Javier Castillo Alcibar
2002-Dec-13 13:33 UTC
[Samba] Problem authenticating with Samba (security=domain) + Windows 2000 PDC
Hi all!! I'd set up my samba 2.2.7 to auth with "security=domain" mode, but my clients cannot auth successfully never because the samba server cannot "talk" correctly with my PDC(w2k adv. Server). In the computer manager event, I see authentication request but with empty usernames......so the PDC reject the authentication request. Is this a know behaviour?? Here is my config: [global] workgroup = MYDOMAIN netbios name = DEBIANXFS server string = %h server (Samba %v) guest account = nobody invalid users = root security = domain max log size = 100000 password server = * syslog = 0 encrypt passwords = Yes socket options = TCP_NODELAY # --- End of Browser Control Options --- wins support = no wins server = 192.168.4.12 dns proxy = yes name resolve order = wins lmhosts host bcast unix password sync = false passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . pam password change = no obey pam restrictions = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes -------------- next part -------------- HTML attachment scrubbed and removed
John H Terpstra
2002-Dec-13 17:51 UTC
[Samba] Problem authenticating with Samba (security=domain) + Windows 2000 PDC
On Fri, 13 Dec 2002, Javier Castillo Alcibar wrote:> I'd set up my samba 2.2.7 to auth with "security=domain" mode, but my > clients cannot auth successfully never because the samba server cannot > "talk" correctly with my PDC(w2k adv. Server). > > In the computer manager event, I see authentication request but with > empty usernames......so the PDC reject the authentication request.Did you use "smbpasswd -j mydomain -r pdc_name" to join the domain?> Is this a know behaviour??Yes, if your samba server did not join the domain.> Here is my config: > [global] > workgroup = MYDOMAIN > netbios name = DEBIANXFS > server string = %h server (Samba %v) > guest account = nobody > invalid users = root > security = domain > max log size = 100000 > password server = * > syslog = 0 > encrypt passwords = Yes > socket options = TCP_NODELAY > wins support = no > wins server = 192.168.4.12 > dns proxy = yes > name resolve order = wins lmhosts host bcast > unix password sync = false > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > pam password change = no > obey pam restrictions = yes > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind use default domain = yes- John T. -- John H Terpstra Email: jht@samba.org
Javier Castillo Alcibar
2002-Dec-16 07:34 UTC
[Samba] Problem authenticating with Samba (security=domain) + Windows 2000 PDC
Sure, I did it without problem..... -----Mensaje original----- De: John H Terpstra [mailto:jht@samba.org] Enviado el: viernes, 13 de diciembre de 2002 18:44 Para: Javier Castillo Alcibar CC: samba@lists.samba.org Asunto: Re: [Samba] Problem authenticating with Samba (security=domain) + Windows 2000 PDC On Fri, 13 Dec 2002, Javier Castillo Alcibar wrote:> I'd set up my samba 2.2.7 to auth with "security=domain" mode, but my > clients cannot auth successfully never because the samba server cannot > "talk" correctly with my PDC(w2k adv. Server). > > In the computer manager event, I see authentication request but with > empty usernames......so the PDC reject the authentication request.Did you use "smbpasswd -j mydomain -r pdc_name" to join the domain?> Is this a know behaviour??Yes, if your samba server did not join the domain.> Here is my config: > [global] > workgroup = MYDOMAIN > netbios name = DEBIANXFS > server string = %h server (Samba %v) > guest account = nobody > invalid users = root > security = domain > max log size = 100000 > password server = * > syslog = 0 > encrypt passwords = Yes > socket options = TCP_NODELAY > wins support = no > wins server = 192.168.4.12 > dns proxy = yes > name resolve order = wins lmhosts host bcast > unix password sync = false > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > pam password change = no > obey pam restrictions = yes > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind use default domain = yes- John T. -- John H Terpstra Email: jht@samba.org
Javier Castillo Alcibar
2002-Dec-16 17:20 UTC
[Samba] Problem authenticating with Samba (security=domain) + Windows 2000 PDC
I'm doing more tests.....with the Microsoft Network Monitor, I
capture a packet which contains:
.......................
TCP: .AP..., len: 438, seq:3042228556-3042228994, ack:3265237668,
win:64240, src: 445 dst:35027
NBT: SS: Session Message, Len: 434
SMB: R transact - NT error, System, Warning, Code = (5)
STATUS_BUFFER_OVERFLOW
MSRPC: c/o RPC Response: call 0x4 context 0x0 hint 0x16C cancels
0x0
R_LOGON: RPC Server response logon:NetrLogonSamLogon(..)
R_LOGON: PNETLOGON_AUTHENTICATOR ReturnAuthenticator {..}
R_LOGON: NETLOGON_CREDENTIAL Credential {..}
R_LOGON: DWORD timestamp = 1040057871 (0x3DFE060F)
R_LOGON: PNETLOGON_VALIDATION ValidationInformation {..}
R_LOGON: Switch Value = 3 (0x3)
R_LOGON: PNETLOGON_VALIDATION_SAM_INFO2 ValidationSam2
{..}
R_LOGON: OLD_LARGE_INTEGER LogonTime {..}
.........................
.........................
so, is possible that samba fails to interpret the pdc's answer
because of the smb warning??
Thx a lot.
Javier.
-----Mensaje original-----
De: Javier Castillo Alcibar
Enviado el: lunes 16 de diciembre de 2002 8:33
Para: 'John H Terpstra'
CC: 'samba@lists.samba.org'
Asunto: RE: [Samba] Problem authenticating with Samba (security=domain)
+ Windows 2000 PDC
Sure, I did it without problem.....
-----Mensaje original-----
De: John H Terpstra [mailto:jht@samba.org]
Enviado el: viernes, 13 de diciembre de 2002 18:44
Para: Javier Castillo Alcibar
CC: samba@lists.samba.org
Asunto: Re: [Samba] Problem authenticating with Samba (security=domain)
+ Windows 2000 PDC
On Fri, 13 Dec 2002, Javier Castillo Alcibar wrote:
> I'd set up my samba 2.2.7 to auth with "security=domain"
mode, but my
> clients cannot auth successfully never because the samba server cannot
> "talk" correctly with my PDC(w2k adv. Server).
>
> In the computer manager event, I see authentication request but with
> empty usernames......so the PDC reject the authentication request.
Did you use "smbpasswd -j mydomain -r pdc_name" to join the domain?
> Is this a know behaviour??
Yes, if your samba server did not join the domain.
> Here is my config:
> [global]
> workgroup = MYDOMAIN
> netbios name = DEBIANXFS
> server string = %h server (Samba %v)
> guest account = nobody
> invalid users = root
> security = domain
> max log size = 100000
> password server = *
> syslog = 0
> encrypt passwords = Yes
> socket options = TCP_NODELAY
> wins support = no
> wins server = 192.168.4.12
> dns proxy = yes
> name resolve order = wins lmhosts host bcast
> unix password sync = false
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
> pam password change = no
> obey pam restrictions = yes
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind use default domain = yes
- John T.
--
John H Terpstra
Email: jht@samba.org