samba - Apr 2003 - AW: Login from win2k client to samba PDC

John,

thanks for that hint. It did not kill the server by you are perfectly right.
I changed this and restarted the "smb" and "nmb" deamons -
unfortunately
with the same result.

When I watch e.g. the status with "swat" I see as follows after trying
with:

smbclient -U <user> -L win2k1

(what is strange since I connect as different user and not "nobody")
The
connectiosn seems to be up, no errro in the logs but all is referring to
that user "nobody". I even have added "nobody" to the
smbpasswd (but as you
can guess this did not help either).

Also I get the well known message "session setup failed:
NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE"

Cut from SWAT (Status page):

------------8<--------------

Active Connections
PID  Client  IP address
--------------------------------------
4654 win2k1  192.168.xx.xx .....

Active Shares
Share User   Group  PID  Client  Date
--------------------------------------
IPC$  nobody nobody 4654 win2k1  .....

------------8<---------------



Do you have an other idea?

Thank you
	Markus





"John H Terpstra" <jht@samba.org> schrieb im Newsbeitrag
news:<20030402162023$4954@gated-at.bofh.it>...
> On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
>
> > Dear Eric,
> >
> > thanks for your answer. I have non of the items you defined in the
global
> > section. There is also no error in the log file. So I'm realy at
the end
of
> > my "know-how"  (if any ...)
> >
> > My global section is:
> > ---------8<---------
> > [global]
> >         workgroup = TEST
> >         netbios aliases = TEST
>
> The above will kill your server! You can NOT have the workgroup name and a
> machine name that are the same.
>
> - John T.
>
> >         encrypt passwords = Yes
> >         log level = 3
> >         log file = /data/samba/log/samba.log.%m
> >         max log size = 100
> >         max xmit = 17384
> >         domain admin group = @root
> >         logon script = logon.bat %U %G %L
> >         logon path = \\sambasrv\profiles\%U
> >         logon home = /data/samba/data/users/%U
> >         domain logons = Yes
> >         os level = 34
> >         preferred master = True
> >         domain master = True
> >         map system = Yes
> >         map hidden = Yes
> > ---------8<---------
> >
> > Thanks, any other hint is very welcome
> >
> > Markus
> >
> >
> >
> > > -----Urspr?ngliche Nachricht-----
> > > Von: Eric Halverson [mailto:ehalverson@dchs.us]
> > > Gesendet: Mittwoch, 02. April 2003 18:48
> > > An: Markus PISTAUER (CISC)
> > > Cc: Samba List
> > > Betreff: Re: [Samba] Login from win2k client to samba PDC
> > >
> > >
> > > Do you have either of the following defined in your global
section:
> > >
> > > write list
> > > valid users
> > >
> > > also look in your log files for that machine to see if you're
getting
an
> > > error about invalid user nobody.  I was getting the same error
because
I
> > > defined those variables in the global section, which of course
made
the
> > > user nobody invalid as well as whoever else was undefined
(including
the
> > > machine account).
> > >
> > > On Wed, 2003-04-02 at 02:58, Markus PISTAUER (CISC) wrote:
> > > > I have joined my win2k client machines (win2k professional
or win2k
> > > > professional server) to my PDC. This worked fine and I did
all
> > > recommended
> > > > as e.g. in the HOWTO
> > > > http://hr.uoregon.edu/davidrl/samba/samba-pdc.html#joining.
> > > >
> > > > So far I can also login localy to the win2k client machines
> > > using a local
> > > > account and connect a network drive from the PDC using a
valid
> > > account on
> > > > the PDC (as given in the "smbpasswd" file)
> > > >
> > > > I have done all major steps:
> > > >
> > > > passwd file:
> > > > 	added users and machine accounts (as user <machine>$)
> > > > smbpasswd file:
> > > > 	added users with 'smbpasswd -a <user>'
> > > > 	added machines with 'smbpasswd -a <machine>
> > > > 	added user 'root' to smbpasswd
> > > > smb.conf:
> > > > 	all the necessary settings done (I can post the smb.conf if
> > > requested)
> > > >
> > > >
> > > > The problem:
> > > > ------------
> > > > If I try to login on the domain using the win2k client
machine
> > > (selecting
> > > > the domain instead of the local machine name the login
window) I
cannot
> > > > connect to the domain and get the error message:
> > > >    The system cannot log you on to this domain because the
system's
> > > >    computer account in its primary domain is missing or the
password
on
> > > >    that account is incorrect
> > > >
> > > >
> > > > My environments settings:
> > > > -------------------------
> > > > I'm using Samba 2.2.5 (release 160), win2k prof with SP3
or no
> > > SP, classic
> > > > authentication on the PDC. Linux Kernel is 2.4.19 (Build
174).
> > > > I have also tried 2.2.8 with same failure.
> > > >
> > > > Any help would be VERY appreciated.
> > > >
> > > > Thanks
> > > >
> > > > Markus Pistauer
> > > > mailto:m.pistauer@cisc.at
> > > >
> > > >
> >
> >
>
> --
> John H Terpstra
> Email: jht@samba.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

Markus,

Have you disabled sign-or-seal on your workstation? You will need to check
the security settings on your Win2K SP3 client to make sure that
"RequiresSignOrSeal is turned off.

Failing that, you will need to collect the samba log file as you try to
log onto the workstation so we can see what is going on.

- John T.

On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
> John,
>
> thanks for that hint. It did not kill the server by you are perfectly
right.
> I changed this and restarted the "smb" and "nmb"
deamons - unfortunately
> with the same result.
>
> When I watch e.g. the status with "swat" I see as follows after
trying with:
>
> smbclient -U <user> -L win2k1
>
> (what is strange since I connect as different user and not
"nobody") The
> connectiosn seems to be up, no errro in the logs but all is referring to
> that user "nobody". I even have added "nobody" to the
smbpasswd (but as you
> can guess this did not help either).
>
> Also I get the well known message "session setup failed:
> NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE"
>
> Cut from SWAT (Status page):
>
> ------------8<--------------
>
> Active Connections
> PID  Client  IP address
> --------------------------------------
> 4654 win2k1  192.168.xx.xx .....
>
> Active Shares
> Share User   Group  PID  Client  Date
> --------------------------------------
> IPC$  nobody nobody 4654 win2k1  .....
>
> ------------8<---------------
>
>
>
> Do you have an other idea?
>
> Thank you
> 	Markus
>
>
>
>
>
> "John H Terpstra" <jht@samba.org> schrieb im Newsbeitrag
> news:<20030402162023$4954@gated-at.bofh.it>...
> > On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
> >
> > > Dear Eric,
> > >
> > > thanks for your answer. I have non of the items you defined in
the
> global
> > > section. There is also no error in the log file. So I'm realy
at the end
> of
> > > my "know-how"  (if any ...)
> > >
> > > My global section is:
> > > ---------8<---------
> > > [global]
> > >         workgroup = TEST
> > >         netbios aliases = TEST
> >
> > The above will kill your server! You can NOT have the workgroup name
and a
> > machine name that are the same.
> >
> > - John T.
> >
> > >         encrypt passwords = Yes
> > >         log level = 3
> > >         log file = /data/samba/log/samba.log.%m
> > >         max log size = 100
> > >         max xmit = 17384
> > >         domain admin group = @root
> > >         logon script = logon.bat %U %G %L
> > >         logon path = \\sambasrv\profiles\%U
> > >         logon home = /data/samba/data/users/%U
> > >         domain logons = Yes
> > >         os level = 34
> > >         preferred master = True
> > >         domain master = True
> > >         map system = Yes
> > >         map hidden = Yes
> > > ---------8<---------
> > >
> > > Thanks, any other hint is very welcome
> > >
> > > Markus
> > >
> > >
> > >
> > > > -----Urspr?ngliche Nachricht-----
> > > > Von: Eric Halverson [mailto:ehalverson@dchs.us]
> > > > Gesendet: Mittwoch, 02. April 2003 18:48
> > > > An: Markus PISTAUER (CISC)
> > > > Cc: Samba List
> > > > Betreff: Re: [Samba] Login from win2k client to samba PDC
> > > >
> > > >
> > > > Do you have either of the following defined in your global
section:
> > > >
> > > > write list
> > > > valid users
> > > >
> > > > also look in your log files for that machine to see if
you're getting
> an
> > > > error about invalid user nobody.  I was getting the same
error because
> I
> > > > defined those variables in the global section, which of
course made
> the
> > > > user nobody invalid as well as whoever else was undefined
(including
> the
> > > > machine account).
> > > >
> > > > On Wed, 2003-04-02 at 02:58, Markus PISTAUER (CISC) wrote:
> > > > > I have joined my win2k client machines (win2k
professional or win2k
> > > > > professional server) to my PDC. This worked fine and I
did all
> > > > recommended
> > > > > as e.g. in the HOWTO
> > > > >
http://hr.uoregon.edu/davidrl/samba/samba-pdc.html#joining.
> > > > >
> > > > > So far I can also login localy to the win2k client
machines
> > > > using a local
> > > > > account and connect a network drive from the PDC using
a valid
> > > > account on
> > > > > the PDC (as given in the "smbpasswd" file)
> > > > >
> > > > > I have done all major steps:
> > > > >
> > > > > passwd file:
> > > > > 	added users and machine accounts (as user
<machine>$)
> > > > > smbpasswd file:
> > > > > 	added users with 'smbpasswd -a <user>'
> > > > > 	added machines with 'smbpasswd -a <machine>
> > > > > 	added user 'root' to smbpasswd
> > > > > smb.conf:
> > > > > 	all the necessary settings done (I can post the
smb.conf if
> > > > requested)
> > > > >
> > > > >
> > > > > The problem:
> > > > > ------------
> > > > > If I try to login on the domain using the win2k client
machine
> > > > (selecting
> > > > > the domain instead of the local machine name the login
window) I
> cannot
> > > > > connect to the domain and get the error message:
> > > > >    The system cannot log you on to this domain because
the system's
> > > > >    computer account in its primary domain is missing or
the password
> on
> > > > >    that account is incorrect
> > > > >
> > > > >
> > > > > My environments settings:
> > > > > -------------------------
> > > > > I'm using Samba 2.2.5 (release 160), win2k prof
with SP3 or no
> > > > SP, classic
> > > > > authentication on the PDC. Linux Kernel is 2.4.19
(Build 174).
> > > > > I have also tried 2.2.8 with same failure.
> > > > >
> > > > > Any help would be VERY appreciated.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Markus Pistauer
> > > > > mailto:m.pistauer@cisc.at
> > > > >
> > > > >
> > >
> > >
> >
> > --
> > John H Terpstra
> > Email: jht@samba.org
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
John H Terpstra
Email: jht@samba.org

Yes, I have set allready the value to zero ....

I have now (as proposed) deleted my old log file and tried to login to the
domain using the win2k client (which is a win2k server with SP3) Don't
wonder about time stamps (I have seen that the time has to be adjusted ...)

For test reasons I have renamed the domain to "PIST" (here is the
global
section and the log file), joined the client again (now to domain
"PIST").
The login-try I did was with a user name in the smbpasswd (but not
"nobody"
what shows up allways) Also the protocol negociation seems to be OK, the
domain name (PIST) seems to be missing/empty when passing the info from the
client to the samba server.

Client:
	name: win2k1
	IP: 192.168.xx.y


---------------------8<---------- log file -------------------------

[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 1 of length 137
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBnegprot (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
  Requested protocol [LANMAN1.0]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
  Requested protocol [Windows for Workgroups 3.1a]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
  Requested protocol [LM1.2X002]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
  Requested protocol [LANMAN2.1]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(342)
  Requested protocol [NT LM 0.12]
[2002/01/05 19:45:49, 3] smbd/negprot.c:reply_negprot(426)
  Selected protocol NT LM 0.12
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 2 of length 137
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBsesssetupX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/reply.c:reply_sesssetup_and_X(858)
  Domain=[]  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
[2002/01/05 19:45:49, 3] smbd/reply.c:reply_sesssetup_and_X(868)
  sesssetupX:name=[]
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:push_sec_ctx(297)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/uid.c:push_conn_ctx(286)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
  get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
  get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] smbd/password.c:register_vuid(336)
  uid 65534 registered to name nobody
[2002/01/05 19:45:49, 3] smbd/password.c:register_vuid(338)
  Clearing default real name
[2002/01/05 19:45:49, 3] smbd/password.c:register_vuid(340)
  User name: nobody	Real name: nobody
[2002/01/05 19:45:49, 3] smbd/process.c:chain_reply(1023)
  Chained message
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBtconX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/password.c:authorise_login(855)
  authorise_login: ACCEPTED: guest account and guest ok (nobody)
[2002/01/05 19:45:49, 3] smbd/service.c:make_connection(491)
  Connect path is /var/tmp
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:push_sec_ctx(297)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/uid.c:push_conn_ctx(286)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
  get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:get_current_groups(172)
  get_current_groups: user is in 2 groups: 65533, 65534
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(269)
  se_access_check: user sid is
S-1-5-21-4082881408-3458373132-3265765068-132068
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
  se_access_check: also S-1-5-21-4082881408-3458373132-3265765068-132067
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
  se_access_check: also S-1-5-21-4082881408-3458373132-3265765068-132069
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
  se_access_check: also S-1-1-0
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
  se_access_check: also S-1-5-2
[2002/01/05 19:45:49, 3] lib/util_seaccess.c:se_access_check(273)
  se_access_check: also S-1-5-32-546
[2002/01/05 19:45:49, 3] smbd/vfs.c:vfs_init_default(122)
  Initialising default vfs hooks
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(334)
  2 user groups:
  65533 65534
[2002/01/05 19:45:49, 3] smbd/vfs.c:vfs_ChDir(569)
  vfs_ChDir to /var/tmp
[2002/01/05 19:45:49, 3] smbd/service.c:make_connection(640)
  win2k1 (192.168.xx.y) connect to service IPC$ as user nobody (uid=65534,
gid=65533) (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/reply.c:reply_tcon_and_X(396)
  tconX service=ipc$ user=nobody
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 3 of length 97
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBntcreateX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(334)
