Bryan Jones
2007-Jan-01 19:36 UTC
[Samba] Samba version 3.0.23d-1 and joining a Windows Domain
All, I installed the new version of samba on my Redhat 9.0 server. I have samba running on another Redhat 9.0 server and the version of samba on that box is 3.0.21c-1 and this server has successfully joined a W2K Domain. I am trying to migrate the data from the host that works to the new host. Here are the steps that I have taken to try and join to the domain. 1. rpm -i -vv samba-3.0.23d-1.i386.rpm 2. vi /etc/samba/smb.conf [global] netbios name = snow workgroup = STORM server string = Samba Server realm = STORM.THEBUC.COM security = DOMAIN winbind separator = + idmap uid = 100000-200000 idmap gid = 100000-200000 winbind enum users = yes winbind enum groups = yes load printers = no encrypt passwords = yes dns proxy = no log level = 10 syslog = 0 log file = /var/log/samba/%m max log size = 500 smb ports = 139 445 name resolve order = hosts wins bcast wins server = 192.168.110.3 [software] comment = Software path = /d0/shares/software read only = No browseable = No guest ok = No [spreadsheets] comment = Spreadsheets path = /d0/shares/spreadsheets read only = No browseable = No guest ok = No [work] comment = Data from Work path = /d0/shares/work read only = No browseable = No guest ok = No 3. vi /etc/hosts 192.168.110.50 snow 192.168.110.3 cyclone 4. testparm SNOW# testparm Load smb config files from /etc/samba/smb.conf Processing section "[software]" Processing section "[spreadsheets]" Processing section "[work]" Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions 5. /etc/init.d/smb start 6. net rpc join -U Administrator -S cyclone Password: XXXXXXXX Joined domain STORM. 7. vi /etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files dns wins 8. service smb stop 9. nmbd ; smbd ; winbindd 10. wbinfo -u Error looking up domain users 11. wbinfo -t checking the trust secret via RPC calls succeeded 12. wbinfo --own-domain STORM 13. net rpc info -U Administrator Password: Domain Name: STORM Domain SID: S-1-5-21-2982344105-4110734383-1059044574 Sequence number: 719 Num users: 34 Num domain groups: 0 Num local groups: 10 14. nmbd; smbd -i -d 3 Maximum core file size limits now 16777216(soft) -1(hard) get_current_groups: user is in 1 groups: 0 smbd version 3.0.23d started. Copyright Andrew Tridgell and the Samba Team 1992-2006 uid=0 gid=0 euid=0 egid=0 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Processing section "[software]" Processing section "[spreadsheets]" Processing section "[work]" adding IPC service reloading printcap cache reload status: ok reloading printcap cache reload status: ok added interface ip=192.168.110.50 bcast=192.168.110.255 nmask=255.255.255.0 loaded services Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-22-1-0] get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-22-1-99] get_privileges: No privileges assigned to SID [S-1-22-2-99] get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] waiting for a connection 15. Windows host net view \\snow output from smbd -i -d 3 open_oplock_ipc: initializing messages. Linux kernel oplocks enabled Transaction 0 of length 72 netbios connect: name1=SNOW name2=CYCLONE netbios connect: local=snow remote=cyclone, name type = 0 Transaction 1 of length 137 switch message SMBnegprot (pid 5283) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] using SPNEGO Selected protocol NT LM 0.12 Transaction 2 of length 202 switch message SMBsesssetupX (pid 5283) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 32 Got NTLMSSP neg_flags=0xe0088297 Transaction 3 of length 326 switch message SMBsesssetupX (pid 5283) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] Got user=[Administrator] domain=[STORM] workstation=[CYCLONE] len1=24 len2=24 get_dc_list: preferred server list: "CYCLONE, *" rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM Connecting to host=CYCLONE Connecting to 192.168.110.3 at port 445 rpc_pipe_bind: Remote machine CYCLONE pipe \lsarpc fnum 0x4 bind request returned ok. lsa_io_sec_qos: length c does not match size 8 check_ntlm_password: Checking password for unmapped user [STORM]\[Administrator]@[CYCLONE] with the new password interface check_ntlm_password: mapped user is: [STORM]\[Administrator]@[CYCLONE] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_dc_list: preferred server list: "CYCLONE, *" rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM Connecting to host=CYCLONE Connecting to 192.168.110.3 at port 445 rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x3 bind request returned ok. rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x4 bind request returned ok. check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Transaction 4 of length 43 switch message SMBulogoffX (pid 5283) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 ulogoff, vuser id 100 does not map to user. ulogoffX vuid=100 timeout_processing: End of file from client (client has disconnected). setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Yielding connection to Server exit (normal exit) I can not join the domain, from the information above what am i doing wrong? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Henrik Zagerholm
2007-Jan-02 07:47 UTC
[Samba] Samba version 3.0.23d-1 and joining a Windows Domain
Shouldn't security = DOMAIN be ADS instead? 1 jan 2007 kl. 20:29 skrev Bryan Jones:> All, > > I installed the new version of samba on my Redhat 9.0 server. I > have samba running on another Redhat 9.0 server and the version of > samba on that box is 3.0.21c-1 and this server has successfully > joined a W2K Domain. I am trying to migrate the data from the host > that works to the new host. > > Here are the steps that I have taken to try and join to the domain. > > 1. rpm -i -vv samba-3.0.23d-1.i386.rpm > 2. vi /etc/samba/smb.conf > > [global] > netbios name = snow > workgroup = STORM > server string = Samba Server > realm = STORM.THEBUC.COM > security = DOMAIN > winbind separator = + > idmap uid = 100000-200000 > idmap gid = 100000-200000 > winbind enum users = yes > winbind enum groups = yes > load printers = no > encrypt passwords = yes > dns proxy = no > log level = 10 > syslog = 0 > log file = /var/log/samba/%m > max log size = 500 > smb ports = 139 445 > name resolve order = hosts wins bcast > wins server = 192.168.110.3 > [software] > comment = Software > path = /d0/shares/software > read only = No > browseable = No > guest ok = No > [spreadsheets] > comment = Spreadsheets > path = /d0/shares/spreadsheets > read only = No > browseable = No > guest ok = No > [work] > comment = Data from Work > path = /d0/shares/work > read only = No > browseable = No > guest ok = No > > 3. vi /etc/hosts > 192.168.110.50 snow > 192.168.110.3 cyclone > > 4. testparm > SNOW# testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[software]" > Processing section "[spreadsheets]" > Processing section "[work]" > Loaded services file OK. > 'winbind separator = +' might cause problems with group membership. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > 5. /etc/init.d/smb start > 6. net rpc join -U Administrator -S cyclone > Password: XXXXXXXX > Joined domain STORM. > > 7. vi /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind > hosts: files dns wins > > 8. service smb stop > 9. nmbd ; smbd ; winbindd > > 10. wbinfo -u > Error looking up domain users > > 11. wbinfo -t > checking the trust secret via RPC calls succeeded > > 12. wbinfo --own-domain > STORM > > 13. net rpc info -U Administrator > Password: > Domain Name: STORM > Domain SID: S-1-5-21-2982344105-4110734383-1059044574 > Sequence number: 719 > Num users: 34 > Num domain groups: 0 > Num local groups: 10 > > 14. nmbd; smbd -i -d 3 > Maximum core file size limits now 16777216(soft) -1(hard) > get_current_groups: user is in 1 groups: 0 > smbd version 3.0.23d started. > Copyright Andrew Tridgell and the Samba Team 1992-2006 > uid=0 gid=0 euid=0 egid=0 > lp_load: refreshing parameters > Initialising global parameters > params.c:pm_process() - Processing configuration file "/etc/samba/ > smb.conf" > Processing section "[global]" > Processing section "[software]" > Processing section "[spreadsheets]" > Processing section "[work]" > adding IPC service > reloading printcap cache > reload status: ok > reloading printcap cache > reload status: ok > added interface ip=192.168.110.50 bcast=192.168.110.255 > nmask=255.255.255.0 > loaded services > Registered MSG_REQ_POOL_USAGE > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > get_privileges: No privileges assigned to SID [S-1-22-1-0] > get_privileges: No privileges assigned to SID [S-1-5-2] > get_privileges: No privileges assigned to SID [S-1-5-11] > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > get_privileges: No privileges assigned to SID [S-1-22-1-99] > get_privileges: No privileges assigned to SID [S-1-22-2-99] > get_privileges: No privileges assigned to SID [S-1-5-2] > get_privileges: No privileges assigned to SID [S-1-5-32-546] > waiting for a connection > > > 15. Windows host net view \\snow > > output from smbd -i -d 3 > > open_oplock_ipc: initializing messages. > Linux kernel oplocks enabled > Transaction 0 of length 72 > netbios connect: name1=SNOW name2=CYCLONE > netbios connect: local=snow remote=cyclone, name type = 0 > Transaction 1 of length 137 > switch message SMBnegprot (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > Requested protocol [PC NETWORK PROGRAM 1.0] > Requested protocol [LANMAN1.0] > Requested protocol [Windows for Workgroups 3.1a] > Requested protocol [LM1.2X002] > Requested protocol [LANMAN2.1] > Requested protocol [NT LM 0.12] > using SPNEGO > Selected protocol NT LM 0.12 > Transaction 2 of length 202 > switch message SMBsesssetupX (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > wct=12 flg2=0xc807 > setup_new_vc_session: New VC == 0, if NT4.x compatible we would > close all old resources. > Doing spnego session setup > NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] > PrimaryDomain=[] > Got OID 1 3 6 1 4 1 311 2 2 10 > Got secblob of size 32 > Got NTLMSSP neg_flags=0xe0088297 > Transaction 3 of length 326 > switch message SMBsesssetupX (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > wct=12 flg2=0xc807 > setup_new_vc_session: New VC == 0, if NT4.x compatible we would > close all old resources. > Doing spnego session setup > NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] > PrimaryDomain=[] > Got user=[Administrator] domain=[STORM] workstation=[CYCLONE] > len1=24 len2=24 > get_dc_list: preferred server list: "CYCLONE, *" > rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM > Connecting to host=CYCLONE > Connecting to 192.168.110.3 at port 445 > rpc_pipe_bind: Remote machine CYCLONE pipe \lsarpc fnum 0x4 bind > request returned ok. > lsa_io_sec_qos: length c does not match size 8 > check_ntlm_password: Checking password for unmapped user [STORM]\ > [Administrator]@[CYCLONE] with the new password interface > check_ntlm_password: mapped user is: [STORM]\[Administrator]@ > [CYCLONE] > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > get_dc_list: preferred server list: "CYCLONE, *" > rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM > Connecting to host=CYCLONE > Connecting to 192.168.110.3 at port 445 > rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x3 bind > request returned ok. > rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x4 bind > request returned ok. > check_ntlm_password: Authentication for user [Administrator] -> > [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER > error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > Transaction 4 of length 43 > switch message SMBulogoffX (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > ulogoff, vuser id 100 does not map to user. > ulogoffX vuid=100 > timeout_processing: End of file from client (client has disconnected). > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > Yielding connection to > Server exit (normal exit) > > I can not join the domain, from the information above what am i > doing wrong? > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Rashid N. Achilov
2007-Jan-10 09:06 UTC
[Samba] Samba version 3.0.23d-1 and joining a Windows Domain
On Tuesday 02 January 2007 01:29, Bryan Jones wrote:> All, > > I installed the new version of samba on my Redhat 9.0 server. I have sambarunning on another Redhat 9.0 server and the version of samba on that box is 3.0.21c-1 and this server has successfully joined a W2K Domain. I am trying to migrate the data from the host that works to the new host. You need really security = DOMAIN (not ADS)? That is mean you select NT-style auth (pre-Windows 2000, didn't use Kerberos). 1. Had you have started winbind? 2. wbinfo -p? 3.In DC appeared your server object? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO "ACK" telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A