samba - Jan 2006 - Problem using rpcclient as root user -- can't authenticate

I'm a Samba-3 newbie (all my previous experience is with Samba-2), and 
that may by the crux of the problem.

Samba 3.0.14a-2 came bundled with Fedora Core.  Since this server will 
be taking over the functions of the Samba-2, I copied the smb.conf file 
over and simply changed the netbios name.  It uses a domain security 
model, and that has not changed.  Also, using the rpc net command, I 
joined the server to the domain.  I added a local password for "root" 
via the SWAT interface.  Since it's the same password as on the old 
Samba-2 server, I compared the password hashes to see that they are 
identical.

The problem I've encountered is with rpcclient.  It looks like it's 
trying to treat the user as a domain user and not simply local to the 
server.  For example:

 >  rpcclient berkeley -U root%XXXXXX -c "enumdrivers 2"

The system response is:

 > added interface ip=10.171.255.21 bcast=10.171.255.255 nmask=255.255.0.0
 > Connecting to host=berkeley
 > resolve_lmhosts: Attempting lmhosts lookup for name berkeley<0x20>
 > resolve_wins: Attempting wins lookup for name berkeley<0x20>
 > resolve_wins: using WINS server 10.170.131.11 and tag '*'
 > Got a positive name query response from 10.170.131.11 ( 10.171.255.21 )
 > Connecting to 10.171.255.21 at port 445
 > Doing spnego session setup (blob length=58)
 > got OID=1 3 6 1 4 1 311 2 2 10
 > got principal=NONE
 > Got challenge flags:
 > Got NTLMSSP neg_flags=0x60890215
 > NTLMSSP: Set final flags:
 > Got NTLMSSP neg_flags=0x60080215
 > NTLMSSP Sign/Seal - Initialising with flags:
 > Got NTLMSSP neg_flags=0x60080215
 > SPNEGO login failed: Logon failure
 > failed session setup with NT_STATUS_LOGON_FAILURE
 > Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE


And in the log file I see the following:

 > [2006/01/30 13:38:24, 3] auth/auth.c:check_ntlm_password(219)
 >   check_ntlm_password:  Checking password for unmapped user 
[CATNET]\[root]@[BERKELEY] with the new password interface
 > [2006/01/30 13:38:24, 3] auth/auth.c:check_ntlm_password(222)
 >   check_ntlm_password:  mapped user is: [CATNET]\[root]@[BERKELEY]
 > [2006/01/30 13:38:24, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 >   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
 > [2006/01/30 13:38:24, 3] smbd/uid.c:push_conn_ctx(365)
 >   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
 > [2006/01/30 13:38:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 >   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
 > [2006/01/30 13:38:24, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 >   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
 > [2006/01/30 13:38:24, 2] auth/auth.c:check_ntlm_password(312)
 >   check_ntlm_password:  Authentication for user [root] -> [root] 
FAILED with error NT_STATUS_NO_SUCH_USER


Any ideas about what might be wrong?

Thanks,
Rob


-- 

Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

> The problem I've encountered is with rpcclient.  It looks like it's
> trying to treat the user as a domain user and not simply local to the 
> server.  For example:
> 
>  >  rpcclient berkeley -U root%XXXXXX -c "enumdrivers 2"
If that's the case, you should be able to use "-U HOSTNAME\\root"
where
HOSTNAME is the NetBIOS name of the local machine, and can be used to
specify local UNIX users in domain form (this is the normal way of
specifying users in a domain that are local to a specific PC.)

Cheers,
Adam.