Bryan Jones
2007-Jan-01 19:36 UTC
[Samba] Samba version 3.0.23d-1 and joining a Windows Domain
All,
I installed the new version of samba on my Redhat 9.0 server. I have samba
running on another Redhat 9.0 server and the version of samba on that box is
3.0.21c-1 and this server has successfully joined a W2K Domain. I am trying to
migrate the data from the host that works to the new host.
Here are the steps that I have taken to try and join to the domain.
1. rpm -i -vv samba-3.0.23d-1.i386.rpm
2. vi /etc/samba/smb.conf
[global]
netbios name = snow
workgroup = STORM
server string = Samba Server
realm = STORM.THEBUC.COM
security = DOMAIN
winbind separator = +
idmap uid = 100000-200000
idmap gid = 100000-200000
winbind enum users = yes
winbind enum groups = yes
load printers = no
encrypt passwords = yes
dns proxy = no
log level = 10
syslog = 0
log file = /var/log/samba/%m
max log size = 500
smb ports = 139 445
name resolve order = hosts wins bcast
wins server = 192.168.110.3
[software]
comment = Software
path = /d0/shares/software
read only = No
browseable = No
guest ok = No
[spreadsheets]
comment = Spreadsheets
path = /d0/shares/spreadsheets
read only = No
browseable = No
guest ok = No
[work]
comment = Data from Work
path = /d0/shares/work
read only = No
browseable = No
guest ok = No
3. vi /etc/hosts
192.168.110.50 snow
192.168.110.3 cyclone
4. testparm
SNOW# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[software]"
Processing section "[spreadsheets]"
Processing section "[work]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
5. /etc/init.d/smb start
6. net rpc join -U Administrator -S cyclone
Password: XXXXXXXX
Joined domain STORM.
7. vi /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
hosts: files dns wins
8. service smb stop
9. nmbd ; smbd ; winbindd
10. wbinfo -u
Error looking up domain users
11. wbinfo -t
checking the trust secret via RPC calls succeeded
12. wbinfo --own-domain
STORM
13. net rpc info -U Administrator
Password:
Domain Name: STORM
Domain SID: S-1-5-21-2982344105-4110734383-1059044574
Sequence number: 719
Num users: 34
Num domain groups: 0
Num local groups: 10
14. nmbd; smbd -i -d 3
Maximum core file size limits now 16777216(soft) -1(hard)
get_current_groups: user is in 1 groups: 0
smbd version 3.0.23d started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
uid=0 gid=0 euid=0 egid=0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[software]"
Processing section "[spreadsheets]"
Processing section "[work]"
adding IPC service
reloading printcap cache
reload status: ok
reloading printcap cache
reload status: ok
added interface ip=192.168.110.50 bcast=192.168.110.255 nmask=255.255.255.0
loaded services
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_privileges: No privileges assigned to SID [S-1-22-1-0]
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-11]
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: user sid is S-1-22-1-0
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_privileges: No privileges assigned to SID [S-1-22-1-99]
get_privileges: No privileges assigned to SID [S-1-22-2-99]
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-32-546]
waiting for a connection
15. Windows host net view \\snow
output from smbd -i -d 3
open_oplock_ipc: initializing messages.
Linux kernel oplocks enabled
Transaction 0 of length 72
netbios connect: name1=SNOW name2=CYCLONE
netbios connect: local=snow remote=cyclone, name type = 0
Transaction 1 of length 137
switch message SMBnegprot (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Requested protocol [PC NETWORK PROGRAM 1.0]
Requested protocol [LANMAN1.0]
Requested protocol [Windows for Workgroups 3.1a]
Requested protocol [LM1.2X002]
Requested protocol [LANMAN2.1]
Requested protocol [NT LM 0.12]
using SPNEGO
Selected protocol NT LM 0.12
Transaction 2 of length 202
switch message SMBsesssetupX (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
wct=12 flg2=0xc807
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
Doing spnego session setup
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
Got OID 1 3 6 1 4 1 311 2 2 10
Got secblob of size 32
Got NTLMSSP neg_flags=0xe0088297
Transaction 3 of length 326
switch message SMBsesssetupX (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
wct=12 flg2=0xc807
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
Doing spnego session setup
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
Got user=[Administrator] domain=[STORM] workstation=[CYCLONE] len1=24 len2=24
get_dc_list: preferred server list: "CYCLONE, *"
rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM
Connecting to host=CYCLONE
Connecting to 192.168.110.3 at port 445
rpc_pipe_bind: Remote machine CYCLONE pipe \lsarpc fnum 0x4 bind request
returned ok.
lsa_io_sec_qos: length c does not match size 8
check_ntlm_password: Checking password for unmapped user
[STORM]\[Administrator]@[CYCLONE] with the new password interface
check_ntlm_password: mapped user is: [STORM]\[Administrator]@[CYCLONE]
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_dc_list: preferred server list: "CYCLONE, *"
rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM
Connecting to host=CYCLONE
Connecting to 192.168.110.3 at port 445
rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x3 bind request
returned ok.
rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x4 bind request
returned ok.
check_ntlm_password: Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
Transaction 4 of length 43
switch message SMBulogoffX (pid 5283) conn 0x0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
ulogoff, vuser id 100 does not map to user.
ulogoffX vuid=100
timeout_processing: End of file from client (client has disconnected).
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Yielding connection to
Server exit (normal exit)
I can not join the domain, from the information above what am i doing wrong?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Henrik Zagerholm
2007-Jan-02 07:47 UTC
[Samba] Samba version 3.0.23d-1 and joining a Windows Domain
Shouldn't security = DOMAIN be ADS instead? 1 jan 2007 kl. 20:29 skrev Bryan Jones:> All, > > I installed the new version of samba on my Redhat 9.0 server. I > have samba running on another Redhat 9.0 server and the version of > samba on that box is 3.0.21c-1 and this server has successfully > joined a W2K Domain. I am trying to migrate the data from the host > that works to the new host. > > Here are the steps that I have taken to try and join to the domain. > > 1. rpm -i -vv samba-3.0.23d-1.i386.rpm > 2. vi /etc/samba/smb.conf > > [global] > netbios name = snow > workgroup = STORM > server string = Samba Server > realm = STORM.THEBUC.COM > security = DOMAIN > winbind separator = + > idmap uid = 100000-200000 > idmap gid = 100000-200000 > winbind enum users = yes > winbind enum groups = yes > load printers = no > encrypt passwords = yes > dns proxy = no > log level = 10 > syslog = 0 > log file = /var/log/samba/%m > max log size = 500 > smb ports = 139 445 > name resolve order = hosts wins bcast > wins server = 192.168.110.3 > [software] > comment = Software > path = /d0/shares/software > read only = No > browseable = No > guest ok = No > [spreadsheets] > comment = Spreadsheets > path = /d0/shares/spreadsheets > read only = No > browseable = No > guest ok = No > [work] > comment = Data from Work > path = /d0/shares/work > read only = No > browseable = No > guest ok = No > > 3. vi /etc/hosts > 192.168.110.50 snow > 192.168.110.3 cyclone > > 4. testparm > SNOW# testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[software]" > Processing section "[spreadsheets]" > Processing section "[work]" > Loaded services file OK. > 'winbind separator = +' might cause problems with group membership. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > 5. /etc/init.d/smb start > 6. net rpc join -U Administrator -S cyclone > Password: XXXXXXXX > Joined domain STORM. > > 7. vi /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind > hosts: files dns wins > > 8. service smb stop > 9. nmbd ; smbd ; winbindd > > 10. wbinfo -u > Error looking up domain users > > 11. wbinfo -t > checking the trust secret via RPC calls succeeded > > 12. wbinfo --own-domain > STORM > > 13. net rpc info -U Administrator > Password: > Domain Name: STORM > Domain SID: S-1-5-21-2982344105-4110734383-1059044574 > Sequence number: 719 > Num users: 34 > Num domain groups: 0 > Num local groups: 10 > > 14. nmbd; smbd -i -d 3 > Maximum core file size limits now 16777216(soft) -1(hard) > get_current_groups: user is in 1 groups: 0 > smbd version 3.0.23d started. > Copyright Andrew Tridgell and the Samba Team 1992-2006 > uid=0 gid=0 euid=0 egid=0 > lp_load: refreshing parameters > Initialising global parameters > params.c:pm_process() - Processing configuration file "/etc/samba/ > smb.conf" > Processing section "[global]" > Processing section "[software]" > Processing section "[spreadsheets]" > Processing section "[work]" > adding IPC service > reloading printcap cache > reload status: ok > reloading printcap cache > reload status: ok > added interface ip=192.168.110.50 bcast=192.168.110.255 > nmask=255.255.255.0 > loaded services > Registered MSG_REQ_POOL_USAGE > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > get_privileges: No privileges assigned to SID [S-1-22-1-0] > get_privileges: No privileges assigned to SID [S-1-5-2] > get_privileges: No privileges assigned to SID [S-1-5-11] > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > get_privileges: No privileges assigned to SID [S-1-22-1-99] > get_privileges: No privileges assigned to SID [S-1-22-2-99] > get_privileges: No privileges assigned to SID [S-1-5-2] > get_privileges: No privileges assigned to SID [S-1-5-32-546] > waiting for a connection > > > 15. Windows host net view \\snow > > output from smbd -i -d 3 > > open_oplock_ipc: initializing messages. > Linux kernel oplocks enabled > Transaction 0 of length 72 > netbios connect: name1=SNOW name2=CYCLONE > netbios connect: local=snow remote=cyclone, name type = 0 > Transaction 1 of length 137 > switch message SMBnegprot (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > Requested protocol [PC NETWORK PROGRAM 1.0] > Requested protocol [LANMAN1.0] > Requested protocol [Windows for Workgroups 3.1a] > Requested protocol [LM1.2X002] > Requested protocol [LANMAN2.1] > Requested protocol [NT LM 0.12] > using SPNEGO > Selected protocol NT LM 0.12 > Transaction 2 of length 202 > switch message SMBsesssetupX (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > wct=12 flg2=0xc807 > setup_new_vc_session: New VC == 0, if NT4.x compatible we would > close all old resources. > Doing spnego session setup > NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] > PrimaryDomain=[] > Got OID 1 3 6 1 4 1 311 2 2 10 > Got secblob of size 32 > Got NTLMSSP neg_flags=0xe0088297 > Transaction 3 of length 326 > switch message SMBsesssetupX (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > wct=12 flg2=0xc807 > setup_new_vc_session: New VC == 0, if NT4.x compatible we would > close all old resources. > Doing spnego session setup > NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] > PrimaryDomain=[] > Got user=[Administrator] domain=[STORM] workstation=[CYCLONE] > len1=24 len2=24 > get_dc_list: preferred server list: "CYCLONE, *" > rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM > Connecting to host=CYCLONE > Connecting to 192.168.110.3 at port 445 > rpc_pipe_bind: Remote machine CYCLONE pipe \lsarpc fnum 0x4 bind > request returned ok. > lsa_io_sec_qos: length c does not match size 8 > check_ntlm_password: Checking password for unmapped user [STORM]\ > [Administrator]@[CYCLONE] with the new password interface > check_ntlm_password: mapped user is: [STORM]\[Administrator]@ > [CYCLONE] > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > get_dc_list: preferred server list: "CYCLONE, *" > rpc_dc_name: Returning DC CYCLONE (192.168.110.3) for domain STORM > Connecting to host=CYCLONE > Connecting to 192.168.110.3 at port 445 > rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x3 bind > request returned ok. > rpc_pipe_bind: Remote machine CYCLONE pipe \NETLOGON fnum 0x4 bind > request returned ok. > check_ntlm_password: Authentication for user [Administrator] -> > [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER > error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > Transaction 4 of length 43 > switch message SMBulogoffX (pid 5283) conn 0x0 > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > ulogoff, vuser id 100 does not map to user. > ulogoffX vuid=100 > timeout_processing: End of file from client (client has disconnected). > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > Yielding connection to > Server exit (normal exit) > > I can not join the domain, from the information above what am i > doing wrong? > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Rashid N. Achilov
2007-Jan-10 09:06 UTC
[Samba] Samba version 3.0.23d-1 and joining a Windows Domain
On Tuesday 02 January 2007 01:29, Bryan Jones wrote:> All, > > I installed the new version of samba on my Redhat 9.0 server. I have sambarunning on another Redhat 9.0 server and the version of samba on that box is 3.0.21c-1 and this server has successfully joined a W2K Domain. I am trying to migrate the data from the host that works to the new host. You need really security = DOMAIN (not ADS)? That is mean you select NT-style auth (pre-Windows 2000, didn't use Kerberos). 1. Had you have started winbind? 2. wbinfo -p? 3.In DC appeared your server object? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO "ACK" telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A