Hi,
I have some troubles to log in from a W2k station to a samba configure as
PDC with LDAP as backend.
Join the domain is OK
browse from explorer and auth is ok
I attached the end of log.0i427 (machine) and the smb.conf file
Thanks
Fabien
--
Fabien VALLON - fabien.vallon@fr.alcove.com
GNUstep - http://www.gnustep.org -
-------------- next part --------------
[2003/11/17 18:49:09, 3] smbd/process.c:process_smb(890)
Transaction 31 of length 388
[2003/11/17 18:49:09, 3] smbd/process.c:switch_message(685)
switch message SMBwriteX (pid 1247)
[2003/11/17 18:49:09, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 0
[2003/11/17 18:49:09, 3] rpc_server/srv_pipe.c:api_rpcTNP(1503)
api_rpcTNP: rpc command: NET_SAMLOGON
[2003/11/17 18:49:09, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(570)
SAM Logon (Interactive). Domain:[TV5PARIS]. User:[winadm@I0427] Requested
Domain:[TV5PARIS]
[2003/11/17 18:49:09, 5] auth/auth.c:make_auth_context_subsystem(463)
Making default auth method list for DC, security=user, encrypt passwords = yes
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(370)
load_auth_module: Attempting to find an auth method to match guest
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(395)
load_auth_module: auth method guest has a valid init
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(370)
load_auth_module: Attempting to find an auth method to match sam
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(395)
load_auth_module: auth method sam has a valid init
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(370)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(370)
load_auth_module: Attempting to find an auth method to match trustdomain
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(395)
load_auth_module: auth method trustdomain has a valid init
[2003/11/17 18:49:09, 5] auth/auth.c:load_auth_module(395)
load_auth_module: auth method winbind has a valid init
[2003/11/17 18:49:09, 5] auth/auth.c:get_ntlm_challenge(93)
auth_get_challenge: module guest did not want to specify a challenge
[2003/11/17 18:49:09, 5] auth/auth.c:get_ntlm_challenge(93)
auth_get_challenge: module sam did not want to specify a challenge
[2003/11/17 18:49:09, 5] auth/auth.c:get_ntlm_challenge(93)
auth_get_challenge: module winbind did not want to specify a challenge
[2003/11/17 18:49:09, 5] auth/auth.c:get_ntlm_challenge(132)
auth_context challenge created by random
[2003/11/17 18:49:09, 5] auth/auth.c:get_ntlm_challenge(133)
challenge is:
[2003/11/17 18:49:09, 5] auth/auth_util.c:make_user_info_map(216)
make_user_info_map: Mapping user [TV5PARIS]\[winadm] from workstation [I0427]
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(299)
secrets_fetch failed!
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for winadm (winadm)
[2003/11/17 18:49:09, 5] auth/auth_util.c:make_user_info(142)
making strings for winadm's user_info struct
[2003/11/17 18:49:09, 5] auth/auth_util.c:make_user_info(184)
making blobs for winadm's user_info struct
[2003/11/17 18:49:09, 10] auth/auth_util.c:make_user_info(193)
made an encrypted user_info for winadm (winadm)
[2003/11/17 18:49:09, 3] auth/auth.c:check_ntlm_password(216)
check_ntlm_password: Checking password for unmapped user
[TV5PARIS]\[winadm]@[I0427] with the new password interface
[2003/11/17 18:49:09, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: mapped user is: [TV5PARIS]\[winadm]@[I0427]
[2003/11/17 18:49:09, 10] auth/auth.c:check_ntlm_password(228)
check_ntlm_password: auth_context challenge created by random
[2003/11/17 18:49:09, 10] auth/auth.c:check_ntlm_password(230)
challenge is:
[2003/11/17 18:49:09, 10] auth/auth.c:check_ntlm_password(256)
check_ntlm_password: guest had nothing to say
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 2] lib/smbldap.c:smbldap_search_suffix(1067)
smbldap_search_suffix: searching
for:[(&(uid=winadm)(objectclass=sambaSamAccount))]
[2003/11/17 18:49:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
init_sam_from_ldap: Entry found for user: winadm
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 4] auth/auth_sam.c:sam_password_ok(224)
sam_password_ok: Checking NT MD4 password
[2003/11/17 18:49:09, 4] auth/auth_sam.c:sam_account_ok(325)
sam_account_ok: Checking SMB password for user winadm
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 1002
Primary group is 1001 and contains 2 supplementary groups
Group[ 0]: 1001
Group[ 1]: 1001
[2003/11/17 18:49:09, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)
fetch sid from gid cache 1001 ->
S-1-5-21-703409124-3890623328-648795408-512
[2003/11/17 18:49:09, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)
fetch sid from gid cache 1001 ->
S-1-5-21-703409124-3890623328-648795408-512
[2003/11/17 18:49:09, 10] auth/auth_util.c:debug_nt_user_token(491)
NT user token of user S-1-5-21-703409124-3890623328-648795408-1002
contains 5 SIDs
SID[ 0]: S-1-5-21-703409124-3890623328-648795408-1002
SID[ 1]: S-1-5-21-703409124-3890623328-648795408-512
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
[2003/11/17 18:49:09, 5] auth/auth_util.c:make_server_info_sam(841)
make_server_info_sam: made server info for user winadm -> winadm
[2003/11/17 18:49:09, 3] auth/auth.c:check_ntlm_password(265)
check_ntlm_password: sam authentication for user [winadm] succeeded
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/11/17 18:49:09, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0
[2003/11/17 18:49:09, 5] auth/auth.c:check_ntlm_password(289)
check_ntlm_password: PAM Account for user [winadm] succeeded
[2003/11/17 18:49:09, 2] auth/auth.c:check_ntlm_password(302)
check_ntlm_password: authentication for user [winadm] -> [winadm] ->
[winadm] succeeded
[2003/11/17 18:49:09, 5] auth/auth_util.c:free_user_info(1226)
attempting to free (and zero) a user_info structure
[2003/11/17 18:49:09, 10] auth/auth_util.c:free_user_info(1229)
structure was created for winadm
[2003/11/17 18:49:09, 5] auth/auth_util.c:free_server_info(1251)
attempting to free (and zero) a server_info structure
[2003/11/17 18:49:09, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 4790
[2003/11/17 18:49:09, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
writeX-IPC pnum=7536 nwritten=320
[2003/11/17 18:49:09, 3] smbd/process.c:process_smb(890)
Transaction 32 of length 63
[2003/11/17 18:49:09, 3] smbd/process.c:switch_message(685)
switch message SMBreadX (pid 1247)
[2003/11/17 18:49:09, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
readX-IPC pnum=7536 min=1024 max=1024 nread=632
-------------- next part --------------
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba HOWTO Collection.
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings
====================================[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = TV5PARIS
# server string is the equivalent of the NT Description field
server string = Serveur de fichier GNU/Linux
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the HOWTO Collection for details.
security = user
log level = 3 passdb:5 auth:10 winbind:2
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = no
# you may wish to override the location of the printcap file
; printcap name = /etc/printcap
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
; printing = cups
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
; realm = MY_REALM
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
passdb backend = ldapsam:ldap://ldap
ldap admin dn = "cn=admin, dc=tv5paris, dc=org"
ldap ssl = off
ldap delete dn = no
ldap suffix = dc=tv5paris,dc=org
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
admin users = @winadm
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
# this line. The included file is read at that point.
; include = /usr/local/samba/lib/smb.conf.%m
# Most people will find that this option gives better performance.
# See the chapter 'Samba performance issues' in the Samba HOWTO
Collection
# and the manual pages for details.
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 99
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
# logon path = \\%L\Profile
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
dns proxy = no
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null
-s /bin/false %u
; delete user script = /usr/sbin/userdle %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions
=============================[homes]
comment = Home Directories
path = /usr/local/samba/homes
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
guest ok = yes
writable = no
share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
#[Profiles]
# path = /usr/local/samba/profiles
# browseable = no
# guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
;[printers]
; comment = All Printers
; path = /usr/spool/samba
; browseable = no
# Set public = yes to allow user 'guest account' to print
; guest ok = no
; writable = no
; printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in
fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
