Chrisopher R Davis
2012-Apr-14 23:31 UTC
[Samba] NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE with Server 2008R2
I am having problems implementing Samba using security=domain against a
Windows 2008R2 server.
I have been able to successfully join the domain via a net rpc join.
Anytime I try to access a share through smbclient I get a
NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE but nothing in the logs (on
either side) seems to be giving me any leads on where to look. The
system is locked down to allow NTLv2 ONLY.
The 2008R2 server is running with a number of additional security
lock-downs and it is somewhat likely one or more of those may be the
culprit but I'm hoping someone might have an idea of a specific place to
start looking.
Any help would be much appreciated - I can dig up more logs if needed.
I have included my smb.conf, the output from a a net rpg testjoin and
output from my test run of smbclient
#########################################################################################################
My smb.conf:
[global]
workgroup = MYDOMAIN
netbios name = myserver
security = domain
password server = dc1
server string = Samba (%v) domain (%h)
username map = /cm-views/samba.server/lib/users.map
log level = 10
log file = /cm-views/samba.server/logs/log.%m
lock dir = /cm-views/samba.server/locks
private dir = /cm-views/samba.server/private
client use spnego = yes
client ntlmv2 auth = yes
client signing = yes
server signing = yes
client ldap sasl wrapping = seal
client schannel = yes
server schannel = yes
encrypt passwords = yes
[test]
comment = Monitor Directory for Sun Cluster
path = /cm-views/samba.server/logs
guest ok = Yes
#########################################################################################################
[root at cc1 /cm-views/samba.server/logs ]# net rpc testjoin -s ../lib/smb.conf
Join to 'MYDOMAIN' is OK
#########################################################################################################
[root at cc1 /cm-views/samba.server/logs ]# smbclient -L myserver -U
cdavis15 -s ../lib/smb.conf -d10
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file
"../lib/smb.conf"
Processing section "[global]"
doing parameter workgroup = MYDOMAIN
doing parameter netbios name = myserver
handle_netbios_name: set global_myname to: myserver
doing parameter security = domain
doing parameter password server = dc1
doing parameter server string = Samba (%v) domain (%h)
doing parameter username map = /cm-views/samba.server/lib/users.map
doing parameter log level = 10
doing parameter log file = /cm-views/samba.server/logs/log.%m
doing parameter lock dir = /cm-views/samba.server/locks
doing parameter private dir = /cm-views/samba.server/private
doing parameter client use spnego = yes
doing parameter client ntlmv2 auth = yes
doing parameter client signing = yes
doing parameter server signing = yes
doing parameter client ldap sasl wrapping = seal
doing parameter client schannel = yes
doing parameter server schannel = yes
doing parameter encrypt passwords = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_MEMBER
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
added interface bge1 ip=172.16.0.130 bcast=172.16.0.255
netmask=255.255.255.128
added interface bge3 ip=172.16.1.2 bcast=172.16.1.127
netmask=255.255.255.128
added interface clprivnet0 ip=172.16.4.2 bcast=172.16.5.255
netmask=255.255.254.0
added interface bge0 ip=10.10.10.43 bcast=10.10.10.255 netmask=255.255.255.0
added interface bge0:2 ip=10.10.10.60 bcast=10.10.10.255
netmask=255.255.255.0
added interface bge0:4 ip=10.10.10.61 bcast=10.10.10.255
netmask=255.255.255.0
added interface bge0:3 ip=10.10.10.62 bcast=10.10.10.255
netmask=255.255.255.0
add_interface: not adding duplicate interface 0.0.0.0
Netbios name list:-
my_netbios_names[0]="myserver"
Client started (version 3.5.8).
Enter cdavis15's password:
Opening cache file at /cm-views/samba.server/locks/gencache.tdb
Opening cache file at /cm-views/samba.server/locks/gencache_notrans.tdb
Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
sitename_fetch: No stored sitename for
internal_resolve_name: looking up myserver#20 (sitename (null))
Cache entry with key = NBT/myserver#20 couldn't be found
no entry for myserver#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name myserver<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
resolve_wins: Attempting wins lookup for name myserver<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name myserver<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for myserver#20: 10.10.10.62
Adding cache entry with key = NBT/myserver#20 and timeout = Fri Apr 13
17:34:17 2012
(660 seconds ahead)
internal_resolve_name: returning 1 addresses: 10.10.10.62:0
Running timed event "tevent_req_timedout" 7b11d0
Connecting to 10.10.10.62 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 49152
SO_RCVBUF = 49152
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
session request ok
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
&negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0007 (7)
DomainNameMaxLen : 0x0007 (7)
DomainName : *
DomainName : 'MYDOMAIN'
WorkstationLen : 0x000f (15)
WorkstationMaxLen : 0x000f (15)
Workstation : *
Workstation : 'myserver'
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
write_socket(6,174)
write_socket(6,174) wrote 174
got smb length of 256
size=256
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 163 (0xA3)
smb_bcc=213
[0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ?. 0.. . ...?...+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7.. .......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0
[0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y ..,.d...
