010/07/22 10:34:41.543795, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[16782:PING]: deliverd response to client [2010/07/22 10:34:41.543857, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 22, client exited [2010/07/22 10:34:47.643788, 6] winbindd/winbindd.c:768(new_connection) accepted socket 22 [2010/07/22 10:34:47.643895, 2] winbindd/winbindd.c:819(winbind_client_request_read) Could not read client request from fd 22: I/O error [2010/07/22 10:34:52.988128, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 24, client exited in mean time samba.log is throwing out following [2010/07/22 10:34:41.462806, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 8 SO_REUSEADDR = 4 SO_BROADCAST = 0 TCP_NODELAY = 1 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 49152 SO_RCVBUF = 64240 Could not test socket option SO_SNDLOWAT. Could not test socket option SO_RCVLOWAT. Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. [2010/07/22 10:34:41.463146, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 8 SO_REUSEADDR = 4 SO_BROADCAST = 0 TCP_NODELAY = 1 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 49152 SO_RCVBUF = 64240 Could not test socket option SO_SNDLOWAT. Could not test socket option SO_RCVLOWAT. Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. my smb.conf [global] server string = Cepure log file = /opt/samba/var/%m.log log level = 10 max log size = 1024 passwd chat timeout=10 load printers = no netbios name = cepure ;security = user security = ADS workgroup = PROSERVE realm = PROSERVE.COM encrypt passwords = yes ;password server = bored.proserve.com local master = no domain master = no ;client ntlmv2 auth = Yes ;client lanman auth = Yes ;client plaintext auth = Yes ;lanman auth = Yes ;client use spnego = no ;ldap connection timeout = 10 ;ldap ssl = no ;max stat cache size = 1024 ;kerberos method = system keytab winbind separator = + winbind enum users = yes winbind enum groups = yes idmap uid = 10000 - 30000 idmap gid = 10000 - 30000 ;case sensitive = yes ;default case = upper ;preserve case = yes ;short preserve case = yes ;vfs objects = zfsacl ;nfs4: mode = special ;nfs4: acedup = merge [SAMBA] path = /SAMBA admin users = @"PROSERVE+domain admins" PROSERVE+administrator read only = no comment = test share guest ok = yes On 20 July 2010 10:27, Mārcis Lielturks <marcis.lieltu...@gmail.com> wrote: > Hi! > > I'm still stuck at the point where samba compiles, but I cannot join > domain. I see "SPNEGO login failure" when using debug level 3 and "failed to > lookup DC info for domain 'DOMAIN.COM' over rpc: Logon failure" on STDOUT. > > I have compiled: > > - openssl 0.9.8o > - openldap 2.4.21 > - MIT Kerberos5 1.8.2 > - GNU GSS 0.1.5 > - openssl with kerberos support > - samba 3.5.4 > > I'm using sunstudio12.1 cc compiler and gnu make on snv_134. Everything is > "--prefix'ed" to /opt/samba. I have set CPPFLAGS and LDFLAGS to point to > /opt/samba/include and /opt/samba/lib > > > 1. Can anyone help on explaining this SPNEGO thing? I suspect that it > means that samba was unable to negotiate some gssapi related stuff, so I > might have compiled something wrong. > 2. Why "struct libnet_JoinCtx" suggests that kerberos won't be used > (see line marked with arrows)? > > > > Here's some lines from "net -U domainadmin%pass ads join -d10" > > [2010/07/20 09:37:05.413534, 2] lib/interface.c:338(add_interface) > added interface e1000g0:6 ip=192.168.0.84 bcast=192.168.0.255 > netmask=255.255.255.0 > [2010/07/20 09:37:05.413946, 1] libnet/libnet_join.c:1947(libnet_Join) > > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'SAMBA-DEV' > domain_name : * > domain_name : 'DOMAIN.COM' > > account_ou : NULL > admin_account : 'Administrator' > admin_password : * > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > ----------> use_kerberos : 0x00 (0) > <-------------------------------------------------------------------------------------- > secure_channel_type : SEC_CHAN_WKSTA (2) > ....................SKIP...................... > [2010/07/20 09:37:05.521247, 5] > libsmb/ntlmssp.c:1196(ntlmssp_client_challenge) > NTLMSSP challenge set by NTLM2 > [2010/07/20 09:37:05.521259, 5] > libsmb/ntlmssp.c:1197(ntlmssp_client_challenge) > challenge is: > [2010/07/20 09:37:05.521270, 5] ../lib/util/util.c:278(_dump_data) > [0000] A3 7C 51 9D 27 CF 26 FA .|Q.'.&. > [2010/07/20 09:37:05.521349, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) > &authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : > 52ef40e69996a2ef00000000000000000000000000000000 > NtChallengeResponseLen : 0x0018 (24) > NtChallengeResponseMaxLen: 0x0018 (24) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case > 24) > v1: struct NTLM_RESPONSE > Response : > dccf3343610fc15a038074885a333ab7ce0d8aef7cd17728 > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > UserNameLen : 0x001a (26) > UserNameMaxLen : 0x001a (26) > UserName : * > UserName : 'Administrator' > WorkstationLen : 0x0012 (18) > WorkstationMaxLen : 0x0012 (18) > Workstation : * > Workstation : 'SAMBA-DEV' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [2010/07/20 09:37:05.521558, 10] ../lib/util/util.c:278(_dump_data) > [0000] 08 5C F1 71 2B 7B 55 BF E7 25 D6 0D F6 E7 E1 31 .\.q+{U. > .%.....1 > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > [2010/07/20 09:37:05.521750, 3] > libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) > > NTLMSSP Sign/Seal - Initialising with flags: > [2010/07/20 09:37:05.521763, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) > > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > [2010/07/20 09:37:05.521921, 10] > libsmb/smb_signing.c:209(smb_signing_sign_pdu) > smb_signing_sign_pdu: sent SMB signature of > [2010/07/20 09:37:05.521935, 10] ../lib/util/util.c:278(_dump_data) > [0000] 42 53 52 53 50 59 4C 20 BSRSPYL > [2010/07/20 09:37:05.521956, 6] libsmb/clientgen.c:323(write_socket) > write_socket(7,270) > [2010/07/20 09:37:05.521978, 6] libsmb/clientgen.c:326(write_socket) > write_socket(7,270) wrote 270 > [2010/07/20 09:37:05.558662, 10] > lib/util_sock.c:726(read_smb_length_return_keepalive) > got smb length of 35 > [2010/07/20 09:37:05.558704, 5] lib/util.c:617(show_msg) > [2010/07/20 09:37:05.558715, 5] lib/util.c:620(show_msg) > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=16481 > smb_uid=2051 > smb_mid=3 > smt_wct=0 > smb_bcc=0 > [2010/07/20 09:37:05.558782, 5] lib/util.c:617(show_msg) > [2010/07/20 09:37:05.558791, 5] lib/util.c:620(show_msg) > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51205 > smb_tid=0 > smb_pid=16481 > smb_uid=2051 > smb_mid=3 > smt_wct=0 > smb_bcc=0 > [2010/07/20 09:37:05.559036, 3] > libsmb/cliconnect.c:1249(cli_session_setup) > > SPNEGO login failed: Logon failure > [2010/07/20 09:37:05.559098, 1] > libsmb/cliconnect.c:2307(cli_full_connection) > > failed session setup with NT_STATUS_LOGON_FAILURE > [2010/07/20 09:37:05.559256, 1] libnet/libnet_join.c:1978(libnet_Join) > > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : NULL > dns_domain_name : NULL > forest_name : NULL > dn : NULL > domain_sid : NULL > domain_sid : (NULL SID) > modified_config : 0x00 (0) > error_string : 'failed to lookup DC info for > domain 'DOMAIN.COM' over rpc: Logon failure' > > domain_is_ad : 0x00 (0) > result : WERR_LOGON_FAILURE > Failed to join domain: failed to lookup DC info for domain 'DOMAIN.COM' > over rpc: Logon failure > > > > On 19 July 2010 09:42, Marcis Lielturks <marcis.lieltu...