samba - Nov 2009 - Windows XP joining Samba 3 PDC: SAM Response - user unknown

Hi all,

I encounter a problem trying to join a Samba 3 domain with a Windows XP 
client. Checking the network traffic with Wireshark I can see that the 
client sends a logon request with an empty username and the samba server 
replies with "user unknown". This behaviour is the same no matter 
whether I try to join the domain via system properties or the netdom 
join command.

I can find nothing related to processing the request in the samba 
logfiles except that nmbd says "processing delayed initial logon reply 
for client". Neither smbd nor winbindd make any log statements at all 
while trying to join the domain - even in loglevel 5. And also the 
ldap-server doesn't seem to be consulted.

What's going wrong? What am I missing? Do you have an idea?

Thx a lot
Chris


root at domain-controller:/var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
         workgroup = LOHRMANN.DE
         passdb backend = ldapsam
         log level = 5
         logon drive = H:
         domain logons = Yes
         os level = 65
         preferred master = Yes
         domain master = Yes
         wins support = Yes
         ldap admin dn = cn=samba,dc=lohrmann,dc=de
         ldap group suffix = ou=groups
         ldap idmap suffix = ou=idmaps
         ldap machine suffix = ou=machines
         ldap passwd sync = yes
         ldap suffix = dc=lohrmann,dc=de
         ldap ssl = no
         ldap user suffix = ou=users
         idmap backend = ldap
         idmap alloc backend = ldap
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         ldapsam:editposix = yes
         ldapsam:trusted = yes
         idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
         idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
         idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de

[homes]
         comment = Users Home Directories
         valid users = %S
         read only = No

[netlogon]
         comment = Network Logon Service
         path = /var/lib/samba/netlogon

[printers]
         comment = All Printers
         path = /var/spool/samba
         create mask = 0700
         printable = Yes
         browseable = No

[print$]
         comment = Printer Drivers
         path = /var/lib/samba/printers
root at domain-controller:/var/log/samba#

SAM LOGON request from client:

0000   42 49 31 69 06 7a 08 00 27 2f 56 2d 08 00 45 00  BI1i.z..'/V-..E.
0010   00 4e 33 6f 00 00 80 11 19 20 c0 a8 b6 bb c0 a8  .N3o..... ......
0020   b6 03 cf 69 00 35 00 3a 2e 48 8e af 01 00 00 01  ...i.5.:.H......
0030   00 00 00 00 00 00 05 5f 6c 64 61 70 04 5f 74 63  ......._ldap._tc
0040   70 02 64 63 06 5f 6d 73 64 63 73 08 6c 6f 68 72  p.dc._msdcs.lohr
0050   6d 61 6e 6e 02 64 65 00 00 21 00 01              mann.de..!..

SAM Response - user unknown:

0000   08 00 27 2f 56 2d 42 49 31 69 06 7a 08 00 45 00  ..'/V-BI1i.z..E.
0010   01 16 00 00 40 00 40 11 4b c7 c0 a8 b6 03 c0 a8  .... at .@.K.......
0020   b6 bb 00 8a 00 8a 01 02 61 8a 10 0a 68 3a c0 a8  ........a...h:..
0030   b6 03 00 8a 00 ec 00 00 20 45 45 45 50 45 4e 45  ........ EEEPENE
0040   42 45 4a 45 4f 43 4e 45 44 45 50 45 4f 46 45 46  BEJEOCNEDEPEOFEF
0050   43 45 50 45 4d 45 4d 41 41 00 20 45 46 45 4e 45  CEPEMEMAA. EFENE
0060   44 45 50 43 4e 46 45 45 46 46 44 46 45 43 41 43  DEPCNFEEFFDFECAC
0070   41 43 41 43 41 43 41 43 41 41 41 00 ff 53 4d 42  ACACACACAAA..SMB
0080   25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  %...............
0090   00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 4c  ...............L
00a0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00b0   00 00 00 4c 00 5c 00 03 00 01 00 01 00 02 00 63  ...L.\.........c
00c0   00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 47  .\MAILSLOT\NET\G
00d0   45 54 44 43 37 35 38 00 15 00 5c 00 5c 00 44 00  ETDC758...\.\.D.
00e0   4f 00 4d 00 41 00 49 00 4e 00 2d 00 43 00 4f 00  O.M.A.I.N.-.C.O.
00f0   4e 00 54 00 52 00 4f 00 4c 00 4c 00 45 00 52 00  N.T.R.O.L.L.E.R.
0100   00 00 00 00 4c 00 4f 00 48 00 52 00 4d 00 41 00  ....L.O.H.R.M.A.
0110   4e 00 4e 00 2e 00 44 00 45 00 00 00 01 00 00 00  N.N...D.E.......
0120   ff ff ff ff                                      ....

OK - fixed that one. The problem was a too long netbios name. Adding the 
following line to the smb.conf fixed the problem:

netbios name = dc

Seems Windows only sends the machine name within its logon request if 
the netbios name of the domain controller does not exceed a specific 
length (16 chars?).

I got another problem now. I will open a new thread therefore.


Am 09.11.2009 11:33, schrieb Christian Geiger:
> Hi all,
>
> I encounter a problem trying to join a Samba 3 domain with a Windows XP
> client. Checking the network traffic with Wireshark I can see that the
> client sends a logon request with an empty username and the samba server
> replies with "user unknown". This behaviour is the same no matter
> whether I try to join the domain via system properties or the netdom
> join command.
>
> I can find nothing related to processing the request in the samba
> logfiles except that nmbd says "processing delayed initial logon reply
> for client". Neither smbd nor winbindd make any log statements at all
> while trying to join the domain - even in loglevel 5. And also the
> ldap-server doesn't seem to be consulted.
>
> What's going wrong? What am I missing? Do you have an idea?
>
> Thx a lot
> Chris
>
>
> root at domain-controller:/var/log/samba# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[netlogon]"
> Processing section "[printers]"
> Processing section "[print$]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> [global]
> workgroup = LOHRMANN.DE
> passdb backend = ldapsam
> log level = 5
> logon drive = H:
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> ldap admin dn = cn=samba,dc=lohrmann,dc=de
> ldap group suffix = ou=groups
> ldap idmap suffix = ou=idmaps
> ldap machine suffix = ou=machines
> ldap passwd sync = yes
> ldap suffix = dc=lohrmann,dc=de
> ldap ssl = no
> ldap user suffix = ou=users
> idmap backend = ldap
> idmap alloc backend = ldap
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> ldapsam:editposix = yes
> ldapsam:trusted = yes
> idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
> idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
> idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
>
> [homes]
> comment = Users Home Directories
> valid users = %S
> read only = No
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> create mask = 0700
> printable = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> root at domain-controller:/var/log/samba#
>
> SAM LOGON request from client:
>
> 0000 42 49 31 69 06 7a 08 00 27 2f 56 2d 08 00 45 00 BI1i.z..'/V-..E.
> 0010 00 4e 33 6f 00 00 80 11 19 20 c0 a8 b6 bb c0 a8 .N3o..... ......
> 0020 b6 03 cf 69 00 35 00 3a 2e 48 8e af 01 00 00 01 ...i.5.:.H......
> 0030 00 00 00 00 00 00 05 5f 6c 64 61 70 04 5f 74 63 ......._ldap._tc
> 0040 70 02 64 63 06 5f 6d 73 64 63 73 08 6c 6f 68 72 p.dc._msdcs.lohr
> 0050 6d 61 6e 6e 02 64 65 00 00 21 00 01 mann.de..!..
>
> SAM Response - user unknown:
>
> 0000 08 00 27 2f 56 2d 42 49 31 69 06 7a 08 00 45 00 ..'/V-BI1i.z..E.
> 0010 01 16 00 00 40 00 40 11 4b c7 c0 a8 b6 03 c0 a8 .... at .@.K.......
> 0020 b6 bb 00 8a 00 8a 01 02 61 8a 10 0a 68 3a c0 a8 ........a...h:..
> 0030 b6 03 00 8a 00 ec 00 00 20 45 45 45 50 45 4e 45 ........ EEEPENE
> 0040 42 45 4a 45 4f 43 4e 45 44 45 50 45 4f 46 45 46 BEJEOCNEDEPEOFEF
> 0050 43 45 50 45 4d 45 4d 41 41 00 20 45 46 45 4e 45 CEPEMEMAA. EFENE
> 0060 44 45 50 43 4e 46 45 45 46 46 44 46 45 43 41 43 DEPCNFEEFFDFECAC
> 0070 41 43 41 43 41 43 41 43 41 41 41 00 ff 53 4d 42 ACACACACAAA..SMB
> 0080 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %...............
> 0090 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 4c ...............L
> 00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00b0 00 00 00 4c 00 5c 00 03 00 01 00 01 00 02 00 63 ...L.\.........c
> 00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 47 .\MAILSLOT\NET\G
> 00d0 45 54 44 43 37 35 38 00 15 00 5c 00 5c 00 44 00 ETDC758...\.\.D.
> 00e0 4f 00 4d 00 41 00 49 00 4e 00 2d 00 43 00 4f 00 O.M.A.I.N.-.C.O.
> 00f0 4e 00 54 00 52 00 4f 00 4c 00 4c 00 45 00 52 00 N.T.R.O.L.L.E.R.
> 0100 00 00 00 00 4c 00 4f 00 48 00 52 00 4d 00 41 00 ....L.O.H.R.M.A.
> 0110 4e 00 4e 00 2e 00 44 00 45 00 00 00 01 00 00 00 N.N...D.E.......
> 0120 ff ff ff ff ....