[0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F .F.>...S
[0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T .R.E....
[0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C .T.R.E..
[0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S .-.C.C.-
[0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V .I.E.W.S
[0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........ .c.c.1..
[00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i .x...S.a
[00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a. .3...5..
[00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P .E.C.T.R
[00D0] 00 45 00 00 00 .E...
size=256
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 163 (0xA3)
smb_bcc=213
[0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ?. 0.. . ...?...+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7.. .......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0
[0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y ..,.d...
[0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F .F.>...S
[0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T .R.E....
[0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C .T.R.E..
[0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S .-.C.C.-
[0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V .I.E.W.S
[0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........ .c.c.1..
[00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i .x...S.a
[00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a. .3...5..
[00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P .E.C.T.R
[00D0] 00 45 00 00 00 .E...
&challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x000e (14)
TargetNameMaxLen : 0x000e (14)
TargetName : *
TargetName : 'MYDOMAIN'
NegotiateFlags : 0x60898215 (1619624469)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : 790cb42ca364a6ad
Reserved : 0000000000000000
TargetInfoLen : 0x0046 (70)
TargetNameInfoMaxLen : 0x0046 (70)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName (0x2)
AvLen : 0x000e (14)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'MYDOMAIN'
pair: struct AV_PAIR
AvId : MsvAvNbComputerName
(0x1)
AvLen : 0x001e (30)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'myserver'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName (0x4)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : ''
pair: struct AV_PAIR
AvId : MsvAvDnsComputerName
(0x3)
AvLen : 0x0006 (6)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'cc1'
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
&authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
v1: struct LM_RESPONSE
Response :
078e894cc35e1708df68607b51c47cd6fc4cd6febd7d4ca4
NtChallengeResponseLen : 0x0072 (114)
NtChallengeResponseMaxLen: 0x0072 (114)
NtChallengeResponse : *
NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case
114)
v2: struct NTLMv2_RESPONSE
Response : ff564e232df73299417995e0973dd4e3
Challenge: struct NTLMv2_CLIENT_CHALLENGE
RespType : 0x01 (1)
HiRespType : 0x01 (1)
Reserved1 : 0x0000 (0)
Reserved2 : 0x00000000 (0)
TimeStamp : April 13, 2012 05:23:17
PM GMT GMT
ChallengeFromClient : 7cc0c9cc205d2ce2
Reserved3 : 0x00000000 (0)
AvPairs: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId :
MsvAvNbDomainName (0x2)
AvLen : 0x000e (14)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'MYDOMAIN'
pair: struct AV_PAIR
AvId :
MsvAvNbComputerName (0x1)
AvLen : 0x001e (30)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'myserver'
pair: struct AV_PAIR
AvId :
MsvAvDnsDomainName (0x4)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : ''
pair: struct AV_PAIR
AvId :
MsvAvDnsComputerName (0x3)
AvLen : 0x0006 (6)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'cc1'
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
DomainNameLen : 0x000e (14)
DomainNameMaxLen : 0x000e (14)
DomainName : *
DomainName : 'MYDOMAIN'
UserNameLen : 0x0010 (16)
UserNameMaxLen : 0x0010 (16)
UserName : *
UserName : 'cdavis15'
WorkstationLen : 0x001e (30)
WorkstationMaxLen : 0x001e (30)
Workstation : *
Workstation : 'myserver'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[0000] 7F 69 AF 9D 61 58 E0 8F FB 4B BF 94 3B B4 B9 EE .i..aX?. ?K?.;..?
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
write_socket(6,380)
write_socket(6,380) wrote 380
got smb length of 35
size=35
smb_com=0x73
smb_rcls=141
smb_reh=1
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
size=35
smb_com=0x73
smb_rcls=141
smb_reh=1
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
SPNEGO login failed: Trust relationship failure
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
Oliver R.
2012-Apr-15 10:28 UTC
[Samba] NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE with Server 2008R2
Same thing here...
SPNEGO login failed: Trust relationship failure
As already reported in an earlier post ...
Only difference is "security = ads" instead of "domain". So
my Linux
system (POSBIS) is an AD member and shares some directories
on the Linux Box. Samba Version is 3.6.x. The DNS configuration is
correct and joining the AD works fine. The exact same configuration worked
on an earlier samba version against the same Windows 2008 R2 domain
controller. Something must have changed in later versions of SAMBA
breaking the Trust Releationship.
Can anybody in short list all group policies needed on Windows Server
2008 R2 side an all smb.conf settings on the SAMBA client side to get
this constellation to workwith SAMBA 3.6.x (maybe 3.5.x as well).
I really have no idea why it is not working anymore...
Regards,
Oliver
-------------------
[root at posbis ~]# net ads testjoin
Join is OK
[root at posbis ~]#
smbclient -L POSBIS -U rhodan -d10 -s /etc/samba/smb.conf
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = SOLAR-IMPERIUM
doing parameter server string = Samba Server Version %v
doing parameter netbios name = POSBIS
handle_netbios_name: set global_myname to: POSBIS
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter include = /user1/config/samba/ads.conf
params.c:pm_process() - Processing configuration file
"/user1/config/samba/ads.conf"
doing parameter security = ads
doing parameter passdb backend = tdbsam
doing parameter realm = SOLAR-IMPERIUM.COM
doing parameter username map = /etc/samba/smbusers
doing parameter encrypt passwords = yes
doing parameter client ntlmv2 auth = no
doing parameter send spnego principal = no
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_MEMBER
Substituting charset 'UTF-8' for LOCALE
added interface em1 ip=fe80::20c:76ff:fe24:eefa%em1
bcast=fe80::ffff:ffff:ffff:ffff%em1 netmask=ffff:ffff:ffff:ffff::
added interface em1 ip=192.168.1.3 bcast=192.168.1.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="POSBIS"
Client started (version 3.6.3-78.fc16).
Opening cache file at /var/lib/samba/gencache.tdb
Opening cache file at /var/lib/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for SOLAR-IMPERIUM.COM:
"Solar-System"
internal_resolve_name: looking up POSBIS#20 (sitename Solar-System)
name POSBIS#20 found.
Running timed event "tevent_req_timedout" 0x21b636a8
Connecting to ::1 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 170640
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
session request ok
Substituting charset 'UTF-8' for LOCALE
Doing spnego session setup (blob length=112)
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.48018.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
convert_string_internal: Conversion error: Illegal multibyte sequence()
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x000e (14)
DomainNameMaxLen : 0x000e (14)
DomainName : *
DomainName : 'SOLAR-IMPERIUM'
WorkstationLen : 0x0006 (6)
WorkstationMaxLen : 0x0006 (6)
Workstation : *
Workstation : 'POSBIS'
challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x001c (28)
TargetNameMaxLen : 0x001c (28)
TargetName : *
TargetName : 'SOLAR-IMPERIUM'
NegotiateFlags : 0x60898215 (1619624469)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : b4184a42ca05636e
Reserved : 0000000000000000
TargetInfoLen : 0x0076 (118)
TargetNameInfoMaxLen : 0x0076 (118)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName (0x2)
AvLen : 0x001c (28)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'SOLAR-IMPERIUM'
pair: struct AV_PAIR
AvId : MsvAvNbComputerName
(0x1)
AvLen : 0x000c (12)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'POSBIS'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName (0x4)
AvLen : 0x0016 (22)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : 'rehmann.org'
pair: struct AV_PAIR
AvId : MsvAvDnsComputerName
(0x3)
AvLen : 0x0024 (36)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'posbis.rehmann.org'
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 06 23 36 F2 42 36 42 9E .#6.B6B.
authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
v1: struct LM_RESPONSE
Response :
9a7094be3dc810ca00000000000000000000000000000000
NtChallengeResponseLen : 0x0018 (24)
NtChallengeResponseMaxLen: 0x0018 (24)
NtChallengeResponse : *
NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 24)
v1: struct NTLM_RESPONSE
Response :
cc27c54ccb09bfa7bf80c69fde723b4f218769db65228e49
DomainNameLen : 0x001c (28)
DomainNameMaxLen : 0x001c (28)
DomainName : *
DomainName : 'SOLAR-IMPERIUM'
UserNameLen : 0x000c (12)
UserNameMaxLen : 0x000c (12)
UserName : *
UserName : 'rhodan'
WorkstationLen : 0x000c (12)
WorkstationMaxLen : 0x000c (12)
Workstation : *
Workstation : 'POSBIS'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[0000] 26 63 57 46 C3 10 E5 D8 22 66 65 69 36 36 D9 43 &cWF....