@gmail.com>wrote: > >> Hi! >> >> Here's comparison of "net ads join" output, between my first build of >> samba 3.5.4 that gave "pkcs 11 error" and second build, that is failing with >> "rpc: Logon failure". Can anyone comment on differences. I'm starting to >> think, that the "diff -u" output say's that 2nd build is failing sooner than >> the first build did. As you can see there's a lot of missing lines with >> "sasl", "ldap" and "krb5". >> >> MMM >> >> >> On 07/16/10 04:34 PM, Gaiseric Vandal wrote: >> >>> Which version of Samba? I had more trouble with Samba 3.5.x. And I have >>> never managed to get Samba to compile with sun cc. I figured Samba was >>> written with gcc in mind. >>> >>> >>> The "failed to lookup DC info for domain 'mydomain.COM' over rpc: Logon >>> failure' " message is interesting - not sure if you are getting login >>> errors before lookup errors. Is you samba server configure to use your AD >>> server as the DNS server? What version of windows is the AD server? What >>> domain/foreset mode is your AD server in? >>> >>> In the "windows" world clients can locate the the login server via >>> specific resource records in DNS. I don't know if Samba does this do or is >>> still relying on netbios. I had one AD domain that was in >>> NT4-compatibility mode and one AD domain that was in Windows 2003 native >>> mode. Changing the client DNS settings on the samba machine seemed to >>> help with locating the "2003 native" mode. DC. >>> >>> >>> >>> On 07/16/2010 05:29 AM, Marcis Lielturks wrote: >>> >>>> Hi! >>>> >>>> First of all, thanks for replies to all ;)! >>>> >>>> Using GCC was a fail for me - too much errors and 2 additional things >>>> must be compiled (tdb & talloc) . I only managed to compile using Sun's cc >>>> and gmake and will stick to them. I'm a bit further now. Now I don't get >>>> PKCS 11 erros, when trying to do "net ads join". I recompiled openldap with >>>> slapd (but with null backend) and "-lpkcs11" in LDFLAGS (I think this is >>>> what helped). However now I'm getting following when doing "net ads join" >>>> >>>> [2010/07/16 12:16:54, 3] param/loadparm.c:9158(lp_load_ex) >>>> lp_load_ex: refreshing parameters >>>> [2010/07/16 12:16:54, 3] param/loadparm.c:4929(init_globals) >>>> Initialising global parameters >>>> [2010/07/16 12:16:54, 2] param/loadparm.c:4785(max_open_files) >>>> rlimit_max: rlimit_max (256) below minimum Windows limit (16384) >>>> [2010/07/16 12:16:54.047848, 3] ../lib/util/params.c:550(pm_process) >>>> params.c:pm_process() - Processing configuration file >>>> "/opt/samba/lib/smb.conf" >>>> [2010/07/16 12:16:54.047875, 3] param/loadparm.c:7842(do_section) >>>> Processing section "[global]" >>>> [2010/07/16 12:16:54.048365, 2] lib/interface.c:338(add_interface) >>>> added interface e1000g0:3 ip=192.168.0.84 bcast=192.168.0.255 >>>> netmask=255.255.255.0 >>>> [2010/07/16 12:16:54.048517, 1] libnet/libnet_join.c:1947(libnet_Join) >>>> libnet_Join: >>>> libnet_JoinCtx: struct libnet_JoinCtx >>>> in: struct libnet_JoinCtx >>>> dc_name : NULL >>>> machine_name : 'SAMBA-DEV' >>>> domain_name : * >>>> domain_name : 'mydomain.COM' >>>> account_ou : NULL >>>> admin_account : 'Administrator' >>>> admin_password : * >>>> machine_password : NULL >>>> join_flags : 0x00000023 (35) >>>> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS >>>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME >>>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT >>>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN >>>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED >>>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE >>>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED >>>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE >>>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE >>>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE >>>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE >>>> os_version : NULL >>>> os_name : NULL >>>> create_upn : 0x00 (0) >>>> upn : NULL >>>> modify_config : 0x00 (0) >>>> ads : NULL >>>> debug : 0x01 (1) >>>> use_kerberos : 0x00 (0) >>>> secure_channel_type : SEC_CHAN_WKSTA (2) >>>> [2010/07/16 12:17:00.052208, 2] libads/cldap.c:97(ads_cldap_netlogon) >>>> cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT >>>> [2010/07/16 12:17:00.141661, 3] >>>> libsmb/cliconnect.c:2201(cli_start_connection) >>>> Connecting to host=BORED.mydomain.com >>>> [2010/07/16 12:17:00.141828, 3] >>>> lib/util_sock.c:974(open_socket_out_send) >>>> Connecting to 192.168.0.94 at port 445 >>>> [2010/07/16 12:17:00.143207, 3] >>>> libsmb/cliconnect.c:991(cli_session_setup_spnego) >>>> Doing spnego session setup (blob length=107) >>>> [2010/07/16 12:17:00.143274, 3] >>>> libsmb/cliconnect.c:1019(cli_session_setup_spnego) >>>> got OID=1.2.840.48018.1.2.2 >>>> got OID=1.2.840.113554.1.2.2 >>>> got OID=1.2.840.113554.1.2.2.3 >>>> got OID=1.3.6.1.4.1.311.2.2.10 >>>> [2010/07/16 12:17:00.143302, 3] >>>> libsmb/cliconnect.c:1029(cli_session_setup_spnego) >>>> got principal=bor...@mydomain.com >>>> [2010/07/16 12:17:00.143856, 3] >>>> libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) >>>> Got challenge flags: >>>> [2010/07/16 12:17:00.143870, 3] >>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>>> Got NTLMSSP neg_flags=0x62898215 >>>> [2010/07/16 12:17:00.143883, 3] >>>> libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) >>>> NTLMSSP: Set final flags: >>>> [2010/07/16 12:17:00.143894, 3] >>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>>> Got NTLMSSP neg_flags=0x60088215 >>>> [2010/07/16 12:17:00.143984, 3] >>>> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) >>>> NTLMSSP Sign/Seal - Initialising with flags: >>>> [2010/07/16 12:17:00.143997, 3] >>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>>> Got NTLMSSP neg_flags=0x60088215 >>>> [2010/07/16 12:17:00.177128, 3] >>>> libsmb/cliconnect.c:1249(cli_session_setup) >>>> SPNEGO login failed: Logon failure >>>> [2010/07/16 12:17:00.177159, 1] >>>> libsmb/cliconnect.c:2307(cli_full_connection) >>>> failed session setup with NT_STATUS_LOGON_FAILURE >>>> [2010/07/16 12:17:00.177271, 1] libnet/libnet_join.c:1978(libnet_Join) >>>> libnet_Join: >>>> libnet_JoinCtx: struct libnet_JoinCtx >>>> out: struct libnet_JoinCtx >>>> account_name : NULL >>>> netbios_domain_name : NULL >>>> dns_domain_name : NULL >>>> forest_name : NULL >>>> dn : NULL >>>> domain_sid : NULL >>>> domain_sid : (NULL SID) >>>> modified_config : 0x00 (0) >>>> error_string : 'failed to lookup DC info for >>>> domain 'mydomain.COM' over rpc: Logon failure' >>>> domain_is_ad : 0x00 (0) >>>> result : WERR_LOGON_FAILURE >>>> [2010/07/16 12:17:00.177442, 2] utils/net.c:916(main) >>>> >>>> >>>> Intersting is that if I supply wrong username output doesn't differ >>>> much. Below you can see differences (I stripped time to be able to use >>>> diff). >>>> >>>> --- pass_ok_stripped.txt 2010-07-16 12:19:11.869234402 +0300 >>>> +++ pass_wrong_stripped.txt 2010-07-16 12:19:22.318101275 +0300 >>>> @@ -19,7 +19,7 @@ >>>> domain_name : * >>>> domain_name : 'mydomain.COM' >>>> account_ou : NULL >>>> - admin_account : 'Administrator' >>>> + admin_account : 'Adminisdgasgasdtor' >>>> admin_password : * >>>> machine_password : NULL >>>> join_flags : 0x00000023 (35) >>>> @@ -43,8 +43,6 @@ >>>> debug : 0x01 (1) >>>> use_kerberos : 0x00 (0) >>>> secure_channel_type : SEC_CHAN_WKSTA (2) >>>> - libads/cldap.c:97(ads_cldap_netlogon) >>>> - cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT >>>> libsmb/cliconnect.c:2201(cli_start_connection) >>>> Connecting to host=BORED.ProServe.com >>>> lib/util_sock.c:974(open_socket_out_send) >>>> >>>> >>>> Maybe I'm missing some rpc things? "smbd -b | tail -2" says: >>>> >>>> Builtin modules: >>>> pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_winreg >>>> rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon >>>> rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog rpc_samr idmap_ldap >>>> idmap_tdb >>>> idmap_passdb idmap_nss idmap_rid idmap_hash nss_info_template auth_sam >>>> auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin >>>> auth_netlogond vfs_default vfs_solarisacl vfs_zfsacl >>>> >>>> >>>> MMM >>>> >>>> On 07/15/10 04:32 PM, Gaiseric Vandal wrote: >>>> >>>>> I compiled Samba 3.4.x on Solaris 10. (I have a Samba 3.4.x pdc with >>>>> two Samba 3.0.x BDC's.) Samba 3.0.x DC"s will not support Windows 7 >>>>> clients >>>>> (don't have any yet but it is probably inevitable) and doesn't seem to >>>>> support trusts with Windows 2003 Native domains (at least it didn't for >>>>> me.) >>>>> >>>>> >>>>> If you following the opensolaris forums it seems unlikely that there >>>>> will be compiled build of 3.4.x or 3.5.x of samba in Solaris 10 or >>>>> OpenSolaris in the near future. I don't think it really is a licensing >>>>> or >>>>> even major technical issue. There is seems to more interest in CIFS >>>>> project as an alternative to Samba. Oracle/Sun sells a NAS server that >>>>> runs on opensolaris and users CIFS so I don't think they have much >>>>> interest >>>>> in Samba. I don't see Oracle/Sun paying any one work on Samba 3.4.x or >>>>> 3.5.x integration when they have "better" solutions and more important >>>>> priorities. >>>>> >>>>> To be specific, Samba doesn't require OpenLDAP but it does require LDAP >>>>> with certain functionality. The Solaris-bundled Samba does use >>>>> OpenLDAP. >>>>> But if you are compiling it yourself OpenLDAP is the way to do it. >>>>> Easiest to just get the openldap precompiled from blastwave or >>>>> sunfreeware.com. And there is precompiled Samba available from >>>>> Sunfreeware and Blastwave but it may lack the features you need, so you >>>>> probably need to compile anyway. >>>>> >>>>> If you don't need AD support, then then the Sun ldap client >>>>> functionality should be sufficient. >>>>> >>>>> >>>>> I didn't know about the NGROUPS_MAX option. I would have disabled it >>>>> if I had known, since I am subject to the 16 group NFS v3 limit. (What I >>>>> really need to do is switch to NFS v4 and use kerberos authentication for >>>>> NFS clients.) >>>>> >>>>> The OpenSolaris developer build (from earlier this year- not the >>>>> official release from last year- has updated GCC and other tools that may >>>>> make compiling easier. Gcc from Sun (and even Sunfreeware) use >>>>> "/usr/ccs/bin/ld" as the linker. You may need to renamed the file and >>>>> symlink it to gld (gnu linker.) Samba compiling also requires that you >>>>> get set the CPPFLAGS and LDFLAGS as well. >>>>> >>>>> e.g. >>>>> >>>>> >>>>> PATH=/usr/swf/bin:/usr/ccs/bin:$PATH >>>>> PATH=/usr/local/samba-3.4.5/bin:/usr/local/samba-3.4.5/sbin:$PATH >>>>> LD_LIBRARY_PATH=/usr/sfw/lib:/usr/ccs/lib:$LD_LIBRARY PATH >>>>> LD_LIBRARY_PATH=/usr/local/samba- 3.4.5:$LD_LIBRARY_PATH >>>>> >>>>> export LD_LIBRARY_PATH >>>>> export CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include >>>>> -I/usr/include" >>>>> export LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib >>>>> -L/usr/local/lib -R/usr/local/lib -L/usr/lib -R/usr/lib" >>>>> >>>>> >>>>> >>>>> >>>>> I posted questions/results to the list earlier this year about my >>>>> experiences. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 07/14/2010 05:38 PM, Mārcis Lielturks wrote: >>>>> >>>>>> >>>>>> >>>>>> On 15 July 2010 00:28, Jeremy Allison <j...@samba.org <mailto: >>>>>> j...@samba.org>> wrote: >>>>>> >>>>>> On Thu, Jul 15, 2010 at 12:26:05AM +0300, Mārcis Lielturks wrote: >>>>>> > Thanks, machine wont provide NFS or ssh login services, so >>>>>> fiddling with max >>>>>> > groups should do no harm! >>>>>> > >>>>>> > I googled a bit at found that samba should be recompiled to take >>>>>> advantage >>>>>> > of new NGROUPS_MAX. "./configure" logs also suggested that >>>>>> NGROUPS_MAX is >>>>>> > evaluated only at compile time. >>>>>> >>>>>> Yep. Recompilation should do the trick once the kernel understands >>>>>> large numbers of groups. >>>>>> >>>>>> > Can anybody share experience on compiling samba on OpenSolaris? >>>>>> What's the >>>>>> > most painless way? I'm considering to use latest 3.5.5 but maybe >>>>>> I should >>>>>> > use same version Sun (Oracle) is using - 3.0.37? I have to set >>>>>> up Samba on 2 >>>>>> > servers, which already replicate storage, so ID mapping must be >>>>>> consistent >>>>>> > between both Samba servers. Servers have to provide shares also >>>>>> to trusted >>>>>> > domains, but 3.0.37 doesn't have idmap_hash and seems that >>>>>> idmap_rid is not >>>>>> > supported to provide mappings for more than one domain, so >>>>>> anything newer >>>>>> > than 3.0.37 sounds like the right choice. >>>>>> >>>>>> The only reason they use 3.0.x is they're still unable to cope >>>>>> with the GPLv3 in (Open?)Solaris. Which is ironic as Oracle >>>>>> Linux has been shipping GPLv3 Samba for a while. But it's a big >>>>>> company, you can't expect one part to know what another part is >>>>>> up to :-). >>>>>> >>>>>> Yeah, I read about that, but still, I was thinking that as they ship >>>>>> 3.0.37, it should also be easier to compile because OS has all that's >>>>>> necessary for 3.0.37. Newer Samba versions may have some dependencies >>>>>> (new >>>>>> libs or newer version of libs), that might be harder to satisfy. I have >>>>>> never compiled samba so far and all I know at the moment (from >>>>>> documentation) is that AD support requires krb5 and openldap development >>>>>> libraries and files. >>>>>> >>>>>> >>>>>> Jeremy. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> ML >>>>>> >>>>> >>>>> >>> > > > -- > ML > -- ML -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba