Hello,
I am trying to migrate an NT domain from an NT PDC to a samba3.0 PDC
without disrupting users or requiring them to change passwords, etc. The
complication is that there are NT fileservers in the domain already, so
it's important that the users be transferred to the samba machine with
SID's and RID's intact (so they can access these shares with the same
permissions). Anyway, as a first step I compiled samba3.0rc1 and have it
configured as a simple domain member in a test domain. I set up a NT4
PDC and an some NT domain fileservers (actually a Win2k and an XP
machine) with some shares in the test domain. The NT machines are all
functioning properly in the domain (i.e., access to shares and logon to
domain all run smoothly). I then joined the samba machine to the domain,
and now I can browse and use shares on the PDC just fine. However, when
I try to access or browse the NT fileservers I get
NT_STATUS_LOGON_FAILURE. What gives? Here is an example (the samba
machine is RUSTBUCKET, PDC is GROUPER, servers are XPCL and WIN2KCLIENT,
domain is TNG-PDC-TEST1):
[root@rustbucket linux-2.4]# smbclient -N -L grouper
Anonymous login successful
Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Anonymous login successful
Server Comment
--------- -------
GROUPER
RUSTBUCKET Samba 3.0.0rc1
WIN2KCLIENT
XPCL
Workgroup Master
--------- -------
TNG-PDC-TEST1 GROUPER
and then:
[root@rustbucket linux-2.4]# smbclient //grouper/ibmtools -U Administrator
Password:
smb: \>
So far so good. But...
[root@rustbucket linux-2.4]# smbclient -N -L win2kclient
session setup failed: ERRSRV - ERRbaduid
[root@rustbucket linux-2.4]# smbclient -L win2kclient -U Administrator
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
and also:
[root@rustbucket linux-2.4]# smbclient //win2kclient/tng-share -U
Administrator
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
These shares are accessible from the windows machines in the domain just
fine. This is my very simple smb.conf file (trying not to get fancy just
yet):
[global]
netbios name = RUSTBUCKET
workgroup = TNG-PDC-TEST1
domain master = no
domain logons = no
security = domain
encrypt passwords = yes
I am a little new to this, and will appreciate greatly any help you may
be able to provide, or any tips as to what I'm doing wrong here. Thanks!
-Micha-
Thanks for your response! I am a little confused, now, though ;). On Thursday 21 August 2003 06:22, you wrote:> sounds like the samba box hasn't joined or isn't referring password > requests to the pdc.I made sure that the samba machine was joined to the domain, and 'net rpc testjoin' says A-OK... [root@rustbucket root]# net rpc testjoin Join to 'TNG-PDC-TEST1' is OK Also, I can see the samba machine in the browse lists from the windows machines, and I can mount samba shares from the windows machines. However, I was only trying to use smbclient to access shares which are on the windows fileserver. I wouldn't think that the samba machine would be referring password requests when it's just a client and not acting as a server-- the fileserver it was connecting to should do that (?)> have you tried increasing the debug level and > viewing the logs?I only have access to detailed logs on the samba machine, meaning that I only have the smbclient logs. I don't know of a way to get detailed logs on the windows fileserver. Is there such a thing as "increasing the debug level" on a windows server? The client logs don't show anything interesting, just authentication failed.> Also I can't see a... > password server = * > line in your smb.conf. I assume this is still required in samba 3 ?I put an appropriate line in the smb.conf file but to no avail.> Richard Coates. > > On Thu, 2003-08-21 at 01:52, Micha Niskin wrote: > > Hello, > > > > I am trying to migrate an NT domain from an NT PDC to a samba3.0 PDC > > without disrupting users or requiring them to change passwords, etc. The > > complication is that there are NT fileservers in the domain already, so > > it's important that the users be transferred to the samba machine with > > SID's and RID's intact (so they can access these shares with the same > > permissions). Anyway, as a first step I compiled samba3.0rc1 and have it > > configured as a simple domain member in a test domain. I set up a NT4 > > PDC and an some NT domain fileservers (actually a Win2k and an XP > > machine) with some shares in the test domain. The NT machines are all > > functioning properly in the domain (i.e., access to shares and logon to > > domain all run smoothly). I then joined the samba machine to the domain, > > and now I can browse and use shares on the PDC just fine. However, when > > I try to access or browse the NT fileservers I get > > NT_STATUS_LOGON_FAILURE. What gives? Here is an example (the samba > > machine is RUSTBUCKET, PDC is GROUPER, servers are XPCL and WIN2KCLIENT, > > domain is TNG-PDC-TEST1): > > > > > > > > [root@rustbucket linux-2.4]# smbclient -N -L grouper > > Anonymous login successful > > > > Sharename Type Comment > > --------- ---- ------- > > Error returning browse list: NT_STATUS_ACCESS_DENIED > > Anonymous login successful > > > > Server Comment > > --------- ------- > > GROUPER > > RUSTBUCKET Samba 3.0.0rc1 > > WIN2KCLIENT > > XPCL > > > > Workgroup Master > > --------- ------- > > TNG-PDC-TEST1 GROUPER > > > > > > > > and then: > > > > > > > > [root@rustbucket linux-2.4]# smbclient //grouper/ibmtools -U > > Administrator Password: > > smb: \> > > > > > > > > So far so good. But... > > > > > > > > [root@rustbucket linux-2.4]# smbclient -N -L win2kclient > > session setup failed: ERRSRV - ERRbaduid > > [root@rustbucket linux-2.4]# smbclient -L win2kclient -U Administrator > > Password: > > session setup failed: NT_STATUS_LOGON_FAILURE > > > > > > > > and also: > > > > > > > > [root@rustbucket linux-2.4]# smbclient //win2kclient/tng-share -U > > Administrator > > Password: > > session setup failed: NT_STATUS_LOGON_FAILURE > > > > > > > > These shares are accessible from the windows machines in the domain just > > fine. This is my very simple smb.conf file (trying not to get fancy just > > yet): > > > > > > > > [global] > > netbios name = RUSTBUCKET > > workgroup = TNG-PDC-TEST1 > > domain master = no > > domain logons = no > > security = domain > > encrypt passwords = yes > > > > > > > > I am a little new to this, and will appreciate greatly any help you may > > be able to provide, or any tips as to what I'm doing wrong here. Thanks! > > > > -Micha--- Regards, Micha D. Niskin <mniskin@yahoo.com>
Gerald (Jerry) Carter
2003-Aug-29 16:59 UTC
[Samba] samba-3.0rc1 Can access PDC but not others
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 20 Aug 2003, Micha Niskin wrote:> [root@rustbucket linux-2.4]# smbclient -N -L win2kclient > session setup failed: ERRSRV - ERRbaduid > [root@rustbucket linux-2.4]# smbclient -L win2kclient -U Administrator > Password: > session setup failed: NT_STATUS_LOGON_FAILURETry setting "client ntlmv2 auth = no" and see if this corrects your problem. We've got a few things to straighten out with the NTLMv2 code before RC3. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/T4Z5IR7qMdg1EfYRAqJ2AJwMLk1m2VGO9j81rWArrnTRwV9dCQCgxrzt lK6pWjV8vAoHK5Oy0AwT6HA=GO4A -----END PGP SIGNATURE-----