Hi, I have exactly the same problem between a W2003 AD and a FreeBSD box running Samba 3.0.23c : authentification timeouts when the login/pw are correct, although wbinfo -u / -g work perfectly.
Le Mon, Nov 13, 2006 at 11:05:46AM +0100, [EMAIL PROTECTED] a écrit : > Hi all > > I have a network with a Windows 2003 AD (10.10.10.5) and a Samba 3.0.23c > (10.10.10.8). I want Samba to join the domain and get it's > user/group/permission info from my Windows 2003 server. I have followed > http://samba.org/samba/docs/man/Samba-Guide/unixclients.html#ch9-adsdc > > And it seams to join and work with wbinfo/getent/"net ads > join/info/status". When I try to login with a wrong password it get's > rejected, but when I type the correct password it timeout. > > krb5.conf: > [libdefaults] > default_realm = MYDOMAIN.LOCAL > > [realms] > MYDOMAIN.LOCAL = { > kdc = 10.10.10.5 > } > > [domain_realms] > .MYDOMAIN.local = MYDOMAIN.LOCAL > > ldap.conf > host 10.10.10.5 > base dc=example,dc=com > nss_initgroups_ignoreusers root,ldap > > nsswitch.conf > passwd: files ldap winbind > group: files ldap winbind > shadow: files ldap winbind > hosts: files wins dns > > smb.conf > [global] > unix charset = LOCALE > workgroup = MYDOMAIN > realm = MYDOMAIN.local > security = ADS > password server = 10.10.10.5 > ldap ssl = No > netbios name = MYDOMAINFILES > server string = MYDOMAIN Linux Filserver > encrypt passwords = Yes > socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 > IPTOS_LOWDELAY > dns proxy = Yes > smb ports = 445 > log file = /var/log/samba/%m.log > max log size = 50 > max xmit = 2048 > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = Yes > winbind enum groups = Yes > winbind separator = + > winbind trusted domains only = No > template homedir = /home/data/homes/%U > template shell = /bin/false > guest ok = No > create mask = 0777 > directory mask = 0777 > force create mode = 0777 > force directory mode = 0777 > hide dot files = No > enable privileges = Yes > disable spoolss = Yes > enable asu support = No > add share command = /etc/samba/scripts/share_add > change share command = /etc/samba/scripts/share_change > delete share command = /etc/samba/scripts/share_delete > vfs object = recycle:recycle > recycle:repository = PAPIRKURV > recycle:keeptree = Yes > recycle:touch = Yes > recycle:versions = Yes > include = /etc/samba/shares.conf > > Commands: > [samba]# net ads info > LDAP server: 10.10.10.5 > LDAP server name: mydomainad.Mydomain.local > Realm: MYDOMAIN.LOCAL > Bind Path: dc=MYDOMAIN,dc=LOCAL > LDAP port: 389 > Server time: Mon, 13 Nov 2006 09:30:10 CET > KDC server: 10.10.10.5 > Server time offset: 0 > [samba]# smbclient -d 10 -L \\10.10.10.8 -U og > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > lp_load: refreshing parameters > Initialising global parameters > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > Processing section "[global]" > doing parameter unix charset = LOCALE > [snip] > doing parameter workgroup = MYDOMAIN > doing parameter realm = MYDOMAIN.local > doing parameter security = ADS > doing parameter password server = 10.10.10.5 > doing parameter ldap ssl = No > doing parameter netbios name = MYDOMAINFILES > handle_netbios_name: set global_myname to: MYDOMAINFILES > doing parameter server string = MYDOMAIN Linux Filserver > doing parameter encrypt passwords = Yes > doing parameter socket options = TCP_NODELAY SO_SNDBUF=65536 > SO_RCVBUF=65536 IPTOS_LOWDELAY > doing parameter dns proxy = Yes > doing parameter smb ports = 445 > doing parameter log file = /var/log/samba/%m.log > doing parameter max log size = 50 > doing parameter max xmit = 2048 > doing parameter idmap uid = 10000-20000 > doing parameter idmap gid = 10000-20000 > doing parameter winbind enum users = Yes > doing parameter winbind enum groups = Yes > doing parameter winbind separator = + > doing parameter winbind trusted domains only = No > doing parameter template homedir = /home/data/homes/%U > doing parameter template shell = /bin/false > doing parameter guest ok = No > doing parameter create mask = 0777 > doing parameter directory mask = 0777 > doing parameter force create mode = 0777 > doing parameter force directory mode = 0777 > doing parameter hide dot files = No > doing parameter enable privileges = Yes > doing parameter disable spoolss = Yes > doing parameter enable asu support = No > doing parameter add share command = /etc/samba/scripts/share_add > doing parameter change share command = /etc/samba/scripts/share_change > doing parameter delete share command = /etc/samba/scripts/share_delete > doing parameter vfs object = recycle:recycle > doing parameter recycle:repository = PAPIRKURV > doing parameter recycle:keeptree = Yes > doing parameter recycle:touch = Yes > doing parameter recycle:versions = Yes > doing parameter include = /etc/samba/shares.conf > params.c:pm_process() - Processing configuration file > "/etc/samba/shares.conf" > pm_process() returned Yes > lp_servicenumber: couldn't find homes > set_server_role: role = ROLE_DOMAIN_MEMBER > [snip] > added interface ip=10.10.10.8 bcast=10.10.10.255 nmask=255.255.255.0 > Netbios name list:- > my_netbios_names[0]="MYDOMAINFILES" > Client started (version 3.0.23c-1.fc5). > Connecting to 10.10.10.8 at port 445 > socket option SO_KEEPALIVE = 0 > socket option SO_REUSEADDR = 0 > socket option SO_BROADCAST = 0 > socket option TCP_NODELAY = 1 > socket option TCP_KEEPCNT = 9 > socket option TCP_KEEPIDLE = 7200 > socket option TCP_KEEPINTVL = 75 > socket option IPTOS_LOWDELAY = 16 > socket option IPTOS_THROUGHPUT = 16 > socket option SO_SNDBUF = 131072 > socket option SO_RCVBUF = 131072 > socket option SO_SNDLOWAT = 1 > socket option SO_RCVLOWAT = 1 > socket option SO_SNDTIMEO = 0 > socket option SO_RCVTIMEO = 0 > session request ok > write_socket(4,183) > write_socket(4,183) wrote 183 > got smb length of 187 > size=187 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=11408 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 7 (0x7) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=37120 (0x9100) > smb_vwv[ 8]= 44 (0x2C) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]= 7325 (0x1C9D) > smb_vwv[13]=65054 (0xFE1E) > smb_vwv[14]=50950 (0xC706) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]=30463 (0x76FF) > smb_bcc=118 > [snip] > size=187 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=11408 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 7 (0x7) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=37120 (0x9100) > smb_vwv[ 8]= 44 (0x2C) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]= 7325 (0x1C9D) > smb_vwv[13]=65054 (0xFE1E) > smb_vwv[14]=50950 (0xC706) > smb_vwv[15]=50177 (0xC401) > smb_vwv[16]=30463 (0x76FF) > smb_bcc=118 > [snip] > Password: > Doing spnego session setup (blob length=118) > got OID=1 2 840 113554 1 2 2 > got OID=1 2 840 48018 1 2 2 > got OID=1 3 6 1 4 1 311 2 2 10 > got principal=cifs/[EMAIL PROTECTED] > write_socket(4,168) > write_socket(4,168) wrote 168 > got smb length of 324 > size=324 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=11408 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 217 (0xD9) > smb_bcc=281 > [snip] > size=324 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=11408 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 217 (0xD9) > smb_bcc=281 > [snip] > Got challenge flags: > Got NTLMSSP neg_flags=0x60890215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_CHAL_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP challenge set by NTLM2 > challenge is: > [000] 8B 81 0C 92 37 33 38 69 ....738i > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > write_socket(4,264) > write_socket(4,264) wrote 264 > read_socket_with_timeout: timeout read. select timed out. > receive_smb_raw: length < 0! > client_receive_smb failed > size=324 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=11408 > smb_uid=100 > smb_mid=2 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 217 (0xD9) > smb_bcc=281 > [snip] > SPNEGO login failed: NT_STATUS_IO_TIMEOUT > lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory > session setup failed: Call timed out: server did not respond after 20000 > milliseconds > > Any ideas what's wrong? > > Best regards > db > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- *************************************************************************** * Jean-Vincent BAYARRI Ingénieur système & réseau * * Service Informatique Laboratoire Central des Ponts et Chaussées * * 58, boulevard Lefebvre 75732 PARIS CEDEX 15 * * Tel 01 40 43 51 70 Fax 01 56 56 16 99 * *************************************************************************** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba