Re: [Samba] net ads testjoin failed but net rpc testjoin work
Volker, I tried wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida and it failed :( plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user EMPIRE\NuteGunray%CatoNeimoida with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user EMPIRE\NuteGunray with challenge/response == /var/log/samba/wb-EMPIRE.log == [2010/04/22 08:25:34, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755) [ 3235]: pam auth crap domain: EMPIRE user: EMPIRE\NuteGunray [2010/04/22 08:25:34, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) NTLM CRAP authentication for user [EMPIRE]\[EMPIRE\NuteGunray] returned NT_STATUS_NO_SUCH_USER (PAM: 10) == /var/log/samba/winbindd.log == [2010/04/22 08:25:34, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 8479]: request interface version [2010/04/22 08:25:34, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 8479]: request location of privileged pipe [2010/04/22 08:25:34, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(751) [ 8479]: pam auth EMPIRE\NuteGunray [2010/04/22 08:25:34, 3] nsswitch/winbindd_misc.c:winbindd_info(479) [ 8479]: request misc info [2010/04/22 08:25:34, 3] nsswitch/winbindd_misc.c:winbindd_domain_name(501) [ 8479]: request domain name [2010/04/22 08:25:34, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1689) [ 8479]: pam auth crap domain: [EMPIRE] user: EMPIRE\NuteGunray Yesterday, I saw a little error in my krb5.conf, I forgot last newline. This morning after your test, I corrected it but wbinfo -t failed the RPC with error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) :( After few search, I resolved the problem by adding lines in my configurations files. In my smb.conf it the general section, I add this 2 lines: winbind use default domain = Yes winbind nested groups = Yes In My krb5.conf, I add this section [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } After a restart of winbind, wbinto -t worked I tried wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida and it failed but in my /var/log/samba/wb-EMPIRE.log, I saw dual pam auth EMPIRE+EMPIRE\NuteGunray. + is my winbind separator, it's look like, samba used 2 EMPIRE one as the domain implicit, and one as a group explicit in my wbinfo command. I joined the domain again with a net join ads. net ads testjoin don't work and net rpc testjoin work like yesterday. wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user EMPIRE\NuteGunray%CatoNeimoida with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user EMPIRE\NuteGunray with challenge/response == /var/log/samba/wb-EMPIRE.log == [2010/04/22 11:54:47, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341) [ 8693]: dual pam auth EMPIRE+EMPIRE\NuteGunray [2010/04/22 11:54:47, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1584) Plain-text authentication for user EMPIRE+EMPIRE\NuteGunray returned NT_STATUS_NO_SUCH_USER (PAM: 10) [2010/04/22 11:54:47, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755) [ 8693]: pam auth crap domain: EMPIRE user: EMPIRE\NuteGunray [2010/04/22 11:54:47, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931) NTLM CRAP authentication for user [EMPIRE]\[EMPIRE\NuteGunray] returned NT_STATUS_NO_SUCH_USER (PAM: 10) == /var/log/samba/winbindd.log == [2010/04/22 11:54:47, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [ 8950]: request interface version [2010/04/22 11:54:47, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [ 8950]: request location of privileged pipe [2010/04/22 11:54:47, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(751) [ 8950]: pam auth EMPIRE\NuteGunray [2010/04/22 11:54:47, 3] nsswitch/winbindd_misc.c:winbindd_info(479) [ 8950]: request misc info [2010/04/22 11:54:47, 3] nsswitch/winbindd_misc.c:winbindd_domain_name(501) [ 8950]: request domain name [2010/04/22 11:54:47, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1689) [ 8950]: pam auth crap domain: [EMPIRE] user: EMPIRE\NuteGunray wbinfo -a EMPIRE+NuteGunray%CatoNeimoida plaintext password authentication succeeded challenge/response password authentication succeeded [2010/04/22 13:10:23, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341) [ 8693]: dual pam auth EMPIRE+NuteGunray [2010/04/22 13:10:23, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755) [ 8693]: pam auth crap domain: EMPIRE user: NuteGunray == /var/log/samba/winbindd.log == [2010/04/22 13:10:23,
Re: [Samba] net ads testjoin failed but net rpc testjoin work
On Thu, Apr 22, 2010 at 01:38:53PM +0200, Thierry Leurent wrote: wbinfo -a EMPIRE+NuteGunray%CatoNeimoida plaintext password authentication succeeded challenge/response password authentication succeeded Sorry, I had not seen that you have set your winbind separator to + . I really have some troubles to understand Samba and Active Directory. Samba is a very flexible tool. You might start out with an almost empty smb.conf tool just using the workgroup parameter and make that work. The advantage of this approach is that much of the documentation out there does not take many of the possible settings into account. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads testjoin failed but net rpc testjoin work
Hello, I have a very strange trouble with samba 3.0.33 when I integrate a Linux server in my Windows 2003 AD. I do : - kinit administartor, it's work. - klist, it's work too. - net join ads -U administrator, it's work. I hev the message that my computer has join the domain and I see the Linux in my Domain. - wbinfo -t give me checking the trust secret via RPC calls succeeded. - wbinfo -u give me all the users of my domain. - wbinfo -g give me all the groups of my domain. - wbinfo -a NuteGunray%CatoNeimoida return plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user NuteGunray%CatoNeimoida with plaintext password challenge/response password authentication succeeded It's normal ? Perhaps, I have encrypt password = yes in my smb.conf. But when I do net ads testjoin, I have ads_connect: No logon servers Join to domain is not valid: No logon servers With a Debug Level 3, I recieve this messages. [2010/04/21 14:36:21, 3] param/loadparm.c:lp_load(5069) lp_load: refreshing parameters [2010/04/21 14:36:21, 3] param/loadparm.c:init_globals(1440) Initialising global parameters [2010/04/21 14:36:21, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2010/04/21 14:36:21, 3] param/loadparm.c:do_section(3808) Processing section [global] [2010/04/21 14:36:21, 2] lib/interface.c:add_interface(81) added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0 [2010/04/21 14:36:21, 3] libsmb/namequery.c:get_dc_list(1495) get_dc_list: preferred server list: , * [2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 192.168.10.116 failed. [2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 192.168.10.110 failed. [2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 192.168.50.75 failed. [2010/04/21 14:36:28, 1] libads/cldap.c:recv_cldap_netlogon(219) no reply received to cldap netlogon [2010/04/21 14:36:28, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 10.10.10.116 failed. [2010/04/21 14:36:35, 1] libads/cldap.c:recv_cldap_netlogon(219) no reply received to cldap netlogon [2010/04/21 14:36:35, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 10.10.10.110 failed. [2010/04/21 14:36:35, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers Join to domain is not valid: No logon servers [2010/04/21 14:36:35, 2] utils/net.c:main(1075) return code = -1 I see the IP of : - My Linux Computer: 192.168.120.2 - My First DC general network : 192.168.10.110 - My First DC backup network : 10.10.10.110 - My Second DC general network : 192.168.10.116 - My Second DC backup network : 10.10.10.116 - My Third DC general network : 192.168.50.75 (this don't have a backup network). After reading lots of pages on Google, I try a net rpc testjoin -d3 [2010/04/21 15:09:25, 3] param/loadparm.c:lp_load(5069) lp_load: refreshing parameters [2010/04/21 15:09:25, 3] param/loadparm.c:init_globals(1440) Initialising global parameters [2010/04/21 15:09:25, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2010/04/21 15:09:25, 3] param/loadparm.c:do_section(3808) Processing section [global] [2010/04/21 15:09:25, 2] lib/interface.c:add_interface(81) added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_start_connection(1563) Connecting to host=dc001 [2010/04/21 15:09:25, 3] lib/util_sock.c:open_socket_out(866) Connecting to 192.168.10.110 at port 445 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(805) Doing spnego session setup (blob length=119) [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 2 840 48018 1 2 2 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 2 840 113554 1 2 2 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 2 840 113554 1 2 2 3 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 3 6 1 4 1 311 2 2 10 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(840) got principal=dc0...@empire.local [2010/04/21 15:09:25, 3]
Re: [Samba] net ads testjoin failed but net rpc testjoin work
On Wed, Apr 21, 2010 at 04:29:27PM +0200, Thierry Leurent wrote: - wbinfo -a NuteGunray%CatoNeimoida return plaintext password Please try wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba