thr3ads.net - samba - [Samba] Samba + Win2k works, Win2003 fails [Dec 2006]

If this information is useful, please help other people find it:
Share via:

Michael Schurter

2006-Dec-06 17:28 UTC

[Samba] Samba + Win2k works, Win2003 fails

Hi all,

I've finally almost gotten my desired Samba+AD integration working: I've
joined a domain, AD users can login, kerberos works (keytab integration,
caching, etc.), etc.

However, this is only true as long as I hack my /etc/hosts
and /etc/samba/lmhosts files to trick Samba into always using my
networks Windows 2000 Active Directory Server.  The second a Samba
command finds and attempts to use the 2003 server, it fails.

Workstation: Debian Sid, Samba 3.0.23d (pam_winbind, MIT kerberos)

Domain: TREMONT
Realm: tremont.local
AD Servers:
	thsdc1/192.168.100.4 (Windows 2000)
	thsdc2/192.168.100.6 (Windows 2003)

So both my hosts & lmhosts files point thsdc2 to thsdc1's IP address
which seems to trick Samba into always using thsdc1.  thsdc1 is also
what I set all the appropriate /etc/krb5.conf settings to.

Here's the error message I get when attempting to use thsdc2 from pretty
much any Samba command (without hosts file hacks):

michael@schurter3-Linux:~$ net -U admin%PASSWORD -d8 ads status

...snip charset and parameter debugging info...

  Netbios name list:-
  my_netbios_names[0]="SCHURTER3-LINUX"
[2006/12/06 11:08:39, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.101.51 bcast=192.168.103.255
nmask=255.255.252.0
[2006/12/06 11:08:39, 6] libads/ldap.c:ads_find_dc(224)
  ads_find_dc: looking for realm 'TREMONT.LOCAL'
[2006/12/06 11:08:39, 8] libsmb/namequery.c:get_sorted_dc_list(1551)
  get_sorted_dc_list: attempting lookup using [ads]
[2006/12/06 11:08:39, 5] lib/gencache.c:gencache_init(61)
  Opening cache file at /var/run/samba/gencache.tdb
[2006/12/06 11:08:39, 5] tdb/tdbutil.c:tdb_log(783)
  tdb(unnamed): tdb_open_ex: could not open
file /var/run/samba/gencache.tdb: Permission denied
[2006/12/06 11:08:39, 5] lib/gencache.c:gencache_init(70)
  gencache_init: Opening cache file /var/run/samba/gencache.tdb
read-only.
[2006/12/06 11:08:39, 5] libsmb/namequery.c:saf_fetch(105)
  saf_fetch: failed to find server for "TREMONT.LOCAL" domain
[2006/12/06 11:08:39, 3] libsmb/namequery.c:get_dc_list(1426)
  get_dc_list: preferred server list: ", *"
[2006/12/06 11:08:39, 5] libsmb/namecache.c:namecache_fetch(201)
  name TREMONT.LOCAL#1C found.
[2006/12/06 11:08:39, 8] libsmb/namequery.c:get_dc_list(1441)
  Adding 2 DC's from auto lookup
[2006/12/06 11:08:39, 4] libsmb/namequery.c:get_dc_list(1529)
  get_dc_list: returning 2 ip addresses in an ordered list
[2006/12/06 11:08:39, 4] libsmb/namequery.c:get_dc_list(1530)
  get_dc_list: 192.168.100.6:389 192.168.100.4:389
[2006/12/06 11:08:39, 5] libads/ldap.c:ads_try_connect(127)
  ads_try_connect: sending CLDAP request to 192.168.100.6 (realm:
TREMONT.LOCAL)
[2006/12/06 11:08:39, 3] libads/ldap.c:ads_connect(287)
  Connected to LDAP server 192.168.100.6
[2006/12/06 11:08:54, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Operations error
[2006/12/06 11:08:54, 2] utils/net.c:main(988)
  return code = -1

The last few log messages show where the LDAP connection to the Windows
2003 server (thsdc2/192.168.100.6) fails.

Here's what it looks like when I force it to use my Windows 2000 Server:

$ net -U admin%PASSWORD -d8 -S thsdc1 ads status
...snip parameters & charset debugging info...
  Netbios name list:-
  my_netbios_names[0]="SCHURTER3-LINUX"
[2006/12/06 11:09:30, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.101.51 bcast=192.168.103.255
nmask=255.255.252.0
[2006/12/06 11:09:30, 5] libads/ldap.c:ads_try_connect(127)
  ads_try_connect: sending CLDAP request to thsdc1 (realm:
TREMONT.LOCAL)
[2006/12/06 11:09:30, 5] lib/gencache.c:gencache_init(61)
  Opening cache file at /var/run/samba/gencache.tdb
[2006/12/06 11:09:30, 5] tdb/tdbutil.c:tdb_log(783)
  tdb(unnamed): tdb_open_ex: could not open
file /var/run/samba/gencache.tdb: Permission denied
[2006/12/06 11:09:30, 5] lib/gencache.c:gencache_init(70)
  gencache_init: Opening cache file /var/run/samba/gencache.tdb
read-only.
[2006/12/06 11:09:30, 3] libads/ldap.c:ads_connect(287)
  Connected to LDAP server 192.168.100.4
[2006/12/06 11:09:30, 4] libads/ldap.c:ads_current_time(2296)
  time offset is 2 seconds
[2006/12/06 11:09:30, 4] libads/sasl.c:ads_sasl_bind(468)
  Found SASL mechanism GSS-SPNEGO

...snipped successful kerberos auth & data returned...

Any ideas on why Win2000 works, but Win2003 fails?

Thanks!

Michael Schurter

Michael Schurter

2006-Dec-07 16:15 UTC

head link

[Samba] Samba + Win2k works, Win2003 fails

On Wed, 2006-12-06 at 11:28 -0600, Michael Schurter
wrote:> However, this is only true as long as I hack my /etc/hosts
> and /etc/samba/lmhosts files to trick Samba into always using my
> networks Windows 2000 Active Directory Server.  The second a Samba
> command finds and attempts to use the 2003 server, it fails.
Just discovered the "password server" setting which is much less
hackish
than my (lm)hosts hack.

I'd still like to figure out why I can't connect to the Windows 2003
Server though.

Michael Schurter

Michael Schurter

2006-Dec-12 20:45 UTC

head link

[Samba] Samba + Win2k works, Win2003 fails

On Wed, 2006-12-06 at 11:28 -0600, Michael Schurter
wrote:> I've finally almost gotten my desired Samba+AD integration working:
I've
> joined a domain, AD users can login, kerberos works (keytab integration,
> caching, etc.), etc.
>  ... snip ...
> Any ideas on why Win2000 works, but Win2003 fails?
It  was the firewall.  No laughing.  :)

Possibly Parallel Threads

Search for more possibly parallel threads

samba - Dec 2006 - Samba + Win2k works, Win2003 fails

[Samba] Samba + Win2k works, Win2003 fails

[Samba] Samba + Win2k works, Win2003 fails

[Samba] Samba + Win2k works, Win2003 fails

Possibly Parallel Threads