One update: when trying security=server on the fileserver side, I can log on to the fileserver. But i do not want security=server! Any hints out there?
Regards Jochen Am Samstag, den 19.03.2005, 13:11 +0100 schrieb Jochen Witte: > Hello, > > I have a Samba 3.0.11/LDAP-Backend PDC configured and I am able to join > all kinds of machines quite well. However my Samba 2.2.12 Linux > Fileserver is just able to join the domain: > > ---snip--- > > [EMAIL PROTECTED]/opt/samba> smbpasswd -j <Domainname> -r <PDC Name> -U > Administrator > Password: > Joined domain <Domainname> > ---snip--- > > When I now try to access my Fileserver with a valid PDC account, I get: > > ---snip--- > [EMAIL PROTECTED]/opt/samba> /opt/samba/bin/smbclient -L //hal -U jwitte -W > <Domainname> -d4 > Serverzone is 0 > Initialising global parameters > params.c:pm_process() - Processing configuration file > "/opt/samba-2.2.12/lib/smb.conf" > Processing section "[global]" > doing parameter workgroup = <Domainname> > doing parameter netbios name = HAL > handle_netbios_name: set global_myname to: HAL > doing parameter server string = Samba 2.2.12 on HAL > doing parameter log file = /var/log/samba/%m-log.smbd > doing parameter lock dir = /var/lock/samba > doing parameter template homedir = /home/%U > doing parameter guest account = ftp > doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY > SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE > doing parameter kernel oplocks = yes > doing parameter log level = 4 > doing parameter debuglevel = 4 > doing parameter security = domain > doing parameter encrypt passwords = yes > doing parameter password server = * > doing parameter os level = 33 > doing parameter local master = no > doing parameter wins server = 10.128.0.24 > wins_srv_load_list(): Building WINS server list: > 10.128.0.24, > 1 WINS server listed. > doing parameter dns proxy = no > pm_process() returned Yes > added interface ip=10.128.0.23 bcast=10.128.0.255 nmask=255.255.255.0 > Client started (version 2.2.12). > resolve_lmhosts: Attempting lmhosts lookup for name hal<0x20> > resolve_hosts: Attempting host lookup for name hal<0x20> > Connecting to 10.128.0.23 at port 139 > session request ok > Password: > session setup failed: NT_STATUS_LOGON_FAILURE > > ---snip--- > > On the PDC side I get the following: > > ---snip--- > > [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1345) > open_oplock_ipc: opening loopback UDP socket. > [2005/03/19 13:08:22, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks > (303) > Linux kernel oplocks enabled > [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1376) > open_oplock ipc: pid = 349, global_oplock_port = 36763 > [2005/03/19 13:08:22, 4] lib/time.c:get_serverzone(122) > Serverzone is -3600 > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 0 of length 168 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBnegprot (pid 349) conn 0x0 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [PC NETWORK PROGRAM 1.0] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [MICROSOFT NETWORKS 1.03] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [MICROSOFT NETWORKS 3.0] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [LANMAN1.0] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [LM1.2X002] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [Samba] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_nt1(327) > not using SPNEGO > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(555) > Selected protocol NT LANMAN 1.0 > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 1 of length 92 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBsesssetupX (pid 349) conn 0x0 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) > wct=13 flg2=0xc001 > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789) > Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804) > sesssetupX:[EMAIL PROTECTED] > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:check_guest_password(116) > Got anonymous request > [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] > with the new password interface > [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: guest authentication for user [] succeeded > [2005/03/19 13:08:22, 3] smbd/password.c:register_vuid(222) > User name: nobody Real name: Nobody > [2005/03/19 13:08:22, 3] smbd/password.c:register_vuid(241) > UNIX uid 99 is UNIX user nobody, and will be vuid 100 > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 2 of length 88 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBtconX (pid 349) conn 0x0 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 4] smbd/reply.c:reply_tcon_and_X(407) > Client requested device type [IPC] for share [IPC$] > [2005/03/19 13:08:22, 3] smbd/service.c:make_connection_snum(469) > Connect path is '/tmp' for service [IPC$] > [2005/03/19 13:08:22, 4] rpc_server/srv_srvsvc_nt.c:get_share_security > (217) > get_share_security: using default secdesc for IPC$ > [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(251) > [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is > S-1-5-21-1790986081-3911417905-1778689532-501 > se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-1199 > [2005/03/19 13:08:22, 3] smbd/vfs.c:vfs_init_default(206) > Initialising default vfs hooks > [2005/03/19 13:08:22, 4] rpc_server/srv_srvsvc_nt.c:get_share_security > (217) > get_share_security: using default secdesc for IPC$ > [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(251) > [2005/03/19 13:08:22, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is > S-1-5-21-1790986081-3911417905-1778689532-501 > se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-1790986081-3911417905-1778689532-1199 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/service.c:make_connection_snum(645) > 10.128.0.23 (10.128.0.23) connect to service IPC$ initially as user > nobody (uid=99, gid=99) (pid 349) > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/reply.c:reply_tcon_and_X(455) > tconX service=IPC$ > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 3 of length 108 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 349) conn 0x8353600 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 4] smbd/vfs.c:vfs_ChDir(657) > vfs_ChDir to /tmp > [2005/03/19 13:08:22, 4] smbd/nttrans.c:nt_open_pipe(497) > nt_open_pipe: Opening pipe \NETLOGON. > [2005/03/19 13:08:22, 3] smbd/nttrans.c:nt_open_pipe(514) > nt_open_pipe: Known pipe NETLOGON opening. > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested NETLOGON (pipes_open=0) > [2005/03/19 13:08:22, 4] > rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(278) > Create pipe requested NETLOGON > [2005/03/19 13:08:22, 4] > rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(370) > Created internal pipe NETLOGON (pipes_open=0) > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(257) > Opened pipe NETLOGON with handle 776b (pipes_open=1) > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 4 of length 158 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 349) conn 0x8353600 > [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user > [2005/03/19 13:08:22, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 > [2005/03/19 13:08:22, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=776b > [2005/03/19 13:08:22, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 776b) > [2005/03/19 13:08:22, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass > [2005/03/19 13:08:22, 3] rpc_server/srv_pipe.c:check_bind_req(762) > check_bind_req for \PIPE\NETLOGON > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 5 of length 182 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 349) conn 0x8353600 > [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user > [2005/03/19 13:08:22, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=96 params=0 setup=2 > [2005/03/19 13:08:22, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=776b > [2005/03/19 13:08:22, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 776b) > [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context > (542) > free_pipe_context: destroying talloc pool of size 0 > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL > [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context > (542) > free_pipe_context: destroying talloc pool of size 34 > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 6 of length 210 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 349) conn 0x8353600 > [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user > [2005/03/19 13:08:22, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=124 params=0 setup=2 > [2005/03/19 13:08:22, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=776b > [2005/03/19 13:08:22, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 776b) > [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context > (542) > free_pipe_context: destroying talloc pool of size 0 > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531) > api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > [2005/03/19 13:08:22, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/03/19 13:08:22, 3] lib/smbldap.c:smbldap_open_connection(680) > StartTLS issued: using a TLS connection > [2005/03/19 13:08:22, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened > [2005/03/19 13:08:22, 3] lib/smbldap.c:smbldap_check_root_dse(1477) > smbldap_check_root_dse: Expected one rootDSE, got 0 > [2005/03/19 13:08:22, 3] lib/smbldap.c:smbldap_connect_system(866) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does not support paged results > [2005/03/19 13:08:22, 4] lib/smbldap.c:smbldap_open(919) > The LDAP server is succesfully connected > [2005/03/19 13:08:22, 2] passdb/pdb_ldap.c:init_sam_from_ldap(512) > init_sam_from_ldap: Entry found for user: hal$ > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 4] libsmb/credentials.c:cred_session_key(59) > cred_session_key > [2005/03/19 13:08:22, 4] libsmb/credentials.c:cred_create(90) > cred_create > [2005/03/19 13:08:22, 4] libsmb/credentials.c:cred_assert(121) > cred_assert > [2005/03/19 13:08:22, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context > (542) > free_pipe_context: destroying talloc pool of size 44 > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 7 of length 45 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 349) conn 0x8353600 > [2005/03/19 13:08:22, 4] smbd/uid.c:change_to_user(194) > change_to_user: Skipping user change - already user > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1168) > search for pipe pnum=776b > [2005/03/19 13:08:22, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd > (1081) > closed pipe name NETLOGON pnum=776b (pipes_open=0) > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 8 of length 43 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBulogoffX (pid 349) conn 0x0 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/reply.c:reply_ulogoffX(1248) > ulogoffX vuid=100 > [2005/03/19 13:08:22, 3] smbd/process.c:timeout_processing(1334) > timeout_processing: End of file from client (client has disconnected). > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 2] smbd/server.c:exit_server(609) > Closing connections > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/service.c:close_cnum(833) > 10.128.0.23 (10.128.0.23) closed connection to service IPC$ > [2005/03/19 13:08:22, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ > [2005/03/19 13:08:22, 4] smbd/vfs.c:vfs_ChDir(657) > vfs_ChDir to / > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/connection.c:yield_connection(69) > Yielding connection to > [2005/03/19 13:08:22, 3] smbd/server.c:exit_server(652) > Server exit (normal exit) > ---snip--- > > > This is the relevant part of my smb.conf on the fileserver side: > > ---snip--- > [global] > workgroup = <Domainname> > netbios name = HAL > server string = Samba 2.2.12 on HAL > log file = /var/log/samba/%m-log.smbd > lock dir = /var/lock/samba > template homedir = /home/%U > guest account = ftp > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 > SO_RCVBUF=8192 SO_KEEPALIVE > kernel oplocks = yes > log level = 4 > debuglevel = 4 > security = domain > encrypt passwords = yes > password server = * > os level = 33 > local master = no > wins server = 10.128.0.24 > dns proxy = no > > ---snip--- > > > If anybody feels able to help, it would be greatly appreciated! > > Thanks, > Jochen > > > -- > Jochen Witte <[EMAIL PROTECTED]> > > -- Jochen Witte <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba