Hi,
Just thought I would update these message. The solution to the problem was to
add the realm and domain_realm information for the trust domain to krb5.conf. I
needed to know more about kerberos before posting.
Lou.
-----Original Message-----
From: samba-bounces+baccari=crl.dec.com@lists.samba.org
[mailto:samba-bounces+baccari=crl.dec.com@lists.samba.org]On Behalf Of
Baccari, Lou
Sent: Tuesday, March 16, 2004 1:56 PM
To: samba@lists.samba.org
Subject: [Samba] Samba-3 / ADS problems with trusted domain
Hello,
I'm running Mandrake 9.2 and Samba-3.0.2a
I'm connecting a Samba Server as a Domain member to an 2003 ADS, called
TEST2. I've been able to create the computer account. I've also tested
successfully, from Chapter 7 of ' Samba HOWTO Collection' with a W2K
client logon/mount a share from the samba server using Kerberos. The testing
of the smbclient was also successful.
The problem that I'm having now is that I can not successfully logon/mount
a share with Kerberos from a client logon from a trusted domain, TEST1, with the
ADS. Testing with wbinfo -u and -g only show accounts and group information
from my local Domain, Test2, and not from the trusted Domain. A wbinfo -m does
show me a list of all trusted domain.
From the log.winbind file I can also see 'trustdom_store: storing SID
S-1-5-21-1060284298-1078145449-682003330 of domain TEST1", so It appears
winbind if working.
The account name on TEST1 is ibaccaril, the account on TEST2 is ibaccarilsu
and the unix account is baccari. I currently have no control of the account
names in Test1 and test2. When I tail the log.isaunders-n-1file I extract the
error below, Any help would be appreciated.
2004/03/16 13:12:34, 5] auth/auth_util.c:make_user_info(184)
making blobs for baccari's user_info struct
[2004/03/16 13:12:34, 10] auth/auth_util.c:make_user_info(193)
made an encrypted user_info for baccari (iBaccaril)
[2004/03/16 13:12:34, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[TEST1]\[iBaccaril]@[ISAUNDERS-N-1] with the new password interface
[2004/03/16 13:12:34, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [TEST2]\[baccari]@[ISAUNDERS-N-1]
[2004/03/16 13:12:34, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by random
[2004/03/16 13:12:34, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2004/03/16 13:12:34, 5] lib/util.c:dump_data(1830)
[000] 11 25 5A CA CE C1 F4 25 .%Z????%
[2004/03/16 13:12:34, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/03/16 13:12:34, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/03/16 13:12:34, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/03/16 13:12:34, 5] auth/auth_util.c:debug_nt_user_token(486)
NT user token: (NULL)
[2004/03/16 13:12:34, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2004/03/16 13:12:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/03/16 13:12:34, 5] auth/auth.c:check_ntlm_password(271)
check_ntlm_password: winbind authentication for user [iBaccaril] FAILED with
error NT_STATUS_NO_SUCH_USER
[2004/03/16 13:12:34, 6] auth/auth_sam.c:check_samstrict_security(271)
check_samstrict_security: TEST2 is not one of my local names
(ROLE_DOMAIN_MEMBER)
[2004/03/16 13:12:34, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: sam had nothing to say
[2004/03/16 13:12:34, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [iBaccaril] -> [baccari]
FAILED with error NT_STATUS_NO_SUCH_USER
[2004/03/16 13:12:34, 5] auth/auth_util.c:free_user_info(1278)
attempting to free (and zero) a user_info structure
[2004/03/16 13:12:34, 10] auth/auth_util.c:free_user_info(1281)
structure was created for iBaccaril
[2004/03/16 13:12:34, 6] lib/util_sock.c:write_socket(407)
write_socket(5,104)
[2004/03/16 13:12:34, 6] lib/util_sock.c:write_socket(410)
write_socket(5,104) wrote 104
[2004/03/16 13:12:35, 3] smbd/process.c:timeout_processing(1104)
timeout_processing: End of file from client (client has disconnected).
[2004/03/16 13:12:35, 5] lib/gencache.c:gencache_shutdown(88)
Closing cache file
[2004/03/16 13:12:35, 5] libsmb/namecache.c:namecache_shutdown(79)
namecache_shutdown: netbios namecache closed successfully.
[2004/03/16 13:12:35, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/03/16 13:12:35, 5] auth/auth_util.c:debug_nt_user_token(486)
NT user token: (NULL)
[2004/03/16 13:12:35, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2004/03/16 13:12:35, 5] smbd/uid.c:change_to_root_user(218)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2004/03/16 13:12:35, 2] smbd/server.c:exit_server(558)
Lou Baccari
lou.baccari@hp.com
HP Labs, Hewlett-Packard Company
617-551-7623
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba