Hi, I posted my problem to list but nobody answerd me. I have found a solution of netsamlogon_cache.tdb but still I have a problem with authentication. I have changed a smb.conf files. servera: [global] workgroup = DOMAINA netbios name = SERVERA security = user passdb backend = smbpasswd local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes log level = 3 allow trusted domains = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon read only = yes [Documents] comment = Dokumenty path = /export/documents writeable = yes browseable = yes guest ok = yes
serverb: [global] workgroup = DOMAINB netbios name = SERVERB security = user passdb backend = smbpasswd local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes log level = 3 allow trusted domains = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon read only = yes [Documents] comment = Dokumenty path = /export/documents writeable = yes browseable = yes guest ok = yes loga: [2004/10/13 16:40:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541) api_rpcTNP: rpc command: NET_SAMLOGON [2004/10/13 16:40:21, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613) SAM Logon (Interactive). Domain:[DOMAINA]. User:[EMAIL PROTECTED] Requested Domain:[DOMAINB] [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] libsmb/namequery_dc.c:rpc_dc_name(145) rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB [2004/10/13 16:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376) Connecting to host=SERVERB [2004/10/13 16:40:21, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.100.11 at port 445 [2004/10/13 16:40:21, 3] auth/auth_util.c:make_server_info_info3(1114) User bronasek does not exist, trying to add it [2004/10/13 16:40:21, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/10/13 16:40:21, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [bronasek] -> [bronasek] FAILED with error NT_STATUS_NO_SUCH_USER [2004/10/13 16:40:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 6274 [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=73cc nwritten=336 [2004/10/13 16:40:21, 3] smbd/process.c:process_smb(1092) Transaction 39 of length 63 [2004/10/13 16:40:21, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 10156) conn 0x83d8040 [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=73cc min=1024 max=1024 nread=96 logb: [2004/10/13 16:17:06, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620) SAM Logon (Network). Domain:[DOMAINB]. User:[EMAIL PROTECTED] Requested Domain:[DOMAINB] [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [bronasek] succeeded [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [bronasek] -> [bronasek] -> [bronasek] succeeded [2004/10/13 16:17:06, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 4844 [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092) Transaction 10 of length 45 [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887) switch message SMBclose (pid 8110) conn 0x83d7328 [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092) Transaction 11 of length 43 [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887) switch message SMBulogoffX (pid 8110) conn 0x0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/reply.c:reply_ulogoffX(1255) ulogoffX vuid=100 [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092) Transaction 12 of length 45 [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887) switch message SMBclose (pid 8110) conn 0x83d7328 [2004/10/13 16:17:06, 2] smbd/uid.c:change_to_user(219) change_to_user: Invalid vuid used 100 in accessing share IPC$. [2004/10/13 16:17:06, 3] smbd/error.c:error_packet(145) error packet at smbd/process.c(941) cmd=4 (SMBclose) eclass=2 ecode=91 [2004/10/13 16:17:06, 3] smbd/process.c:process_smb(1092) Transaction 13 of length 39 [2004/10/13 16:17:06, 3] smbd/process.c:switch_message(887) switch message SMBtdis (pid 8110) conn 0x83d7328 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/service.c:close_cnum(837) 192.168.100.10 (192.168.100.10) closed connection to service IPC$ [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 3] smbd/process.c:timeout_processing(1332) timeout_processing: End of file from client (client has disconnected). [2004/10/13 16:17:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/10/13 16:17:06, 2] smbd/server.c:exit_server(571) Closing connections [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2004/10/13 16:17:06, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2004/10/13 16:17:06, 3] smbd/server.c:exit_server(614) Server exit (normal exit) Please don't you know what can I try??? Besr regards, Sopik Bronislav Citace z emailu od rruegner <[EMAIL PROTECTED]>: > Hi netsamlogon_cache.tdb > must exist usally under /var/lib/samba > if it isnt i guess your samba packs arent well compiled > try to touch it so that it exist > this tdb file as well as other ones needs to be there > to proper funktion, unfortunally > i don t know if this one is craeted at compile-start-or establish trust > time but it must exist. > for this tdbs there is no reference to the smb.conf they must simply > exist cause they are hard coded and created to compile > which samba version/packs and linux distro do you use ? > maybe netsamlogon_cache.tdb is there and simply needs a chmod to access > write. > Perhaps you should post this to the list > cause it seems that your confs are now well enough that here is the > failure , the gurus will easily interpret this failure and can help you out > Regards > > Šopík Bronislav schrieb: > > Hi, > > yes I have looked on this pages and now I change the smb.conf files on > both > > servers but I when I try logon computer from domaina as user for domainb, > the > > log in serverb wrotes me that a authentication was succeded but the > servera > > wrotes me this: > > [2004/10/11 17:51:02, 0] > > libsmb/samlogon_cache.c:netsamlogon_cache_store(123) > > netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write! > > [2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312) > > check_ntlm_password: Authentication for user [abc] -> [abc] FAILED with > > error NT_STATUS_NO_SUCH_USER > > > > and i don't uderstand them, netsamlogon_cache.tdb I have not fined on > server. > > Here are my smb.conf: > > [global] > > workgroup = DOMAINA > > netbios name = SERVERA > > security = user > > passdb backend = tdbsam:/var/lib/samba/passdb.tdb > > local master = yes > > domain logons = yes > > os level = 33 > > domain master = yes > > preferred master = yes > > log level = 3 > > allow trusted domains = yes > > winbind separator = + > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > winbind enum users = yes > > winbind enum groups = yes > > [netlogon] > > comment = Network Logon Service > > path = /var/lib/samba/netlogon > > read only = yes > > [Documents] > > comment = Dokumenty > > path = /export/documents > > writeable = yes > > browseable = yes > > guest ok = yes > > > > > > [global] > > workgroup = DOMAINB > > netbios name = SERVERB > > security = user > > passdb backend = tdbsam:/var/lib/samba/passdb.tdb > > local master = yes > > domain logons = yes > > os level = 33 > > domain master = yes > > preferred master = yes > > log level = 3 > > allow trusted domains = yes > > winbind separator = + > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > winbind enum users = yes > > winbind enum groups = yes > > [netlogon] > > comment = Network Logon Service > > path = /var/lib/samba/netlogon > > read only = yes > > [Documents] > > comment = Dokumenty > > path = /export/documents > > writeable = yes > > browseable = yes > > guest ok = yes > > > > Need I a winbind for authenticate user from other domain or no??? > > > > Thank you, Sopik Bronislav > > > > > > Citace z emailu od rruegner <[EMAIL PROTECTED]>: > > > > > >>Hi, > >>did you look here > >>http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ > >>special here > >> > > > > > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html > > > >>and here > >>http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html > >> > >>netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write > >>is this file existing? > >> > >>Regards > >> > >>Šopík Bronislav schrieb: > >> > >>>Hi, > >>> > >>>great next step. I change the security on both servers to user. Now is > my > >>>configuration: > >>>Servera: > >>>[global] > >>> workgroup = DOMAINA > >>> netbios name = SERVERA > >>> security = user > >>> passdb backend = tdbsam:/var/lib/samba/passdb.tdb > >>> encrypt passwords = true > >>> local master = yes > >>> domain logons = yes > >>> os level = 33 > >>> domain master = yes > >>> preferred master = yes > >>> dns proxy = no > >>> log level = 3 > >>> allow trusted domains = yes > >>> wins support = yes > >>>[netlogon] > >>> comment = Network Logon Service > >>> path = /home/samba/netlogon > >>> guest ok = yes > >>> > >>>Serverb: > >>>[global] > >>> workgroup = DOMAINB > >>> netbios name = SERVERB > >>> security = user > >>> passdb backend = tdbsam:/var/lib/samba/passdb.tdb > >>> encrypt passwords = true > >>> local master = yes > >>> domain logons = yes > >>> os level = 33 > >>> domain master = yes > >>> preferred master = yes > >>> dns proxy = no > >>> log level = 3 > >>> allow trusted domains = yes > >>> wins server = 192.168.100.10 > >>>[netlogon] > >>> comment = Network Logon Service > >>> path = /home/samba/netlogon > >>> guest ok = yes > >>> > >>>but I have still some problems, my log gives me: > >>> > >>>[2004/10/11 17:51:02, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613) > >>> SAM Logon (Interactive). Domain:[DOMAINA]. User:[EMAIL PROTECTED] Requested > >>>Domain:[DOMAINB] > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) > >>> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 > >>>[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365) > >>> push_conn_ctx(100) : conn_ctx_stack_ndx = 0 > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) > >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > >>> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 > >>>[2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(219) > >>> check_ntlm_password: Checking password for unmapped user > >>>[EMAIL PROTECTED] with the new password interface > >>>[2004/10/11 17:51:02, 3] auth/auth.c:check_ntlm_password(222) > >>> check_ntlm_password: mapped user is: [EMAIL PROTECTED] > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) > >>> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 > >>>[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365) > >>> push_conn_ctx(100) : conn_ctx_stack_ndx = 0 > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) > >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > >>> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:push_sec_ctx(256) > >>> push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 > >>>[2004/10/11 17:51:02, 3] smbd/uid.c:push_conn_ctx(365) > >>> push_conn_ctx(100) : conn_ctx_stack_ndx = 0 > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:set_sec_ctx(288) > >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > >>>[2004/10/11 17:51:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > >>> pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 > >>>[2004/10/11 17:51:02, 3] libsmb/namequery_dc.c:rpc_dc_name(145) > >>> rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB > >>>[2004/10/11 17:51:02, 3] libsmb/cliconnect.c:cli_start_connection(1376) > >>> Connecting to host=SERVERB > >>>[2004/10/11 17:51:02, 3] lib/util_sock.c:open_socket_out(752) > >>> Connecting to 192.168.100.11 at port 445 > >>>[2004/10/11 17:51:02, 3] auth/auth_util.c:make_server_info_info3(1114) > >>> User abc does not exist, trying to add it > >>>[2004/10/11 17:51:02, 0] auth/auth_util.c:make_server_info_info3(1122) > >>> make_server_info_info3: pdb_init_sam failed! > >>>[2004/10/11 17:51:02, 0] > >> > >>libsmb/samlogon_cache.c:netsamlogon_cache_store(123) > >> > >>> netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write! > >>>[2004/10/11 17:51:02, 2] auth/auth.c:check_ntlm_password(312) > >>> check_ntlm_password: Authentication for user [abc] -> [abc] FAILED > with > >> > >>error > >> > >>>NT_STATUS_NO_SUCH_USER > >>> > >>>I am getting to crazy. Please where is a pdc faqs on www.samba.org I have > >> > >>fined > >> > >>>only a documentation. > >>> > >>>Best regards, SopiK Bronislav > >>> > >>> > >>> > >>> > >>> > >>> > >>>>hi, > >>>>Cannot use ntdomain auth method > >>>>when not a member of a domain. > >>>> > >>>>it seems your trust is not working , so the user is not recognized > >>>>as a domain member > >>>>cause of security = DOMAIN > >>>>which is total false , both servers have to be configured as pdcs which > is > >>>>security = user > >>>>read the pdc faqs > >>>>Regards > >>>> > >>> > >>> > >>> > >>> > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba