Hi All, I've tried everything I can think of, and spent many many hours trying to get this Sun Solaris 8 machine to authenticate with a Linux 7.1 machine acting as the PDC. In summary: Both machines are running 2.2.3a compiled from source without additional arguments (just ran configure on each platform) No problems with Win95, Win98, WinNT authenticating with the Linux PDC. The Sun machine can attach to any other machine in the network, no other machine on the network can attach to the Sun one, as it invariably fails on obtaining authentication with the PDC. A couple of the messages in the logs are as follows. connect_to_domain_password_server: unable to setup the PDC credentials to machine GFMNET01. Error was : SUCCESS - 0. tdb((NULL)): tdb_open_ex: could not open file /usr/local/samba/var/locks/unexpected.tdb: No such file or directory I have tried copying the "unexpected.tdb" file from the PDC to the Sun knowing that it probably shouldn't be done that way, but as yet I have had no response to any posts, so I'm stuck between a big rock and a hard place. Needless to say, that didn't work. (Should this file be automatically created, and if so under what circumstances?) It has never appeared on the Sun machine, until I copied it there from the PDC. I'm now going to remove it as whatever the PDC stored in there has no business being on a domain member machine (I'm guessing here) I've read through the source started in password.c and think I know roughly what's going on. But it seems to me that the Sun machine doesn't correctly interpret an OK response from the PDC. (Byte Order issues?) -- Who knows? Not I. Really desparate now. Any comments welcome, Please comment!? Con Harte A Broken Systems Administrator GFM Services Ltd. PS. If there's anyone out there that plays Telegraph Fantasy Football, you're gonna have to suffer till I get this issue resolved. It's hogging all my time. :) -------------- next part -------------- HTML attachment scrubbed and removed
Con Harte wrote:> > Hi All, > > I've tried everything I can think of, and spent many many > hours trying to get this Sun Solaris 8 machine to authenticate > with a Linux 7.1 machine acting as the PDC. > > In summary: > Both machines are running 2.2.3a compiled from source > without additional arguments (just ran configure on each platform) > No problems with Win95, Win98, WinNT authenticating with the Linux > PDC. > The Sun machine can attach to any other machine in the network, > no other machine on the network can attach to the Sun one, as it > invariably fails on obtaining authentication with the PDC. > > A couple of the messages in the logs are as follows. > connect_to_domain_password_server: unable to setup the PDC credentials > to machine GFMNET01. Error was : SUCCESS - 0. > tdb((NULL)): tdb_open_ex: could not open file > /usr/local/samba/var/locks/unexpected.tdb: No such file or directoryHave you started nmbd? It creates this file and fills it with 'unexpected' packets to work around win9x bugs. -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net samba.org build.samba.org hawkerc.net
Hi Andrew, Thanks for your prompt response. The nmbd daemon is running, as shown in this ps output. e250:/usr/local/samba 869 > ps -fe | grep mbd root 15144 1 0 19:47:54 ? 0:00 smbd root 15835 12915 0 12:03:35 pts/1 0:00 grep mbd root 15055 1 0 19:02:23 ? 0:03 nmbd Which should be started first, nmbd or smbd? Or does it not make much difference as long as they both start a short time within each other? As you can see here I stopped the smbd process, and started a new one at 19:47 last night, and left the previously running nmbd. Is this ok to do? I will now shut down both processes, remove the unexpected.tdb and start both up, and let you know when it appears, or if it doesn't. How long is a reasonable amount of time for it to run before it starts populating the file. Does it need an empty file to start working? The Sun machine doesn't get many requests at the moment, but it is going to be a mass backup device for all our PCs (amongst other things to do with databases and other boring stuff) Thanks, Con. At 11:54 14/02/02, you wrote:>Con Harte wrote: > > > > Hi All, > > > > I've tried everything I can think of, and spent many many > > hours trying to get this Sun Solaris 8 machine to authenticate > > with a Linux 7.1 machine acting as the PDC. > > > > In summary: > > Both machines are running 2.2.3a compiled from source > > without additional arguments (just ran configure on each platform) > > No problems with Win95, Win98, WinNT authenticating with the Linux > > PDC. > > The Sun machine can attach to any other machine in the network, > > no other machine on the network can attach to the Sun one, as it > > invariably fails on obtaining authentication with the PDC. > > > > A couple of the messages in the logs are as follows. > > connect_to_domain_password_server: unable to setup the PDC credentials > > to machine GFMNET01. Error was : SUCCESS - 0. > > tdb((NULL)): tdb_open_ex: could not open file > > /usr/local/samba/var/locks/unexpected.tdb: No such file or directory > >Have you started nmbd? It creates this file and fills it with >'unexpected' packets to work around win9x bugs. > >-- >Andrew Bartlett abartlet@pcug.org.au >Manager, Authentication Subsystems, Samba Team abartlet@samba.org >Student Network Administrator, Hawker College abartlet@hawkerc.net >samba.org build.samba.org hawkerc.net > >-- >To unsubscribe from this list go to the following URL and read the >instructions: lists.samba.org/mailman/listinfo/samba-------------- next part -------------- HTML attachment scrubbed and removed
How did you join the Sun machine to the domain? There was a bug in 2.2.3a in using smbpasswd with the -U option in joining the domain (only on big endian machines - what CPU is on your Sun). Try the latest CVS from the 2.2 branch and see if this fixes your problem. There may still be more byte-order problems, I just haven't found them yet. Con Harte wrote:> > Hi All, > > I've tried everything I can think of, and spent many many > hours trying to get this Sun Solaris 8 machine to authenticate > with a Linux 7.1 machine acting as the PDC. > > In summary: > Both machines are running 2.2.3a compiled from source > without additional arguments (just ran configure on each platform) > No problems with Win95, Win98, WinNT authenticating with the Linux > PDC. > The Sun machine can attach to any other machine in the network, > no other machine on the network can attach to the Sun one, as it > invariably fails on obtaining authentication with the PDC. > > A couple of the messages in the logs are as follows. > connect_to_domain_password_server: unable to setup the PDC credentials > to machine GFMNET01. Error was : SUCCESS - 0. > tdb((NULL)): tdb_open_ex: could not open file > /usr/local/samba/var/locks/unexpected.tdb: No such file or directory > > I have tried copying the "unexpected.tdb" file from the PDC to the Sun > knowing that it probably shouldn't be done that way, but as yet I have > had no response to any posts, so I'm stuck between a big rock and a > hard > place. > > Needless to say, that didn't work. (Should this file be automatically > created, and if so under what circumstances?) It has never appeared on > the Sun machine, until I copied it there from the PDC. I'm now going > to remove it as whatever the PDC stored in there has no business being > on a domain member machine (I'm guessing here) > > I've read through the source started in password.c and think I know > roughly what's going on. But it seems to me that the Sun machine > doesn't correctly interpret an OK response from the PDC. > (Byte Order issues?) -- Who knows? Not I. > > Really desparate now. > Any comments welcome, > Please comment!? > > Con Harte > A Broken Systems Administrator > GFM Services Ltd. > > PS. If there's anyone out there that plays Telegraph Fantasy > Football, > you're gonna have to suffer till I get this issue resolved. It's > hogging > all my time. :)-- =====================================================================Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 sgi.com Fax: 650-932-2177 ======================================================================
Hi Herb. That patch has fixed it. I'm quite surprised I hadn't heard about the problem already, although after the end of the NTDOM list I didn't immediately join the main Samba list, probably missed all pertinent discussions. Thanks again, Con Harte. At 15:37 14/02/02, you wrote:>Con Harte wrote: > > > > Hi Herb, > > > > Thanks for that, it certainly makes sense... > > > > The Sun machine is an Enterprise 250 with the following CPUs. > > cpu0: SUNW,UltraSPARC-II (upaid 0 impl 0x11 ver 0x90 clock 400 MHz) > > cpu1: SUNW,UltraSPARC-II (upaid 1 impl 0x11 ver 0x90 clock 400 MHz) > > > > I did use the -U option in smbpasswd. Reason being that there was > > no entry for user "root" in the PDCs smbpasswd file (Security) > > > > I'll look into retrieving stuff from the CVS. I've always avoided > > that because of time restraints, but right now I have so much work > > piling up that if I can get this one thing out the way it'll be a > > great start. > > > > In the meantime I'll try to join the domain without using -U. > > > > Cheers, > > > > Con. > >It's a one line fix if you just want to recompile smbpasswd > >==================================================================>RCS file: /cvsroot/samba/source/utils/smbpasswd.c,v >retrieving revision 1.93.2.26 >retrieving revision 1.93.2.27 >diff -u -r1.93.2.26 -r1.93.2.27 >--- samba/source/utils/smbpasswd.c 2002/02/12 15:39:11 >1.93.2.26 >+++ samba/source/utils/smbpasswd.c 2002/02/14 02:02:55 >1.93.2.27 >@@ -453,7 +453,7 @@ > > encode_pw_buffer((char *)pwbuf, machine_pwd, plen, >False); > >- nt_owf_genW(&upw, ntpw); >+ mdfour( ntpw, (char *)upw.buffer, plen); > } > > /* Set password on machine account */ >-- >=====================================================================>Herb Lewis Silicon Graphics >Networking Engineer 1600 Amphitheatre Pkwy MS-510 >Strategic Software Organization Mountain View, CA 94043-1351 >herb@sgi.com Tel: 650-933-2177 >sgi.com Fax: 650-932-2177 >======================================================================