subject:"\[Samba\] net ads testjoin failed but net rpc testjoin work"

Re: [Samba] net ads testjoin failed but net rpc testjoin work

2010-04-22 Thread Thierry Leurent

Volker,

I tried wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida and it failed :(

plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc064)
error messsage was: No such user
Could not authenticate user EMPIRE\NuteGunray%CatoNeimoida with plaintext
password
challenge/response password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc064)
error messsage was: No such user
Could not authenticate user EMPIRE\NuteGunray with challenge/response

== /var/log/samba/wb-EMPIRE.log ==
[2010/04/22 08:25:34, 3]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755)
  [ 3235]: pam auth crap domain: EMPIRE user: EMPIRE\NuteGunray
[2010/04/22 08:25:34, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [EMPIRE]\[EMPIRE\NuteGunray] returned
NT_STATUS_NO_SUCH_USER (PAM: 10)

== /var/log/samba/winbindd.log ==
[2010/04/22 08:25:34, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 8479]: request interface version
[2010/04/22 08:25:34, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 8479]: request location of privileged pipe
[2010/04/22 08:25:34, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(751)
  [ 8479]: pam auth EMPIRE\NuteGunray
[2010/04/22 08:25:34, 3] nsswitch/winbindd_misc.c:winbindd_info(479)
  [ 8479]: request misc info
[2010/04/22 08:25:34, 3] nsswitch/winbindd_misc.c:winbindd_domain_name(501)
  [ 8479]: request domain name
[2010/04/22 08:25:34, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1689)
  [ 8479]: pam auth crap domain: [EMPIRE] user: EMPIRE\NuteGunray


Yesterday, I saw a little error in my krb5.conf, I forgot last newline.
This morning after your test, I corrected it but wbinfo -t failed the
RPC with error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
(0xc233) :(
After few search, I resolved the problem by adding lines in my
configurations files.

In my smb.conf it the general section, I add this 2 lines:
winbind use default domain = Yes
winbind nested groups = Yes


In My krb5.conf, I add this section
[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
}

After a restart of winbind, wbinto -t worked


I tried wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida and it failed but in my
/var/log/samba/wb-EMPIRE.log, I saw dual pam auth
EMPIRE+EMPIRE\NuteGunray.
+ is my winbind separator, it's look like, samba used 2 EMPIRE one as the
domain implicit, and one as a group explicit in my wbinfo command.

I joined the domain again with a net join ads.
net ads testjoin don't work and net rpc testjoin work like yesterday.

wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc064)
error messsage was: No such user
Could not authenticate user EMPIRE\NuteGunray%CatoNeimoida with plaintext
password
challenge/response password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc064)
error messsage was: No such user
Could not authenticate user EMPIRE\NuteGunray with challenge/response

== /var/log/samba/wb-EMPIRE.log ==
[2010/04/22 11:54:47, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341)
  [ 8693]: dual pam auth EMPIRE+EMPIRE\NuteGunray
[2010/04/22 11:54:47, 2] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1584)
  Plain-text authentication for user EMPIRE+EMPIRE\NuteGunray returned
NT_STATUS_NO_SUCH_USER (PAM: 10)
[2010/04/22 11:54:47, 3]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755)
  [ 8693]: pam auth crap domain: EMPIRE user: EMPIRE\NuteGunray
[2010/04/22 11:54:47, 2]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1931)
  NTLM CRAP authentication for user [EMPIRE]\[EMPIRE\NuteGunray] returned
NT_STATUS_NO_SUCH_USER (PAM: 10)

== /var/log/samba/winbindd.log ==
[2010/04/22 11:54:47, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [ 8950]: request interface version
[2010/04/22 11:54:47, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [ 8950]: request location of privileged pipe
[2010/04/22 11:54:47, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(751)
  [ 8950]: pam auth EMPIRE\NuteGunray
[2010/04/22 11:54:47, 3] nsswitch/winbindd_misc.c:winbindd_info(479)
  [ 8950]: request misc info
[2010/04/22 11:54:47, 3] nsswitch/winbindd_misc.c:winbindd_domain_name(501)
  [ 8950]: request domain name
[2010/04/22 11:54:47, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1689)
  [ 8950]: pam auth crap domain: [EMPIRE] user: EMPIRE\NuteGunray

wbinfo -a EMPIRE+NuteGunray%CatoNeimoida
plaintext password authentication succeeded
challenge/response password authentication succeeded

[2010/04/22 13:10:23, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth(1341)
  [ 8693]: dual pam auth EMPIRE+NuteGunray
[2010/04/22 13:10:23, 3]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1755)
  [ 8693]: pam auth crap domain: EMPIRE user: NuteGunray

== /var/log/samba/winbindd.log ==
[2010/04/22 13:10:23,

Re: [Samba] net ads testjoin failed but net rpc testjoin work

2010-04-22 Thread Volker Lendecke

On Thu, Apr 22, 2010 at 01:38:53PM +0200, Thierry Leurent wrote:
 wbinfo -a EMPIRE+NuteGunray%CatoNeimoida
 plaintext password authentication succeeded
 challenge/response password authentication succeeded

Sorry, I had not seen that you have set your winbind
separator to + .

 I really have some troubles to understand Samba and Active Directory.

Samba is a very flexible tool. You might start out with an
almost empty smb.conf tool just using the workgroup
parameter and make that work. The advantage of this approach
is that much of the documentation out there does not take
many of the possible settings into account.

Volker


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] net ads testjoin failed but net rpc testjoin work

2010-04-21 Thread Thierry Leurent

Hello,

I have a very strange trouble with samba 3.0.33 when I integrate a Linux
server in my Windows 2003 AD.
I do :
 - kinit administartor, it's work.
 - klist, it's work too.
 - net join ads -U administrator, it's work. I hev the message that my
computer has join the domain and I see the Linux in my Domain.
 - wbinfo -t give me checking the trust secret via RPC calls succeeded.
 - wbinfo -u give me all the users of my domain.
 - wbinfo -g give me all the groups of my domain.
 - wbinfo -a NuteGunray%CatoNeimoida return plaintext password
authentication failed
 error code was 
NT_STATUS_NO_SUCH_USER (0xc064)
 error messsage was: No such user
 Could not authenticate user 
NuteGunray%CatoNeimoida with
plaintext password
 challenge/response password 
authentication succeeded
   It's normal ? Perhaps, I have encrypt password = yes in my smb.conf.

But when I do net ads testjoin, I have ads_connect: No logon servers
   Join to domain is not valid: No logon 
servers

With a Debug Level 3, I recieve this messages.
[2010/04/21 14:36:21, 3] param/loadparm.c:lp_load(5069)
  lp_load: refreshing parameters
[2010/04/21 14:36:21, 3] param/loadparm.c:init_globals(1440)
  Initialising global parameters
[2010/04/21 14:36:21, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file /etc/samba/smb.conf
[2010/04/21 14:36:21, 3] param/loadparm.c:do_section(3808)
  Processing section [global]
[2010/04/21 14:36:21, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0
[2010/04/21 14:36:21, 3] libsmb/namequery.c:get_dc_list(1495)
  get_dc_list: preferred server list: , *
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
  Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 192.168.10.116 failed.
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
  Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 192.168.10.110 failed.
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
  Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 192.168.50.75 failed.
[2010/04/21 14:36:28, 1] libads/cldap.c:recv_cldap_netlogon(219)
  no reply received to cldap netlogon
[2010/04/21 14:36:28, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 10.10.10.116 failed.
[2010/04/21 14:36:35, 1] libads/cldap.c:recv_cldap_netlogon(219)
  no reply received to cldap netlogon
[2010/04/21 14:36:35, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 10.10.10.110 failed.
[2010/04/21 14:36:35, 0] utils/net_ads.c:ads_startup_int(286)
  ads_connect: No logon servers
Join to domain is not valid: No logon servers
[2010/04/21 14:36:35, 2] utils/net.c:main(1075)
  return code = -1

I see the IP of :
 - My Linux Computer: 192.168.120.2
 - My First DC general network  : 192.168.10.110
 - My First DC backup network   : 10.10.10.110
 - My Second DC general network : 192.168.10.116
 - My Second DC backup network  : 10.10.10.116
 - My Third DC general network  : 192.168.50.75 (this don't have a backup
network).


After reading lots of pages on Google, I try a net rpc testjoin -d3
[2010/04/21 15:09:25, 3] param/loadparm.c:lp_load(5069)
  lp_load: refreshing parameters
[2010/04/21 15:09:25, 3] param/loadparm.c:init_globals(1440)
  Initialising global parameters
[2010/04/21 15:09:25, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file /etc/samba/smb.conf
[2010/04/21 15:09:25, 3] param/loadparm.c:do_section(3808)
  Processing section [global]
[2010/04/21 15:09:25, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_start_connection(1563)
  Connecting to host=dc001
[2010/04/21 15:09:25, 3] lib/util_sock.c:open_socket_out(866)
  Connecting to 192.168.10.110 at port 445
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(805)
  Doing spnego session setup (blob length=119)
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 2 840 48018 1 2 2
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 2 840 113554 1 2 2
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 2 840 113554 1 2 2 3
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 3 6 1 4 1 311 2 2 10
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(840)
  got principal=dc0...@empire.local
[2010/04/21 15:09:25, 3]

Re: [Samba] net ads testjoin failed but net rpc testjoin work

2010-04-21 Thread Volker Lendecke

On Wed, Apr 21, 2010 at 04:29:27PM +0200, Thierry Leurent wrote:
  - wbinfo -a NuteGunray%CatoNeimoida return plaintext password

Please try

wbinfo -a EMPIRE\\NuteGunray%CatoNeimoida

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] net ads testjoin failed but net rpc testjoin work

Re: [Samba] net ads testjoin failed but net rpc testjoin work

[Samba] net ads testjoin failed but net rpc testjoin work

Re: [Samba] net ads testjoin failed but net rpc testjoin work

4 matches

Site Navigation

Mail list logo

Footer information