Hello!
I am trying to set up a domain for my home network, but I ran into problems.
The situation: The Debian server has netbios name "server", there are
more PCs, I will only talk about "pchrispc". The user I want to setup
is "pappl".
Here is what I did:
Installed Samba, configured it correctly (domain master, netlogon, etc.),
added the UNIX user
pappl (with a pass), and
pchrispc$ with "passwd -l",
did "smbpasswd -a pappl" and "smbpasswd -a -m pchrispc".
So far, everything is ok, I see them both in pdbedit:
######################################
server:~# Unix username: pappl
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2564980194-3922274804-1921109836-3002
Primary Group SID: S-1-5-21-2564980194-3922274804-1921109836-513
Full Name: Papp Laszlo,,,
Home Directory: \\server\pappl
HomeDir Drive: S:
Logon Script: logon.cmd
Profile Path: \\server\profiles\pappl
Domain: HOMEDOMAIN
Account desc:
-bash: Unix: command not found
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 04:14:07 CET
Kickoff time: Tue, 19 Jan 2038 04:14:07 CET
Password last set: Fri, 24 Nov 2006 19:27:54 CET
Password can change: Fri, 24 Nov 2006 19:27:54 CET
Password must change: Tue, 19 Jan 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
######################################
Then I created /home/samba/{profiles/pappl,netlogon}, all with chmod 777.
Now, if I try to connect from pchrispc (XP) I get (After I typed in
"pappl" and the pass) "Access denied", or "No such
username or wrong
password"
The strange thing is, that the samba log says that the authentication
was correct:
authentication for user [pappl] -> [pappl] -> [pappl] succeeded
Part of the log:
###################################################
[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[homedomain]\[pappl]@[PCHRISPC] with the new password interface
[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [homedomain]\[pappl]@[PCHRISPC]
[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: sam authentication for user [pappl] succeeded
[2006/11/24 21:01:48, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [pappl] -> [pappl] ->
[pappl] succeeded
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-2564980194-3922274804-1921109836-3002]
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1003]
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2006/11/24 21:01:49, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2006/11/24 21:01:49, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/11/24 21:01:49, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088215
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(280)
User name: pappl Real name: Papp Laszlo,,,
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(301)
UNIX uid 1001 is UNIX user pappl, and will be vuid 101
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(332)
Adding homes service for user 'pappl' using home directory:
'/home/pappl'
[2006/11/24 21:01:49, 3] param/loadparm.c:lp_add_home(2596)
adding home's share [pappl] for user 'pappl' at
'/home/pappl'
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 3 of length 82
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBtconX (pid 2574) conn 0x0
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/service.c:make_connection_snum(752)
Connect path is '/tmp' for service [IPC$]
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
se_access_check: also S-1-22-2-1003
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] smbd/vfs.c:vfs_init_default(219)
Initialising default vfs hooks
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
se_access_check: also S-1-22-2-1003
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1001, 1003) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/service.c:make_connection_snum(941)
pchrispc (192.168.1.3) connect to service IPC$ initially as user
pappl (uid=1001, gid=1003) (pid 2574)
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2006/11/24 21:01:49, 3] smbd/reply.c:reply_tcon_and_X(716)
tconX service=IPC$
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 4 of length 104
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1001, 1003) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe lsarpc opening.
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 5 of length 140
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\lsarpc
[2006/11/24 21:01:49, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=75a3 nwritten=72
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 6 of length 63
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=75a3 min=1024 max=1024 nread=68
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 7 of length 176
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=88 params=0 setup=2
[2006/11/24 21:01:49, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2006/11/24 21:01:49, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 75a3)
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 70
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:api_rpcTNP(2265)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
se_access_check: also S-1-22-2-1003
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 818
###################################################
Please help me, I have really spent days with this problem..
Thanks: PChris
Hello!
I am trying to set up a domain for my home network, but I ran into problems.
The situation: The Debian server has netbios name "server", there are
more PCs, I will only talk about "pchrispc". The user I want to setup
is "pappl".
Here is what I did:
Installed Samba, configured it correctly (domain master, netlogon, etc.),
added the UNIX user
pappl (with a pass), and
pchrispc$ with "passwd -l",
did "smbpasswd -a pappl" and "smbpasswd -a -m pchrispc".
So far, everything is ok, I see them both in pdbedit:
######################################
server:~# Unix username: pappl
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2564980194-3922274804-1921109836-3002
Primary Group SID: S-1-5-21-2564980194-3922274804-1921109836-513
Full Name: Papp Laszlo,,,
Home Directory: \\server\pappl
HomeDir Drive: S:
Logon Script: logon.cmd
Profile Path: \\server\profiles\pappl
Domain: HOMEDOMAIN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 04:14:07 CET
Kickoff time: Tue, 19 Jan 2038 04:14:07 CET
Password last set: Fri, 24 Nov 2006 19:27:54 CET
Password can change: Fri, 24 Nov 2006 19:27:54 CET
Password must change: Tue, 19 Jan 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
######################################
Then I created /home/samba/{profiles/pappl,netlogon}, all with chmod 777.
Now, if I try to connect from pchrispc (XP) I get (After I typed in
"pappl" and the pass) "Access denied", or "No such
username or wrong
password"
The strange thing is, that the samba log says that the authentication
was correct:
authentication for user [pappl] -> [pappl] -> [pappl] succeeded
Part of the log:
###################################################
[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[homedomain]\[pappl]@[PCHRISPC] with the new password interface
[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [homedomain]\[pappl]@[PCHRISPC]
[2006/11/24 21:01:48, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: sam authentication for user [pappl] succeeded
[2006/11/24 21:01:48, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [pappl] -> [pappl] ->
[pappl] succeeded
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID
[S-1-5-21-2564980194-3922274804-1921109836-3002]
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-1003]
[2006/11/24 21:01:48, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2006/11/24 21:01:49, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2006/11/24 21:01:49, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/11/24 21:01:49, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0xe2088215
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(280)
User name: pappl Real name: Papp Laszlo,,,
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(301)
UNIX uid 1001 is UNIX user pappl, and will be vuid 101
[2006/11/24 21:01:49, 3] smbd/password.c:register_vuid(332)
Adding homes service for user 'pappl' using home directory:
'/home/pappl'
[2006/11/24 21:01:49, 3] param/loadparm.c:lp_add_home(2596)
adding home's share [pappl] for user 'pappl' at
'/home/pappl'
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 3 of length 82
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBtconX (pid 2574) conn 0x0
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/service.c:make_connection_snum(752)
Connect path is '/tmp' for service [IPC$]
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
se_access_check: also S-1-22-2-1003
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] smbd/vfs.c:vfs_init_default(219)
Initialising default vfs hooks
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
se_access_check: also S-1-22-2-1003
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1001, 1003) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/service.c:make_connection_snum(941)
pchrispc (192.168.1.3) connect to service IPC$ initially as user
pappl (uid=1001, gid=1003) (pid 2574)
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2006/11/24 21:01:49, 3] smbd/reply.c:reply_tcon_and_X(716)
tconX service=IPC$
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 4 of length 104
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBntcreateX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (1001, 1003) - sec_ctx_stack_ndx = 0
[2006/11/24 21:01:49, 3] smbd/nttrans.c:nt_open_pipe(346)
nt_open_pipe: Known pipe lsarpc opening.
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 5 of length 140
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBwriteX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1534)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:check_bind_req(985)
check_bind_req for \PIPE\lsarpc
[2006/11/24 21:01:49, 3] smbd/pipes.c:reply_pipe_write_and_X(217)
writeX-IPC pnum=75a3 nwritten=72
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 6 of length 63
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBreadX (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/pipes.c:reply_pipe_read_and_X(262)
readX-IPC pnum=75a3 min=1024 max=1024 nread=68
[2006/11/24 21:01:49, 3] smbd/process.c:process_smb(1110)
Transaction 7 of length 176
[2006/11/24 21:01:49, 3] smbd/process.c:switch_message(914)
switch message SMBtrans (pid 2574) conn 0x8417df0
[2006/11/24 21:01:49, 3] smbd/ipc.c:handle_trans(373)
trans <\PIPE\> data=88 params=0 setup=2
[2006/11/24 21:01:49, 3] smbd/ipc.c:named_pipe(340)
named pipe command on <> name
[2006/11/24 21:01:49, 3] smbd/ipc.c:api_fd_reply(300)
Got API command 0x26 on pipe "lsarpc" (pnum 75a3)
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 70
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe.c:api_rpcTNP(2265)
api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(250)
[2006/11/24 21:01:49, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2564980194-3922274804-1921109836-3002
se_access_check: also S-1-22-2-1003
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2006/11/24 21:01:49, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529)
free_pipe_context: destroying talloc pool of size 818
###################################################
I have read something about groups... Maybe I need some group management too?
Please help me, I have really spent days with this problem..
Thanks: PChris