Hi folks -
Not fifteen minutes after I sent this message, I've solved the problem.
I've been fighting with this for a while now (over a year; I've been
delaying Vista deployments because of this). I never would've guessed
that taking the RPC out of the net join command would fix it.
But it did.
This is the fix (at least for me):
join the domain with, "net join -U administrator <domain>", not, "net
join RPC -U administrator <domain>".
Thanks and sorry for the spam!
Alainna
Alainna C. White wrote:
Hi Folks -
I'm experiencing a very strange problem with Server 2008 machines (for
all intents and purposes related to Samba, it's Vista) connecting to a
Samba Server. The Samba machine is a RHEL4.6 machine running Samba
3.0.25b. I am joined to the mixed mode AD domain via the command "net
rpc join -U administrator <domain>". I am not using winbind or
kerberos. Or at least, I am not trying to. The smb.conf file is at
the bottom of this email. I've removed things like disallowed users
from the file to keep it brief.
I have another samba machine with the very same OS and release, and it
works fine.
When I try to connect to the Samba machine from the 2k8 machine using
the UNC path, I get a "network path not found" message. Oddly, if I
use '\\ipaddress' it works just fine.
I used Wireshark to look at the packets, and there is one glaring
difference between the working samba install and the non-working samba
install: in the Session Setup andX Request packet (under the
"security blob") that the client sends to the samba server, the
working one lists one mechtype: NTLMSSP. The non-working one lists
three mechtypes: MS KRB5, KRB5, NTLMSSP, in that order. The
non-working one has a krb5 ticket further down in the packet.
Samba logs show an error:
Failed to parse NTLMSSP packet, could not extract NTLMSSP command
[2009/03/18 10:39:36, 1] libsmb/ntlmssp.c:ntlmssp_update(327)
I don't think it should be able to parse the NTLMSSP packet, since it
isn't an NTLMSSP packet. It's a KRB5 ticket. At least, to the best
that I can understand
I have tried copying the working SMB.CONF file to the non-working
host, and that didn't help at all.
To me it seems like the client is requesting KRB5 authentication. I'm
not good enough with network packets to see if the server requested
that type of session, but as far as I can tell it did not.
Any help would be greatly appreciated.
Thanks,
Alainna
--------SMB.CONF-----------
[global]
hosts allow = xxx.xxx.xxx.
workgroup = dss
security = domain
password server = *
encrypt passwords = yes
wins support = no
debug level = 1
guest ok = no
inherit permissions = yes
username map = /etc/samba/smbusers
-------------------------------------
--
Alainna C. White
Johns Hopkins University
Physics & Astronomy, 3701 San Martin Drive, Baltimore MD 21218
Voice: 410 516 4536 | Email: alai...@pha.jhu.edu
http://skysrv.pha.jhu.edu/~alainna
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
