Thanks TMS, that is not a major problem as of now..
i dont know why but i m facing many problems/errors while using samba :).
now the major problem is wbinfo -g is not showing the full list. only few
domain groups it is showing . do u have any idea about this ??? .please
help
On Fri, Jun 25, 2010 at 6:44 PM, <tms3 at tms3.com> wrote:
>
>
>
> --- Original message ---
> *Subject:* Re: [Samba] samba winbind problem with trusted domains
> *From:* ****@ppu <appaji04cn002 at gmail.com>
> *To:* <tms3 at tms3.com>
> *Date:* Friday, 25/06/2010 4:09 AM
>
> hi
>
> yes netbios is active on windows machines and i m able to ping samba server
> with .domain.extension. it is asking for user authentiation but it is not
> taking when i give user ID and PWD.
>
> I had that problem with 3.0.9 on FreeBSD YEARS ago...can't remember
what I
> did. Let's see:
>
> In smb.conf, this wouldn't hurt:
>
> workgroup = (NETBIOS NAME OF AD DOMAIN)
>
> Since you have WIndoze servers, turning on WINS on it and adding:
>
> wins server = <wins ip addy>
> remote announce = <wins ip addy>/<netbios workgroup
name>
> remore browse sync = <wins ip addy>
>
> You also want to do some nbtstat commands on the workstations to see if
> they are resolving netbios properly.
>
> Something else just dawned on me, something about W2K8 and NTLMv2
> credentials. IDK maybe the netbios name is trying to auth by NTLMv2 and IP
> addy by kerberos...Like I said IDK, need to see packets.
>
> Cheers,
>
> TMS III
>
>
>
>
>
>
> On Thu, Jun 24, 2010 at 6:26 PM, <tms3 at tms3.com> wrote:
>
>>
>>
>> SNIP
>>
>>
>> thanks for your reply .Those are trusted domains and wbinfo-m is
showing
>> all the trusted domains.
>>
>> Anyways I have resolved the problem with Likewise open backend
>> authentication tool. :) . But now I am facing another problem . i am
not
>> able to access samba shares using netbios name
>>
>> Is netbios active on windows machines? How is netbios being handled
>>
>> even with full machine FQDN wherears it is accessible with IP address.
>>
>> Is the samba machine in DNS? ping
<myserver>.<mydomain>.<extention>
>>
>> can you please help me ....
>>
>>
>>
>> On Wed, Jun 23, 2010 at 6:16 PM, <tms3 at tms3.com> wrote:
>>
>>>
>>>
>>>
>>> On Wednesday 23/06/2010 at 12:12 am, ****@ppu wrote:
>>>
>>> hi all
>>>
>>> i am new to samba and struggling with trusted domains
authentication from
>>> many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain (
>>> testraju.ad) .
>>>
>>> i have joined samba server as a member to win2k8 domain
(testraju.ad)
>>> using
>>> net ads join commands /
>>>
>>> i m able to access samba shares using testraju.ad user ID's
successfully
>>> ,
>>> while authenticating with corp.raju.ad users i m unable to.....log
is
>>> showing as NT_STATUS NO_SUCH USER
>>>
>>> In such situations, the forrest testaju.ad must have a trust with
>>> corp.raju.ad, which would be controlled by the Windoze DC's.
Samba NT
>>> style domain trusts are not applicable to member servers. Member
servers
>>> are little more than domain joined machines.
>>>
>>> Cheers,
>>>
>>> TMS III
>>>
>>>
>>>
>>> follwing is my smb.conf file
>>>
>>>
>>> [global]
>>> log file = /var/log/samba/%m
>>> load printers = yes
>>> idmap gid = 600-2000000
>>> interfaces = 127.0.0.1 eth0
>>> encrypt passwords = yes
>>> realm = testraju.ad
>>> winbind use default domain = true
>>> template shell = /bin/bash
>>> netbios name = slclinuxfs001
>>> winbind enum users = no
>>> idmap uid = 600-2000000
>>> password server = hsttestadc001.testraju.ad
>>> winbind nested groups = YeS
>>> workgroup = test
>>> winbind enum groups = no
>>> security = ADS
>>> max log size = 50000
>>> bind interfaces only = true
>>> log level = 3
>>>
>>>
>>> #winbind separator = \
>>>
>>>
>>> [raju]
>>> comment = test share
>>> path = /tmp/raju
>>> browsable = yes
>>> available = yes
>>> writable = yes
>>> readonly = no
>>> valid users = "@RAJU\domain users"
"@TEST\domain users"
>>>
>>>
>>>
>>> wbinfo -m is listing all trusted domains .
>>>
>>> i m able to authenticate trusted domain user with wbinfo
>>> --authenticate=raju\\pa72635%password (2 back slashes)
>>>
>>>
>>> i have enabled logging on and following is the client log when i
access
>>> with trusted domain user ID .
>>>
>>>
>>> [2010/06/23 12:47:38.010714, 3]
auth/auth.c:216(check_ntlm_password)
>>> check_ntlm_password: Checking password for unmapped user
>>> []\[]@[HICMBSA001] with the new password interface
>>> [2010/06/23 12:47:38.010761, 3]
auth/auth.c:219(check_ntlm_password)
>>> check_ntlm_password: mapped user is:
[SLCLINUXFS001]\[]@[HICMBSA001]
>>> [2010/06/23 12:47:38.011642, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.011670, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.011709, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.011812, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.011921, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.011946, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.011969, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.012000, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.012286, 3]
auth/auth.c:265(check_ntlm_password)
>>> check_ntlm_password: guest authentication for user [] succeeded
>>> [2010/06/23 12:47:38.082054, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.082095, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.082119, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.082356, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.082422, 3] lib/privileges.c:63(get_privileges)
>>> get_privileges: No privileges assigned to SID
>>> [S-1-5-21-2180847254-3007464121-335579984-501]
>>> [2010/06/23 12:47:38.082464, 3] lib/privileges.c:63(get_privileges)
>>> get_privileges: No privileges assigned to SID [S-1-5-2]
>>> [2010/06/23 12:47:38.082503, 3] lib/privileges.c:63(get_privileges)
>>> get_privileges: No privileges assigned to SID [S-1-5-32-546]
>>> [2010/06/23 12:47:38.082587, 3]
>>> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> [2010/06/23 12:47:38.082624, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>> Got NTLMSSP neg_flags=0xa2088205
>>> [2010/06/23 12:47:38.082676, 3]
>>> smbd/password.c:282(register_existing_vuid)
>>> register_existing_vuid: User name: nobody Real name: Nobody
>>> [2010/06/23 12:47:38.082731, 3]
>>> smbd/password.c:292(register_existing_vuid)
>>> register_existing_vuid: UNIX uid 99 is UNIX user nobody, and
will be
>>> vuid
>>> 100
>>> [2010/06/23 12:47:38.097021, 3] smbd/process.c:1485(process_smb)
>>> Transaction 3 of length 94 (0 toread)
>>> [2010/06/23 12:47:38.097084, 3] smbd/process.c:1294(switch_message)
>>> switch message SMBtconX (pid 13230) conn 0x0
>>> [2010/06/23 12:47:38.097120, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.097407, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.097438, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.097460, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.097502, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.097552, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.097577, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.097599, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.097631, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.097691, 3]
smbd/service.c:807(make_connection_snum)
>>> Connect path is '/tmp' for service [IPC$]
>>> [2010/06/23 12:47:38.097843, 3] smbd/vfs.c:97(vfs_init_default)
>>> Initialising default vfs hooks
>>> [2010/06/23 12:47:38.097960, 3] smbd/vfs.c:122(vfs_init_custom)
>>> Initialising custom vfs hooks from [/[Default VFS]/]
>>> [2010/06/23 12:47:38.098162, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.098186, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.098208, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.098240, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.098277, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.098395, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.098418, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.098449, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.098494, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.098535, 3]
smbd/service.c:1069(make_connection_snum)
>>> hicmbsa001 (172.16.203.119) connect to service IPC$ initially as
user
>>> nobody (uid=99, gid=99) (pid 13230)
>>> [2010/06/23 12:47:38.098564, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.098595, 3] smbd/reply.c:846(reply_tcon_and_X)
>>> tconX service=IPC$
>>> [2010/06/23 12:47:38.117760, 3] smbd/process.c:1485(process_smb)
>>> Transaction 4 of length 116 (0 toread)
>>> [2010/06/23 12:47:38.117820, 3] smbd/process.c:1294(switch_message)
>>> switch message SMBtrans2 (pid 13230) conn 0x9a3ea28
>>> [2010/06/23 12:47:38.117855, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.118074, 3] smbd/msdfs.c:848(get_referred_path)
>>> get_referred_path: |RAJU| in dfs path \172.27.97.53\raju is not
a dfs
>>> root.
>>> [2010/06/23 12:47:38.118118, 3] smbd/error.c:80(error_packet_set)
>>> error packet at smbd/trans2.c(8002) cmd=50 (SMBtrans2)
>>> NT_STATUS_NOT_FOUND
>>> [2010/06/23 12:47:38.147166, 3] smbd/process.c:1485(process_smb)
>>> Transaction 5 of length 270 (0 toread)
>>> [2010/06/23 12:47:38.147235, 3] smbd/process.c:1294(switch_message)
>>> switch message SMBsesssetupX (pid 13230) conn 0x0
>>> [2010/06/23 12:47:38.147264, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.147297, 3]
>>> smbd/sesssetup.c:1435(reply_sesssetup_and_X)
>>> wct=12 flg2=0xc807
>>> [2010/06/23 12:47:38.147321, 3]
>>> smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
>>> Doing spnego session setup
>>> [2010/06/23 12:47:38.147376, 3]
>>> smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
>>> NativeOS=[Windows Server 2003 3790 Service Pack 2]
NativeLanMan=[]
>>> PrimaryDomain=[Windows Server 2003 5.2]
>>> [2010/06/23 12:47:38.147451, 3]
>>> smbd/sesssetup.c:805(reply_spnego_negotiate)
>>> reply_spnego_negotiate: Got secblob of size 40
>>> [2010/06/23 12:47:38.147493, 3]
libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>> Got NTLMSSP neg_flags=0xa2088207
>>> [2010/06/23 12:47:38.293953, 3]
>>> ../lib/util/util_net.c:68(interpret_string_addr_internal)
>>> interpret_string_addr_internal: getaddrinfo failed for name
>>> slclinuxfs001
>>> [Name or service not known]
>>> [2010/06/23 12:47:38.298064, 3]
lib/util_sock.c:1796(get_mydnsfullname)
>>> get_mydnsfullname: getaddrinfo failed for name slclinuxfs001
[Unknown
>>> error]
>>> [2010/06/23 12:47:38.309704, 3]
>>> ../lib/util/util_net.c:68(interpret_string_addr_internal)
>>> interpret_string_addr_internal: getaddrinfo failed for name
>>> slclinuxfs001
>>> [Name or service not known]
>>> [2010/06/23 12:47:38.309860, 3]
lib/util_sock.c:1796(get_mydnsfullname)
>>> get_mydnsfullname: getaddrinfo failed for name slclinuxfs001
[Unknown
>>> error]
>>> [2010/06/23 12:47:38.337483, 3] smbd/process.c:1485(process_smb)
>>> Transaction 6 of length 378 (0 toread)
>>> [2010/06/23 12:47:38.337555, 3] smbd/process.c:1294(switch_message)
>>> switch message SMBsesssetupX (pid 13230) conn 0x0
>>> [2010/06/23 12:47:38.337583, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.337623, 3]
>>> smbd/sesssetup.c:1435(reply_sesssetup_and_X)
>>> wct=12 flg2=0xc807
>>> [2010/06/23 12:47:38.337780, 3]
>>> smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
>>> Doing spnego session setup
>>> [2010/06/23 12:47:38.337812, 3]
>>> smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
>>> NativeOS=[Windows Server 2003 3790 Service Pack 2]
NativeLanMan=[]
>>> PrimaryDomain=[Windows Server 2003 5.2]
>>> [2010/06/23 12:47:38.337856, 3]
libsmb/ntlmssp.c:747(ntlmssp_server_auth)
>>> Got user=[BK72598_S] domain=[raju] workstation=[HICMBSA001]
len1=24
>>> len2=24
>>> [2010/06/23 12:47:38.338582, 3]
auth/auth.c:216(check_ntlm_password)
>>> check_ntlm_password: Checking password for unmapped user
>>> [RAJU]\[BK72598_S]@[HICMBSA001] with the new password interface
>>> [2010/06/23 12:47:38.338624, 3]
auth/auth.c:219(check_ntlm_password)
>>> check_ntlm_password: mapped user is:
[RAJU]\[BK72598_S]@[HICMBSA001]
>>> [2010/06/23 12:47:38.338659, 3] smbd/sec_ctx.c:210(push_sec_ctx)
>>> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.338684, 3] smbd/uid.c:429(push_conn_ctx)
>>> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.338708, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>>> [2010/06/23 12:47:38.383705, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
>>> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:38.485606, 2]
auth/auth.c:314(check_ntlm_password)
>>> check_ntlm_password: Authentication for user [BK72598_S] ->
>>> [BK72598_S]
>>> FAILED with error NT_STATUS_NO_SUCH_USER
>>> [2010/06/23 12:47:38.485672, 3] smbd/error.c:80(error_packet_set)
>>> error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX)
>>> NT_STATUS_LOGON_FAILURE
>>> [2010/06/23 12:47:48.362075, 3] smbd/process.c:1485(process_smb)
>>> Transaction 7 of length 43 (0 toread)
>>> [2010/06/23 12:47:48.362301, 3] smbd/process.c:1294(switch_message)
>>> switch message SMBulogoffX (pid 13230) conn 0x0
>>> [2010/06/23 12:47:48.362360, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:48.362605, 3] smbd/reply.c:2055(reply_ulogoffX)
>>> ulogoffX vuid=100
>>> [2010/06/23 12:47:48.372969, 3] smbd/process.c:1485(process_smb)
>>> Transaction 8 of length 39 (0 toread)
>>> [2010/06/23 12:47:48.372999, 3] smbd/process.c:1294(switch_message)
>>> switch message SMBtdis (pid 13230) conn 0x9a3ea28
>>> [2010/06/23 12:47:48.373023, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:48.373073, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:48.373104, 3] smbd/service.c:1250(close_cnum)
>>> hicmbsa001 (172.16.203.119) closed connection to service IPC$
>>> [2010/06/23 12:47:48.373204, 3]
smbd/connection.c:31(yield_connection)
>>> Yielding connection to IPC$
>>> [2010/06/23 12:47:48.373415, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:48.392269, 3] smbd/sec_ctx.c:310(set_sec_ctx)
>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>>> [2010/06/23 12:47:48.392370, 3]
smbd/connection.c:31(yield_connection)
>>> Yielding connection to
>>> [2010/06/23 12:47:48.392613, 3]
smbd/server.c:902(exit_server_common)
>>> Server exit (failed to receive smb request)
>>>
>>>
>>>
>>>
>>> please help me :(
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>
>>
>
>