Hi,
I'm back on the list ;-)
I seem to be having some trouble getting W2K machines to join the domain in
3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks like
the account gets created in LDAP and then it has trouble setting the password
appropriately. I believe this is the relevant part of the log:
api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_q_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0000 data1: 00000000
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0004 data2: 00000008
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
0008 data3: 0000
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
000a data4: 0000
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
000c data5: 71 e1 dd 3f 61 70 00 00
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
0014 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606)
0016 switch_value: 0018
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d 53 90
21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e a6 85 eb
7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 34 63 37
dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da b7 83 be
6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e 25 8d 91
42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 1f a8 71
22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 0b cb da
09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 b9 5c 02
73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac a9 5a 43
ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc 49 ad 12
73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac 98 28 21
e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 02 e9 03
ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 4b b1 a3
19 8b 08 2 +>
4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 c4 36 bd
d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 b0 b6 c7
2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 83 d7 87
95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 db d9 34
09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba a7 49 66
90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa a2 24 cc
70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 21 62 7a
a2 18 f9
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937)
_samr_set_userinfo: 2937
[2003/12/15 11:29:37, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 E1 DD 3F
........ ....q??
[010] 61 70 00 00 ap..
[2003/12/15 11:29:37, 5]
rpc_server/srv_samr_nt.c:access_check_samr_function(105)
_samr_set_userinfo: access check ((granted: 0x000000b0; required:
0x00000024)
[2003/12/15 11:29:37, 4]
rpc_server/srv_samr_nt.c:access_check_samr_function(109)
_samr_set_userinfo: ACCESS should be DENIED (granted: 0x000000b0; required:
0x00000024)
but overwritten by euid == 0
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950)
_samr_set_userinfo: sid:S-1-5-21-2656636599-2098491866-229994164-3044,
level:24
[2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068)
smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-2656636599-2098491866-229994164-3044)(objectclass=sambaSamAccount))]
[2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
init_sam_from_ldap: Entry found for user: gt1$
[2003/12/15 11:29:37, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(2877)
Attempting administrator password change for user gt1$
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
decode_pw_buffer: incorrect password length (-2128390977).
[2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
decode_pw_buffer: check that 'encrypt passwords = yes'
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_set_userinfo
[2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
0000 status: NT_STATUS_ACCESS_DENIED
[2003/12/15 11:29:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
api_rpcTNP: called samr successfully
In particular, I find the decode_pw_buffer warnings to be troubling (there are
no passwords in the LDAP entry at this point). Perhaps an initialized
variable? Any help would be most appreciated.
regards,
Greg
--
Greg Dickie
just a guy
Maximum Throughput
You are not the only one have this problem, the samba team is working =20 to fix this. I had the same problem, downgraded to 3.0.1pre3 and it works. Charles Hamel On 03-12-15, at 11:48, Greg Dickie wrote:> > > Hi, > > I'm back on the list ;-) > I seem to be having some trouble getting W2K machines to join the =20 > domain in > 3.0.1rc2. I haven't looked at this in detail since 2.2.8a but it looks =20 > like > the account gets created in LDAP and then it has trouble setting the =20 > password > appropriately. I believe this is the relevant part of the log: > > api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_set_userinfo > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000008 > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 71 e1 dd 3f 61 70 00 00 > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 switch_value: 0018 > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 switch_value: 0018 > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 password: 2d 71 6b 2a f1 b4 66 69 84 2b 0c ec 88 4d =20 > 53 90 > 21 b8 a9 99 47 86 d2 81 67 6b a3 ac 11 3d 30 31 e6 5d 54 4e ae c1 7e =20 > a6 85 eb > 7f 9c 33 be 4e 62 60 5c f4 9b aa b3 87 fa 03 cc b7 be 0d ab 1c 62 07 =20 > 34 63 37 > dc 27 3b f7 d8 69 70 b6 b3 18 dd e6 aa ec 8a 53 98 9a a9 2d 93 f8 da =20 > b7 83 be > 6d 5f ed e0 bc fd c0 d7 6f 9e 6c 5b d5 2b 94 86 52 f2 4a ce c0 54 3e =20 > 25 8d 91 > 42 0d 08 a4 9f 8c 3b 05 2f bd 60 c2 eb 57 c6 8d 0b 43 aa 48 49 32 30 =20 > 1f a8 71 > 22 b7 e7 5e 73 c5 d2 8b 33 9b b3 e4 64 b9 18 9f 22 86 f2 d7 78 bc 37 =20 > 0b cb da > 09 b2 88 42 0a 5e 91 8c 3d eb 1f fb 97 06 54 f6 04 92 40 d4 8a b0 34 =20 > b9 5c 02 > 73 e0 34 95 b0 e2 dd 57 44 30 45 6b 10 ca a0 19 40 9c 26 f5 ad 15 ac =20 > a9 5a 43 > ca 9b 7e cb 30 de fe 77 24 13 ea 75 ea c3 c2 46 de c7 be 2a dd 68 dc =20 > 49 ad 12 > 73 94 98 cd 8a 3d f5 e4 dd 07 d3 0f 8a 7f ce 95 d4 2c 0f 64 4c 51 ac =20 > 98 28 21 > e7 0d 7e 4a ea 5b 72 d7 e7 e8 a6 9b ec fb b7 56 b6 7e 09 fe 0c 47 a5 =20 > 02 e9 03 > ec bb 99 b3 6c 96 92 d9 12 f7 71 d0 6b c9 44 87 5a 45 44 c3 7b d6 e2 =20 > 4b b1 a3 > 19 8b 08 2 +> > 4 4d b0 91 e0 1a 37 37 30 59 5e e3 5b d9 a0 c2 89 da 5a d5 23 a9 37 =20 > c4 36 bd > d0 72 29 45 c1 ee 12 88 bf 30 89 32 de 20 9e 61 fc 81 7e 27 4f 2a a3 =20 > b0 b6 c7 > 2d 5f e3 43 45 3f 57 f6 a2 31 56 32 cf eb e0 dd 5d 8a bd 4e ce 64 d1 =20 > 83 d7 87 > 95 53 d0 ef e0 18 7d ed c9 c4 d3 1c 48 6c b5 17 dc 69 27 2c 1c b5 b7 =20 > db d9 34 > 09 21 c0 d4 98 1e fe 9f 0f 67 f3 ca f6 52 13 d8 27 e8 52 99 20 e0 ba =20 > a7 49 66 > 90 ac dc 4a cb ba d8 cd cf 66 e1 0e 53 0b 24 22 d1 4d 6f 86 d0 7f aa =20 > a2 24 cc > 70 34 cc cb 4b 29 a4 cd 1f 9d f5 6a c2 70 15 12 5c 86 b8 79 6c 64 89 =20 > 21 62 7a > a2 18 f9 > [2003/12/15 11:29:37, 5] =20 > rpc_server/srv_samr_nt.c:_samr_set_userinfo(2937) > _samr_set_userinfo: 2937 > [2003/12/15 11:29:37, 4] > rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 08 00 00 00 00 00 00 00 71 E1 =20 > DD 3F > ........ ....q=A1Z? > [010] 61 70 00 00 ap.. > [2003/12/15 11:29:37, 5] > rpc_server/srv_samr_nt.c:access_check_samr_function(105) > _samr_set_userinfo: access check ((granted: 0x000000b0; required: > 0x00000024) > [2003/12/15 11:29:37, 4] > rpc_server/srv_samr_nt.c:access_check_samr_function(109) > _samr_set_userinfo: ACCESS should be DENIED (granted: 0x000000b0; =20 > required: > 0x00000024) > but overwritten by euid =3D=3D 0 > [2003/12/15 11:29:37, 5] =20 > rpc_server/srv_samr_nt.c:_samr_set_userinfo(2950) > _samr_set_userinfo: =20 > sid:S-1-5-21-2656636599-2098491866-229994164-3044, > level:24 > [2003/12/15 11:29:37, 2] lib/smbldap.c:smbldap_search_suffix(1068) > smbldap_search_suffix: searching > for:[(&(sambaSID=3DS-1-5-21-2656636599-2098491866-229994164=20 > -3044)(objectclass=3DsambaSamAccount))] > [2003/12/15 11:29:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: gt1$ > [2003/12/15 11:29:37, 5] =20 > rpc_server/srv_samr_nt.c:set_user_info_pw(2877) > Attempting administrator password change for user gt1$ > [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) > decode_pw_buffer: incorrect password length (-2128390977). > [2003/12/15 11:29:37, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) > decode_pw_buffer: check that 'encrypt passwords =3D yes' > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_set_userinfo > [2003/12/15 11:29:37, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0000 status: NT_STATUS_ACCESS_DENIED > [2003/12/15 11:29:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) > api_rpcTNP: called samr successfully > > > In particular, I find the decode_pw_buffer warnings to be troubling =20 > (there are > no passwords in the LDAP entry at this point). Perhaps an initialized > variable? Any help would be most appreciated. > > regards, > Greg > > > --=20 > Greg Dickie > just a guy > Maximum Throughput > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
> > > I was running 3.0.1rc1 and 3.0.1rc2, I downgraded to 3.0.1pre3. > > Sorry for the confusion. > > Charles Hamel > > On 03-12-15, at 15:17, Gerald (Jerry) Carter wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Charles Hamel wrote: >> | You are not the only one have this problem, the samba >> | team is working to fix this. >> | >> | I had the same problem, downgraded to 3.0.1pre3 and >> | it works. >> >> 3.0.1pre3 ? or 3.0.0 ? >> >> >> >> cheers, jerry >> ~ >> ---------------------------------------------------------------------- >> ~ Hewlett-Packard ------------------------- >> http://www.hp.com >> ~ SAMBA Team ---------------------- >> http://www.samba.org >> ~ GnuPG Key ---- >> http://www.plainjoe.org/gpg_public.asc >> ~ "If we're adding to the noise, turn off this song" --Switchfoot >> (2003) >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.1 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQE/3hbkIR7qMdg1EfYRAjXdAKC84daYNnSlRo0d6NK1BYpLkyaBkACaAot0 >> SPtVPCKlz2VHOqFwLNgr7Qo>> =/4S8 >> -----END PGP SIGNATURE----- >> >