Whitaker, Adrian N
2006-Mar-23 17:43 UTC
[Samba] need help running samba 3.0.11 with security=domain
> I am having problems getting security=domain to work properly with > Samba 3.0.11 (this seems to be the recommended configuration for the > application which I use - ClearCase) > > We are running on a Solaris 10 server. > > We created a machine account for the server and then ran the command > to join the domain : > net rpc join -S domain_controller -U user%pass > Joined domain BP1. > > The fact that we got the "joined domain" message looked encouraging. > > I thought that this would update /usr/local/samba/private/secrets.tdb > - but the timestamp of this file didn't change. Is this normal ? Maybe > it is because we can now access the samba share from a client PC. > However - it takes too long (around 15 seconds). Occasionally it fails > altogether. If we set "password server" to "*" rather than hard coding > a domain controller then it fails every time with access denied > errors. > > If we switch to security=server it works OK. > > The smb.conf file contains the following > > [global] > workgroup = BP1 > security = DOMAIN > password server = bp1xeudc042.bp1.ad.bp.com > username map = /usr/local/samba/lib/username.map > lm announce = No > preferred master = No > local master = No > domain master = No > kernel oplocks = No > ldap ssl = no > invalid users = root, bin, daemon, adm, sync, shutdown, halt, > mail, news, uucp > create mask = 0775 > directory mask = 0775 > case sensitive = No > oplocks = No > include = /usr/local/samba/lib/smb.conf.%m > dos filemode = Yes > > [export] > comment = ClearCase VOBs > path = /export > read only = No > level2 oplocks = No > > > The log file contains the following : > added interface ip=149.184.200.182 bcast=149.184.200.255 > nmask=255.255.255.0 > [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) > added interface ip=149.184.200.181 bcast=149.184.200.255 > nmask=255.255.255.0 > [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) > added interface ip=149.184.200.27 bcast=149.184.200.255 > nmask=255.255.255.0 > [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) > added interface ip=172.28.17.231 bcast=172.28.17.255 > nmask=255.255.255.0 > [2006/03/23 16:41:57, 3] > libsmb/trusts_util.c:enumerate_domain_trusts(149) > enumerate_domain_trusts: can't locate a DC for domain BP1 > [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user > [BP1]\[WHITAKAN]@[BP > 1LSTL211684] with the new password interface > [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: > [BP1]\[WHITAKAN]@[BP1LSTL211684] > [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2006/03/23 16:41:57, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2006/03/23 16:42:01, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [WHITAKAN] -> > [WHITAKAN] FAILED > with error NT_STATUS_NO_LOGON_SERVERS > [2006/03/23 16:42:01, 3] smbd/process.c:timeout_processing(1334) > timeout_processing: End of file from client (client has > disconnected). > ... > ... > [2006/03/23 16:42:01, 2] lib/interface.c:add_interface(79) > added interface ip=172.28.17.231 bcast=172.28.17.255 > nmask=255.255.255.0 > [2006/03/23 16:42:05, 3] > libsmb/trusts_util.c:enumerate_domain_trusts(149) > enumerate_domain_trusts: can't locate a DC for domain BP1 > [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user > [BP1]\[WHITAKAN]@[BP > 1LSTL211684] with the new password interface > [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: > [BP1]\[WHITAKAN]@[BP1LSTL211684] > [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2006/03/23 16:42:05, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2006/03/23 16:42:05, 3] libsmb/namequery_dc.c:rpc_dc_name(145) > rpc_dc_name: Returning DC BP1XEUDC042 (149.184.209.253) for domain > BP1 > [2006/03/23 16:42:05, 3] > libsmb/cliconnect.c:cli_start_connection(1389) > Connecting to host=BP1XEUDC042 > [2006/03/23 16:42:05, 3] lib/util_sock.c:open_socket_out(752) > Connecting to 149.184.209.253 at port 445 > [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2006/03/23 16:42:06, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > ... > ... > [2006/03/23 16:42:06, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: winbind authentication for user [WHITAKAN] > succeeded > [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2006/03/23 16:42:06, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2006/03/23 16:42:06, 2] auth/auth.c:check_ntlm_password(305) > check_ntlm_password: authentication for user [WHITAKAN] -> > [WHITAKAN] -> [whi > takan] succeeded > > > Any help would be appreciated > > Thanks >
Possibly Parallel Threads
- need help running samba 3.0.11 with security=domain (again)
- Home drives not being mounted. Samba 3.0.7 vs W2k TS
- No subject
- User longer than 20 characters can't join domain (windows 7 pro)
- Samba 3.4.7 on Debian Squeeze does not allow Vista machines to connect to shares XP users can connect though