William R. Lorenz
2005-Apr-28 05:51 UTC
[Samba] Windows Server 2003 SP1 Issues (3.0.15pre2)
Hi All, I'm running into some issues accessing a Samba server that's in turn authenticating against a Win2k3-SP1 domain controller (security=ads). I understand there were some known issues corrected in a patch, and I'm currently running 3.0.15pre2, which I understand includes that patch. (http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch) All was working fine before the Win2k3 server was upgraded with the SP1 service pack. The `net ads join`, `wbinfo -t`, `wbinfo -u`, `wbinfo -p`, `getent passwd`, and `getent group` commands all still work fine, but users can't authenticate against the Samba box and view available shares. For example, here's a local smbclient connection from the local console: [root@linux-test samba]# smbclient -L 192.168.0.52 -U polorx added interface ip=192.168.0.52 bcast=192.168.0.255 nmask=255.255.255.0 Client started (version 3.0.15pre2). Connecting to 192.168.0.52 at port 445 Password: Doing spnego session setup (blob length=112) got OID=1 2 840 113554 1 2 2 got OID=1 2 840 48018 1 2 2 got OID=1 3 6 1 4 1 311 2 2 10 got principal=linux-test$@TCB.INTERNAL Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE [root@linux-test samba]# I have attached the Samba server's configuration file, and I can also provide detailed logs upon request. Does anyone have any ideas on this? Thanks, in advance, for any insights you can offer! -- William R. Lorenz <wrl@express.org> -- http://www.express.org/~wrl/ ; "Every revolution was first -- a thought in one man's mind." - Ralph Waldo Emerson -------------- next part -------------- [global] netbios name = linux-test workgroup = MFERRY realm = tcb.internal server string = linux-test security = ads encrypt passwords = Yes log file = /var/log/samba/%m.log log level = 10 max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = No os level = 10 preferred master = No domain master = No dns proxy = No hosts allow = 192.168. password server = 192.168.0.239 interfaces = 192.168.0.52 bind interfaces only = yes case sensitive = no default case = lower preserve case = yes short preserve case = yes add share command = /usr/local/samba/bin/share.pl change share command = /usr/local/samba/bin/share.pl delete share command = /usr/local/samba/bin/share.pl admin users = @MFERRY+Administrators announce as = "NT Server" announce version = 9.3 blocking locks = yes browse list = yes deadtime = 15 debug timestamp = yes debug hires timestamp = yes debug pid = yes default service = public dont descend = /proc,/dev,/tmp,/usr getwd cache = yes hide dot files = yes invalid users = root shutdown halt service mysql apache rpm kernel oplocks = yes load printers = no locking = yes max disk size = 5000 message command = /var/log/samba "%s" "%t" "%f" & nt acl support = yes nt pipe support = yes null passwords = no obey pam restrictions = yes strict allocate = yes winbind separator = + winbind cache time = 10 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template shell = /bin/false template homedir = /home/%U