  2 user groups:
  65533 65534
[2002/01/05 19:45:49, 3] smbd/nttrans.c:nt_open_pipe(559)
  nt_open_pipe: Known pipe NETLOGON opening.
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 4 of length 152
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBtrans (pid 5412)
[2002/01/05 19:45:49, 3] smbd/ipc.c:reply_trans(520)
  trans <\PIPE\> data=72 params=0 setup=2
[2002/01/05 19:45:49, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2002/01/05 19:45:49, 3] smbd/ipc.c:api_fd_reply(296)
  Got API command 0x26 on pipe "NETLOGON" (pnum
74f9)api_pipe_bind_req:
\PIPE\NETLOGON -> \PIPE\lsass
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 5 of length 164
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBwriteX (pid 5412)
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
  free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_pipe_request(1148)
  Doing \PIPE\NETLOGON
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_rpcTNP(1180)
  api_rpcTNP: pipe 29945 rpc command: NET_REQCHAL
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:push_sec_ctx(297)
  push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/uid.c:push_conn_ctx(286)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/01/05 19:45:49, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
  pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
  free_pipe_context: destroying talloc pool of size 36
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
  writeX-IPC pnum=74f9 nwritten=96
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 6 of length 63
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBreadX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
  readX-IPC pnum=74f9 min=1024 max=1024 nread=36
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 7 of length 200
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBwriteX (pid 5412)
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
  free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_pipe_request(1148)
  Doing \PIPE\NETLOGON
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
  free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
  writeX-IPC pnum=74f9 nwritten=132
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 8 of length 63
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBreadX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
  readX-IPC pnum=74f9 min=1024 max=1024 nread=32
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 9 of length 200
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBwriteX (pid 5412)
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
  free_pipe_context: destroying talloc pool of size 0
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_pipe_request(1148)
  Doing \PIPE\NETLOGON
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe.c:api_rpcTNP(1180)
  api_rpcTNP: pipe 29945 rpc command: NET_AUTH2
[2002/01/05 19:45:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(448)
  free_pipe_context: destroying talloc pool of size 54
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_write_and_X(198)
  writeX-IPC pnum=74f9 nwritten=132
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 10 of length 63
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBreadX (pid 5412)
[2002/01/05 19:45:49, 3] smbd/pipes.c:reply_pipe_read_and_X(239)
  readX-IPC pnum=74f9 min=1024 max=1024 nread=40
[2002/01/05 19:45:49, 3] smbd/process.c:process_smb(878)
  Transaction 11 of length 45
[2002/01/05 19:45:49, 3] smbd/process.c:switch_message(685)
  switch message SMBclose (pid 5412)
[2002/01/05 19:46:00, 3] smbd/process.c:process_smb(878)
  Transaction 12 of length 39
[2002/01/05 19:46:00, 3] smbd/process.c:switch_message(685)
  switch message SMBtdis (pid 5412)
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/service.c:close_cnum(681)
  win2k1 (192.168.xx.y) closed connection to service IPC$
[2002/01/05 19:46:00, 3] smbd/connection.c:yield_connection(48)
  Yielding connection to IPC$
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/vfs.c:vfs_ChDir(569)
  vfs_ChDir to /
[2002/01/05 19:46:00, 3] smbd/process.c:process_smb(878)
  Transaction 13 of length 43
[2002/01/05 19:46:00, 3] smbd/process.c:switch_message(685)
  switch message SMBulogoffX (pid 5412)
[2002/01/05 19:46:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/05 19:46:00, 3] smbd/reply.c:reply_ulogoffX(1779)
  ulogoffX vuid=100
[2002/01/05 19:47:00, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

---------------------8<---------- log file end ---------------------





---------------------8<----------- smb.conf ------------------------
[global]
        workgroup = PIST
        encrypt passwords = Yes
        log level = 3
        log file = /data/samba/log/samba.log.%m
        max log size = 100
        max xmit = 17384
        domain admin group = @root
        logon script = logon.bat %U %G %L
        logon path = \\sambasrv\profiles\%U
        logon home = /data/samba/data/users/%U
        domain logons = Yes
        os level = 34
        preferred master = True
        domain master = True
        map system = Yes
        map hidden = Yes
--------------------8<----------------------------------------------









"John H Terpstra" <jht@samba.org> schrieb im Newsbeitrag
news:<20030402174026$3f9f@gated-at.bofh.it>...
> Markus,
>
> Have you disabled sign-or-seal on your workstation? You will need to check
> the security settings on your Win2K SP3 client to make sure that
> "RequiresSignOrSeal is turned off.
>
> Failing that, you will need to collect the samba log file as you try to
> log onto the workstation so we can see what is going on.
>
> - John T.
>
> On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
>
> > John,
> >
> > thanks for that hint. It did not kill the server by you are perfectly
right.
> > I changed this and restarted the "smb" and "nmb"
deamons - unfortunately
> > with the same result.
> >
> > When I watch e.g. the status with "swat" I see as follows
after trying
with:
> >
> > smbclient -U <user> -L win2k1
> >
> > (what is strange since I connect as different user and not
"nobody") The
> > connectiosn seems to be up, no errro in the logs but all is referring
to
> > that user "nobody". I even have added "nobody" to
the smbpasswd (but as
you
> > can guess this did not help either).
> >
> > Also I get the well known message "session setup failed:
> > NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE"
> >
> > Cut from SWAT (Status page):
> >
> > ------------8<--------------
> >
> > Active Connections
> > PID  Client  IP address
> > --------------------------------------
> > 4654 win2k1  192.168.xx.xx .....
> >
> > Active Shares
> > Share User   Group  PID  Client  Date
> > --------------------------------------
> > IPC$  nobody nobody 4654 win2k1  .....
> >
> > ------------8<---------------
> >
> >
> >
> > Do you have an other idea?
> >
> > Thank you
> > 	Markus
> >
> >
> >
> >
> >
> > "John H Terpstra" <jht@samba.org> schrieb im
Newsbeitrag
> > news:<20030402162023$4954@gated-at.bofh.it>...
> > > On Wed, 2 Apr 2003, Markus PISTAUER (CISC) wrote:
> > >
> > > > Dear Eric,
> > > >
> > > > thanks for your answer. I have non of the items you defined
in the
> > global
> > > > section. There is also no error in the log file. So I'm
realy at the
end
> > of
> > > > my "know-how"  (if any ...)
> > > >
> > > > My global section is:
> > > > ---------8<---------
> > > > [global]
> > > >         workgroup = TEST
> > > >         netbios aliases = TEST
> > >
> > > The above will kill your server! You can NOT have the workgroup
name
and a
> > > machine name that are the same.
> > >
> > > - John T.
> > >
> > > >         encrypt passwords = Yes
> > > >         log level = 3
> > > >         log file = /data/samba/log/samba.log.%m
> > > >         max log size = 100
> > > >         max xmit = 17384
> > > >         domain admin group = @root
> > > >         logon script = logon.bat %U %G %L
> > > >         logon path = \\sambasrv\profiles\%U
> > > >         logon home = /data/samba/data/users/%U
> > > >         domain logons = Yes
> > > >         os level = 34
> > > >         preferred master = True
> > > >         domain master = True
> > > >         map system = Yes
> > > >         map hidden = Yes
> > > > ---------8<---------
> > > >
> > > > Thanks, any other hint is very welcome
> > > >
> > > > Markus
> > > >
> > > >
> > > >
> > > > > -----Urspr?ngliche Nachricht-----
> > > > > Von: Eric Halverson [mailto:ehalverson@dchs.us]
> > > > > Gesendet: Mittwoch, 02. April 2003 18:48
> > > > > An: Markus PISTAUER (CISC)
> > > > > Cc: Samba List
> > > > > Betreff: Re: [Samba] Login from win2k client to samba
PDC
> > > > >
> > > > >
> > > > > Do you have either of the following defined in your
global
section:
> > > > >
> > > > > write list
> > > > > valid users
> > > > >
> > > > > also look in your log files for that machine to see if
you're
getting
> > an
> > > > > error about invalid user nobody.  I was getting the
same error
because
> > I
> > > > > defined those variables in the global section, which of
course
made
> > the
> > > > > user nobody invalid as well as whoever else was
undefined
(including
> > the
> > > > > machine account).
> > > > >
> > > > > On Wed, 2003-04-02 at 02:58, Markus PISTAUER (CISC)
wrote:
> > > > > > I have joined my win2k client machines (win2k
professional or
win2k
> > > > > > professional server) to my PDC. This worked fine
and I did all
> > > > > recommended
> > > > > > as e.g. in the HOWTO
> > > > > >
http://hr.uoregon.edu/davidrl/samba/samba-pdc.html#joining.
> > > > > >
> > > > > > So far I can also login localy to the win2k client
machines
> > > > > using a local
> > > > > > account and connect a network drive from the PDC
using a valid
> > > > > account on
> > > > > > the PDC (as given in the "smbpasswd"
file)
> > > > > >
> > > > > > I have done all major steps:
> > > > > >
> > > > > > passwd file:
> > > > > > 	added users and machine accounts (as user
<machine>$)
> > > > > > smbpasswd file:
> > > > > > 	added users with 'smbpasswd -a
<user>'
> > > > > > 	added machines with 'smbpasswd -a
<machine>
> > > > > > 	added user 'root' to smbpasswd
> > > > > > smb.conf:
> > > > > > 	all the necessary settings done (I can post the
smb.conf if
> > > > > requested)
> > > > > >
> > > > > >
> > > > > > The problem:
> > > > > > ------------
> > > > > > If I try to login on the domain using the win2k
client machine
> > > > > (selecting
> > > > > > the domain instead of the local machine name the
login window) I
> > cannot
> > > > > > connect to the domain and get the error message:
> > > > > >    The system cannot log you on to this domain
because the
system's
> > > > > >    computer account in its primary domain is
missing or the
password
> > on
> > > > > >    that account is incorrect
> > > > > >
> > > > > >
> > > > > > My environments settings:
> > > > > > -------------------------
> > > > > > I'm using Samba 2.2.5 (release 160), win2k
prof with SP3 or no
> > > > > SP, classic
> > > > > > authentication on the PDC. Linux Kernel is 2.4.19
(Build 174).
> > > > > > I have also tried 2.2.8 with same failure.
> > > > > >
> > > > > > Any help would be VERY appreciated.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Markus Pistauer
> > > > > > mailto:m.pistauer@cisc.at
> > > > > >
> > > > > >
> > > >
> > > >
> > >
> > > --
> > > John H Terpstra
> > > Email: jht@samba.org
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> John H Terpstra
> Email: jht@samba.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba