Christian Geiger
2009-Nov-09 10:33 UTC
[Samba] Windows XP joining Samba 3 PDC: SAM Response - user unknown
Hi all, I encounter a problem trying to join a Samba 3 domain with a Windows XP client. Checking the network traffic with Wireshark I can see that the client sends a logon request with an empty username and the samba server replies with "user unknown". This behaviour is the same no matter whether I try to join the domain via system properties or the netdom join command. I can find nothing related to processing the request in the samba logfiles except that nmbd says "processing delayed initial logon reply for client". Neither smbd nor winbindd make any log statements at all while trying to join the domain - even in loglevel 5. And also the ldap-server doesn't seem to be consulted. What's going wrong? What am I missing? Do you have an idea? Thx a lot Chris root at domain-controller:/var/log/samba# testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[netlogon]" Processing section "[printers]" Processing section "[print$]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = LOHRMANN.DE passdb backend = ldapsam log level = 5 logon drive = H: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=samba,dc=lohrmann,dc=de ldap group suffix = ou=groups ldap idmap suffix = ou=idmaps ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=lohrmann,dc=de ldap ssl = no ldap user suffix = ou=users idmap backend = ldap idmap alloc backend = ldap idmap uid = 10000-20000 idmap gid = 10000-20000 ldapsam:editposix = yes ldapsam:trusted = yes idmap alloc config:ldap_url = ldap://ldap.lohrmann.de idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de [homes] comment = Users Home Directories valid users = %S read only = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers root at domain-controller:/var/log/samba# SAM LOGON request from client: 0000 42 49 31 69 06 7a 08 00 27 2f 56 2d 08 00 45 00 BI1i.z..'/V-..E. 0010 00 4e 33 6f 00 00 80 11 19 20 c0 a8 b6 bb c0 a8 .N3o..... ...... 0020 b6 03 cf 69 00 35 00 3a 2e 48 8e af 01 00 00 01 ...i.5.:.H...... 0030 00 00 00 00 00 00 05 5f 6c 64 61 70 04 5f 74 63 ......._ldap._tc 0040 70 02 64 63 06 5f 6d 73 64 63 73 08 6c 6f 68 72 p.dc._msdcs.lohr 0050 6d 61 6e 6e 02 64 65 00 00 21 00 01 mann.de..!.. SAM Response - user unknown: 0000 08 00 27 2f 56 2d 42 49 31 69 06 7a 08 00 45 00 ..'/V-BI1i.z..E. 0010 01 16 00 00 40 00 40 11 4b c7 c0 a8 b6 03 c0 a8 .... at .@.K....... 0020 b6 bb 00 8a 00 8a 01 02 61 8a 10 0a 68 3a c0 a8 ........a...h:.. 0030 b6 03 00 8a 00 ec 00 00 20 45 45 45 50 45 4e 45 ........ EEEPENE 0040 42 45 4a 45 4f 43 4e 45 44 45 50 45 4f 46 45 46 BEJEOCNEDEPEOFEF 0050 43 45 50 45 4d 45 4d 41 41 00 20 45 46 45 4e 45 CEPEMEMAA. EFENE 0060 44 45 50 43 4e 46 45 45 46 46 44 46 45 43 41 43 DEPCNFEEFFDFECAC 0070 41 43 41 43 41 43 41 43 41 41 41 00 ff 53 4d 42 ACACACACAAA..SMB 0080 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %............... 0090 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 4c ...............L 00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00b0 00 00 00 4c 00 5c 00 03 00 01 00 01 00 02 00 63 ...L.\.........c 00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 47 .\MAILSLOT\NET\G 00d0 45 54 44 43 37 35 38 00 15 00 5c 00 5c 00 44 00 ETDC758...\.\.D. 00e0 4f 00 4d 00 41 00 49 00 4e 00 2d 00 43 00 4f 00 O.M.A.I.N.-.C.O. 00f0 4e 00 54 00 52 00 4f 00 4c 00 4c 00 45 00 52 00 N.T.R.O.L.L.E.R. 0100 00 00 00 00 4c 00 4f 00 48 00 52 00 4d 00 41 00 ....L.O.H.R.M.A. 0110 4e 00 4e 00 2e 00 44 00 45 00 00 00 01 00 00 00 N.N...D.E....... 0120 ff ff ff ff ....
Christian Geiger
2009-Nov-09 16:21 UTC
[Samba] Windows XP joining Samba 3 PDC: SAM Response - user unknown
OK - fixed that one. The problem was a too long netbios name. Adding the following line to the smb.conf fixed the problem: netbios name = dc Seems Windows only sends the machine name within its logon request if the netbios name of the domain controller does not exceed a specific length (16 chars?). I got another problem now. I will open a new thread therefore. Am 09.11.2009 11:33, schrieb Christian Geiger:> Hi all, > > I encounter a problem trying to join a Samba 3 domain with a Windows XP > client. Checking the network traffic with Wireshark I can see that the > client sends a logon request with an empty username and the samba server > replies with "user unknown". This behaviour is the same no matter > whether I try to join the domain via system properties or the netdom > join command. > > I can find nothing related to processing the request in the samba > logfiles except that nmbd says "processing delayed initial logon reply > for client". Neither smbd nor winbindd make any log statements at all > while trying to join the domain - even in loglevel 5. And also the > ldap-server doesn't seem to be consulted. > > What's going wrong? What am I missing? Do you have an idea? > > Thx a lot > Chris > > > root at domain-controller:/var/log/samba# testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[netlogon]" > Processing section "[printers]" > Processing section "[print$]" > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > Press enter to see a dump of your service definitions > > [global] > workgroup = LOHRMANN.DE > passdb backend = ldapsam > log level = 5 > logon drive = H: > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > wins support = Yes > ldap admin dn = cn=samba,dc=lohrmann,dc=de > ldap group suffix = ou=groups > ldap idmap suffix = ou=idmaps > ldap machine suffix = ou=machines > ldap passwd sync = yes > ldap suffix = dc=lohrmann,dc=de > ldap ssl = no > ldap user suffix = ou=users > idmap backend = ldap > idmap alloc backend = ldap > idmap uid = 10000-20000 > idmap gid = 10000-20000 > ldapsam:editposix = yes > ldapsam:trusted = yes > idmap alloc config:ldap_url = ldap://ldap.lohrmann.de > idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de > idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de > > [homes] > comment = Users Home Directories > valid users = %S > read only = No > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0700 > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > root at domain-controller:/var/log/samba# > > SAM LOGON request from client: > > 0000 42 49 31 69 06 7a 08 00 27 2f 56 2d 08 00 45 00 BI1i.z..'/V-..E. > 0010 00 4e 33 6f 00 00 80 11 19 20 c0 a8 b6 bb c0 a8 .N3o..... ...... > 0020 b6 03 cf 69 00 35 00 3a 2e 48 8e af 01 00 00 01 ...i.5.:.H...... > 0030 00 00 00 00 00 00 05 5f 6c 64 61 70 04 5f 74 63 ......._ldap._tc > 0040 70 02 64 63 06 5f 6d 73 64 63 73 08 6c 6f 68 72 p.dc._msdcs.lohr > 0050 6d 61 6e 6e 02 64 65 00 00 21 00 01 mann.de..!.. > > SAM Response - user unknown: > > 0000 08 00 27 2f 56 2d 42 49 31 69 06 7a 08 00 45 00 ..'/V-BI1i.z..E. > 0010 01 16 00 00 40 00 40 11 4b c7 c0 a8 b6 03 c0 a8 .... at .@.K....... > 0020 b6 bb 00 8a 00 8a 01 02 61 8a 10 0a 68 3a c0 a8 ........a...h:.. > 0030 b6 03 00 8a 00 ec 00 00 20 45 45 45 50 45 4e 45 ........ EEEPENE > 0040 42 45 4a 45 4f 43 4e 45 44 45 50 45 4f 46 45 46 BEJEOCNEDEPEOFEF > 0050 43 45 50 45 4d 45 4d 41 41 00 20 45 46 45 4e 45 CEPEMEMAA. EFENE > 0060 44 45 50 43 4e 46 45 45 46 46 44 46 45 43 41 43 DEPCNFEEFFDFECAC > 0070 41 43 41 43 41 43 41 43 41 41 41 00 ff 53 4d 42 ACACACACAAA..SMB > 0080 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %............... > 0090 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 4c ...............L > 00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00b0 00 00 00 4c 00 5c 00 03 00 01 00 01 00 02 00 63 ...L.\.........c > 00c0 00 5c 4d 41 49 4c 53 4c 4f 54 5c 4e 45 54 5c 47 .\MAILSLOT\NET\G > 00d0 45 54 44 43 37 35 38 00 15 00 5c 00 5c 00 44 00 ETDC758...\.\.D. > 00e0 4f 00 4d 00 41 00 49 00 4e 00 2d 00 43 00 4f 00 O.M.A.I.N.-.C.O. > 00f0 4e 00 54 00 52 00 4f 00 4c 00 4c 00 45 00 52 00 N.T.R.O.L.L.E.R. > 0100 00 00 00 00 4c 00 4f 00 48 00 52 00 4d 00 41 00 ....L.O.H.R.M.A. > 0110 4e 00 4e 00 2e 00 44 00 45 00 00 00 01 00 00 00 N.N...D.E....... > 0120 ff ff ff ff ....
Possibly Parallel Threads
- Error connecting WinXP client to Samba PDC: DNS name does not exist / RCODE_NAME_ERROR
- Samba & LDAP: "Unable to allocate a new user id: bailing out!"
- Joining Windows XP client to Samba 3 domain: Access denied
- Failure of user registration with XLITE
- 3.0.1rc2 LDAP - problems joining domain