samba - Aug 2006 - member server can't authenticate users?

Hey List-

I've got 2 samba servers.

PDC: FreeBSD 5.4; samba: 3.0.23 ? name: bugs
member server: FreeBSD 6-stable; samba: 3.0.23 ? name: daffy

note: config files are at the bottom of the email

The PDC was running an older version, but I just upgraded and it didn't fix 
the below issue. The member server was running fine with the old smb.conf 
file, but I rebuilt the server and now it doesn't work. Here is the problem:

the member server is dual-homed and firewalled. note: I did try totally 
disabling the firewall and this didn't help or change the error.

Using Konqueror and smb://daffy/ ?I can see the share I want to connect to, 
but it nevers lets me authenticate.

I did also do a net join ?back into the domain and that worked fine.

on the member server I can do the following:
pw group show ecwusers ? -> works fine
wbinfo -u ?-> works fine
smbclient -L bugs -U username ?-> works fine
smbclient -L daffy -U username -> get an error

error = ?session setup failed: NT_STATUS_NO_LOGON_SERVERS

smbclient -d 3 -L daffy -U username ? shows:

Client started (version 3.0.23b).
Connecting to 127.0.0.1 at port 445
Password: 
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
SPNEGO login failed: No logon servers
session setup failed: NT_STATUS_NO_LOGON_SERVERS

The only error which repeats when I try and make a connection is in the 
log.wb-ECW file on daffyand it  shows:
[2006/08/29 17:30:47, 1] 
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR 
received from remote machine bugs.int.ecreativeworks.com pipe \lsarpc fnum 
0x74eb!


PDC smb.conf:
# Global parameters
[global]
workgroup = ECW
netbios name = ECWSERVER
passdb backend = tdbsam:/usr/local/etc/samba/private/passwd.tdb
os level = 65
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
wins support = yes
#server string = Samba %v on %L
server string security = USER
encrypt passwords = yes 
disable spoolss = Yes
guest ok = no
follow symlinks = no
case sensitive = no
idmap uid = 15000-20000
idmap gid = 15000-20000
username map = //usr/local/etc/samba/smbusers

name resolve order = wins bcast hosts
time server = Yes

#printing options
printing = cups
printcap name = cups
load printers = yes
show add printer wizard = Yes
printer admin = @ecwadmins,@wheel

#user scripts
add user script = /usr/sbin/pw useradd -n %u -g 
ecwusers -s /usr/sbin/nologin -c ""
delete user script = /usr/sbin/pw userdel -n %u
add group script = /usr/sbin/pw groupadd -n %g
delete group script = /usr/sbin/pw groupdel -n %g
add user to group script = /usr/sbin/pw usermod -n %u -g %g
#add machine script = /usr/sbin/pw useradd -n %u -g 
100 -s /usr/sbin/nologin -d /dev/null

#user directories
logon home = \\%N\%U\
logon drive = H:

#roaming profiles
logon path 
#####SHARES BELOW
#######END PDC CONF

member server smb.conf:
# Global parameters
[global]
workgroup = ECW
netbios name = ECWTEST
#server string = Samba %v on %L
server string security = domain
password server = bugs.int.domainname.com
encrypt passwords = yes 
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind use default domain = yes
guest ok = no
follow symlinks = no
case sensitive = no

preferred master = no
domain master = no

bind interfaces only = yes
interfaces = fxp0 lo0



Henrik
-- 
Henrik Hudson
lists@rhavenn.net
------------------------------
"God, root, what is difference?" Pitr; UF
(http://www.userfriendly.org/)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/29/2006 07:57 PM, Henrik Hudson escreveu:
> Hey List-
Hey there! :)

> I've got 2 samba servers.
> PDC: FreeBSD 5.4; samba: 3.0.23   name: bugs
> member server: FreeBSD 6-stable; samba: 3.0.23   name: daffy
> note: config files are at the bottom of the email
> The PDC was running an older version, but I just upgraded and it didn't
fix
> the below issue. The member server was running fine with the old smb.conf 
> file, but I rebuilt the server and now it doesn't work. Here is the
problem:
> 
> the member server is dual-homed and firewalled. note: I did try totally 
> disabling the firewall and this didn't help or change the error.
> 
> Using Konqueror and smb://daffy/  I can see the share I want to connect to,
> but it nevers lets me authenticate.
> 
> I did also do a net join  back into the domain and that worked fine.
> 
> on the member server I can do the following:
> pw group show ecwusers   -> works fine
> wbinfo -u  -> works fine
> smbclient -L bugs -U username  -> works fine
> smbclient -L daffy -U username -> get an error
> 
> error =  session setup failed: NT_STATUS_NO_LOGON_SERVERS
> 
> smbclient -d 3 -L daffy -U username   shows:
> 
> Client started (version 3.0.23b).
> Connecting to 127.0.0.1 at port 445
> Password: 
> Doing spnego session setup (blob length=58)
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=NONE
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60890215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60080215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60080215
> SPNEGO login failed: No logon servers
> session setup failed: NT_STATUS_NO_LOGON_SERVERS
> 
> The only error which repeats when I try and make a connection is in the 
> log.wb-ECW file on daffyand it  shows:
> [2006/08/29 17:30:47, 1] 
> rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
>   cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR 
> received from remote machine bugs.int.ecreativeworks.com pipe \lsarpc fnum 
> 0x74eb!
> 
> 
> PDC smb.conf:
> # Global parameters
> [global]
> netbios name = ECWSERVER
> passdb backend = tdbsam:/usr/local/etc/samba/private/passwd.tdb
[...]
> member server smb.conf:
> # Global parameters
> [global]
> workgroup = ECW
> netbios name = ECWTEST
> #server string = Samba %v on %L
> server string > security = domain
> password server = bugs.int.domainname.com
	If you use ECWSERVER here, instead of the bugs.int...,
does it works?

	From what I've seen, there are two very common cases for
that situation:

1) DNS (or name related problems)
2) ADS related problems (which certainly, is not the case :D).
> Henrik
	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFE9aXuCj65ZxU4gPQRAkrsAJ9uTZzsLyT9j0dsVD7XwIltWy4sJgCgzP9j
XxEDgDCogI2ubmpXbLHZ/Ew=z2ns
-----END PGP SIGNATURE-----