"fei66.C
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Trust relationship failure
lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
On 15.04.2012 01:31, Chrisopher R Davis wrote:> I am having problems implementing Samba using security=domain against
> a Windows 2008R2 server.
>
> I have been able to successfully join the domain via a net rpc join.
> Anytime I try to access a share through smbclient I get a
> NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE but nothing in the logs (on
> either side) seems to be giving me any leads on where to look. The
> system is locked down to allow NTLv2 ONLY.
>
> The 2008R2 server is running with a number of additional security
> lock-downs and it is somewhat likely one or more of those may be the
> culprit but I'm hoping someone might have an idea of a specific place
> to start looking.
>
>
> Any help would be much appreciated - I can dig up more logs if needed.
>
>
>
> I have included my smb.conf, the output from a a net rpg testjoin and
> output from my test run of smbclient
>
>
#########################################################################################################
>
>
> My smb.conf:
>
>
> [global]
> workgroup = MYDOMAIN
> netbios name = myserver
> security = domain
> password server = dc1
> server string = Samba (%v) domain (%h)
> username map = /cm-views/samba.server/lib/users.map
> log level = 10
> log file = /cm-views/samba.server/logs/log.%m
> lock dir = /cm-views/samba.server/locks
> private dir = /cm-views/samba.server/private
> client use spnego = yes
> client ntlmv2 auth = yes
> client signing = yes
> server signing = yes
> client ldap sasl wrapping = seal
> client schannel = yes
> server schannel = yes
> encrypt passwords = yes
>
>
>
> [test]
> comment = Monitor Directory for Sun Cluster
> path = /cm-views/samba.server/logs
> guest ok = Yes
>
>
#########################################################################################################
>
>
>
>
>
>
> [root at cc1 /cm-views/samba.server/logs ]# net rpc testjoin -s
> ../lib/smb.conf
> Join to 'MYDOMAIN' is OK
>
>
>
>
#########################################################################################################
>
>
>
>
> [root at cc1 /cm-views/samba.server/logs ]# smbclient -L myserver -U
> cdavis15 -s ../lib/smb.conf -d10
> INFO: Current debug levels:
> all: True/10
> tdb: False/0
> printdrivers: False/0
> lanman: False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv: False/0
> rpc_cli: False/0
> passdb: False/0
> sam: False/0
> auth: False/0
> winbind: False/0
> vfs: False/0
> idmap: False/0
> quota: False/0
> acls: False/0
> locking: False/0
> msdfs: False/0
> dmapi: False/0
> registry: False/0
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file
"../lib/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = MYDOMAIN
> doing parameter netbios name = myserver
> handle_netbios_name: set global_myname to: myserver
> doing parameter security = domain
> doing parameter password server = dc1
> doing parameter server string = Samba (%v) domain (%h)
> doing parameter username map = /cm-views/samba.server/lib/users.map
> doing parameter log level = 10
> doing parameter log file = /cm-views/samba.server/logs/log.%m
> doing parameter lock dir = /cm-views/samba.server/locks
> doing parameter private dir = /cm-views/samba.server/private
> doing parameter client use spnego = yes
> doing parameter client ntlmv2 auth = yes
> doing parameter client signing = yes
> doing parameter server signing = yes
> doing parameter client ldap sasl wrapping = seal
> doing parameter client schannel = yes
> doing parameter server schannel = yes
> doing parameter encrypt passwords = yes
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> set_server_role: role = ROLE_DOMAIN_MEMBER
> Attempting to register new charset UCS-2LE
> Registered charset UCS-2LE
> Attempting to register new charset UTF-16LE
> Registered charset UTF-16LE
> Attempting to register new charset UCS-2BE
> Registered charset UCS-2BE
> Attempting to register new charset UTF-16BE
> Registered charset UTF-16BE
> Attempting to register new charset UTF8
> Registered charset UTF8
> Attempting to register new charset UTF-8
> Registered charset UTF-8
> Attempting to register new charset ASCII
> Registered charset ASCII
> Attempting to register new charset 646
> Registered charset 646
> Attempting to register new charset ISO-8859-1
> Registered charset ISO-8859-1
> Attempting to register new charset UCS2-HEX
> Registered charset UCS2-HEX
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> added interface bge1 ip=172.16.0.130 bcast=172.16.0.255
> netmask=255.255.255.128
> added interface bge3 ip=172.16.1.2 bcast=172.16.1.127
> netmask=255.255.255.128
> added interface clprivnet0 ip=172.16.4.2 bcast=172.16.5.255
> netmask=255.255.254.0
> added interface bge0 ip=10.10.10.43 bcast=10.10.10.255
> netmask=255.255.255.0
> added interface bge0:2 ip=10.10.10.60 bcast=10.10.10.255
> netmask=255.255.255.0
> added interface bge0:4 ip=10.10.10.61 bcast=10.10.10.255
> netmask=255.255.255.0
> added interface bge0:3 ip=10.10.10.62 bcast=10.10.10.255
> netmask=255.255.255.0
> add_interface: not adding duplicate interface 0.0.0.0
> Netbios name list:-
> my_netbios_names[0]="myserver"
> Client started (version 3.5.8).
> Enter cdavis15's password:
> Opening cache file at /cm-views/samba.server/locks/gencache.tdb
> Opening cache file at /cm-views/samba.server/locks/gencache_notrans.tdb
> Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
> sitename_fetch: No stored sitename for
> internal_resolve_name: looking up myserver#20 (sitename (null))
> Cache entry with key = NBT/myserver#20 couldn't be found
> no entry for myserver#20 found.
> resolve_lmhosts: Attempting lmhosts lookup for name myserver<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> resolve_wins: Attempting wins lookup for name myserver<0x20>
> resolve_wins: WINS server resolution selected and no WINS servers listed.
> resolve_hosts: Attempting host lookup for name myserver<0x20>
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> namecache_store: storing 1 address for myserver#20: 10.10.10.62
> Adding cache entry with key = NBT/myserver#20 and timeout = Fri Apr 13
> 17:34:17 2012
> (660 seconds ahead)
> internal_resolve_name: returning 1 addresses: 10.10.10.62:0
> Running timed event "tevent_req_timedout" 7b11d0
> Connecting to 10.10.10.62 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_SNDBUF = 49152
> SO_RCVBUF = 49152
> Could not test socket option SO_SNDLOWAT.
> Could not test socket option SO_RCVLOWAT.
> Could not test socket option SO_SNDTIMEO.
> Could not test socket option SO_RCVTIMEO.
> session request ok
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Substituting charset 'ISO8859-1' for LOCALE
> Doing spnego session setup (blob length=58)
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=NONE
> &negotiate: struct NEGOTIATE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmNegotiate (1)
> NegotiateFlags : 0x60088215 (1611170325)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 0: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> 0: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> DomainNameLen : 0x0007 (7)
> DomainNameMaxLen : 0x0007 (7)
> DomainName : *
> DomainName : 'MYDOMAIN'
> WorkstationLen : 0x000f (15)
> WorkstationMaxLen : 0x000f (15)
> Workstation : *
> Workstation : 'myserver'
> smb_signing_sign_pdu: sent SMB signature of
> [0000] 42 53 52 53 50 59 4C 20 BSRSPYL
> write_socket(6,174)
> write_socket(6,174) wrote 174
> got smb length of 256
> size=256
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 163 (0xA3)
> smb_bcc=213
> [0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ?. 0.. .
> ...?...+
> [0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7..
> .......N
> [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP..
> .......0
> [0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y
> ..,.d...
> [0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F
> .F.>...S
> [0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T
> .R.E....
> [0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C
> .T.R.E..
> [0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S
> .-.C.C.-
> [0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V
> .I.E.W.S
> [0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........
> .c.c.1..
> [00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i
> .x...S.a
> [00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a.
> .3...5..
> [00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P
> .E.C.T.R
> [00D0] 00 45 00 00 00 .E...
> size=256
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 163 (0xA3)
> smb_bcc=213
> [0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ?. 0.. .
> ...?...+
> [0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7..
> .......N
> [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP..
> .......0
> [0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y
> ..,.d...
> [0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F
> .F.>...S
> [0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T
> .R.E....
> [0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C
> .T.R.E..
> [0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S
> .-.C.C.-
> [0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V
> .I.E.W.S
> [0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........
> .c.c.1..
> [00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i
> .x...S.a
> [00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a.
> .3...5..
> [00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P
> .E.C.T.R
> [00D0] 00 45 00 00 00 .E...
> &challenge: struct CHALLENGE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmChallenge (0x2)
> TargetNameLen : 0x000e (14)
> TargetNameMaxLen : 0x000e (14)
> TargetName : *
> TargetName : 'MYDOMAIN'
> NegotiateFlags : 0x60898215 (1619624469)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 1: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 1: NTLMSSP_NEGOTIATE_TARGET_INFO
> 0: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> ServerChallenge : 790cb42ca364a6ad
> Reserved : 0000000000000000
> TargetInfoLen : 0x0046 (70)
> TargetNameInfoMaxLen : 0x0046 (70)
> TargetInfo : *
> TargetInfo: struct AV_PAIR_LIST
> count : 0x00000005 (5)
> pair: ARRAY(5)
> pair: struct AV_PAIR
> AvId : MsvAvNbDomainName
> (0x2)
> AvLen : 0x000e (14)
> Value : union
> ntlmssp_AvValue(case 0x2)
> AvNbDomainName : 'MYDOMAIN'
> pair: struct AV_PAIR
> AvId : MsvAvNbComputerName
> (0x1)
> AvLen : 0x001e (30)
> Value : union
> ntlmssp_AvValue(case 0x1)
> AvNbComputerName : 'myserver'
> pair: struct AV_PAIR
> AvId : MsvAvDnsDomainName
> (0x4)
> AvLen : 0x0000 (0)
> Value : union
> ntlmssp_AvValue(case 0x4)
> AvDnsDomainName : ''
> pair: struct AV_PAIR
> AvId :
> MsvAvDnsComputerName (0x3)
> AvLen : 0x0006 (6)
> Value : union
> ntlmssp_AvValue(case 0x3)
> AvDnsComputerName : 'cc1'
> pair: struct AV_PAIR
> AvId : MsvAvEOL (0x0)
> AvLen : 0x0000 (0)
> Value : union
> ntlmssp_AvValue(case 0x0)
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> &authenticate: struct AUTHENTICATE_MESSAGE
> Signature : 'NTLMSSP'
> MessageType : NtLmAuthenticate (3)
> LmChallengeResponseLen : 0x0018 (24)
> LmChallengeResponseMaxLen: 0x0018 (24)
> LmChallengeResponse : *
> LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
> v1: struct LM_RESPONSE
> Response :
> 078e894cc35e1708df68607b51c47cd6fc4cd6febd7d4ca4
> NtChallengeResponseLen : 0x0072 (114)
> NtChallengeResponseMaxLen: 0x0072 (114)
> NtChallengeResponse : *
> NtChallengeResponse : union
> ntlmssp_NTLM_RESPONSE(case 114)
> v2: struct NTLMv2_RESPONSE
> Response :
> ff564e232df73299417995e0973dd4e3
> Challenge: struct NTLMv2_CLIENT_CHALLENGE
> RespType : 0x01 (1)
> HiRespType : 0x01 (1)
> Reserved1 : 0x0000 (0)
> Reserved2 : 0x00000000 (0)
> TimeStamp : April 13, 2012 05:23:17
> PM GMT GMT
> ChallengeFromClient : 7cc0c9cc205d2ce2
> Reserved3 : 0x00000000 (0)
> AvPairs: struct AV_PAIR_LIST
> count : 0x00000005 (5)
> pair: ARRAY(5)
> pair: struct AV_PAIR
> AvId :
> MsvAvNbDomainName (0x2)
> AvLen : 0x000e (14)
> Value : union
> ntlmssp_AvValue(case 0x2)
> AvNbDomainName :
'MYDOMAIN'
> pair: struct AV_PAIR
> AvId :
> MsvAvNbComputerName (0x1)
> AvLen : 0x001e (30)
> Value : union
> ntlmssp_AvValue(case 0x1)
> AvNbComputerName :
'myserver'
> pair: struct AV_PAIR
> AvId :
> MsvAvDnsDomainName (0x4)
> AvLen : 0x0000 (0)
> Value : union
> ntlmssp_AvValue(case 0x4)
> AvDnsDomainName : ''
> pair: struct AV_PAIR
> AvId :
> MsvAvDnsComputerName (0x3)
> AvLen : 0x0006 (6)
> Value : union
> ntlmssp_AvValue(case 0x3)
> AvDnsComputerName : 'cc1'
> pair: struct AV_PAIR
> AvId : MsvAvEOL (0x0)
> AvLen : 0x0000 (0)
> Value : union
> ntlmssp_AvValue(case 0x0)
> DomainNameLen : 0x000e (14)
> DomainNameMaxLen : 0x000e (14)
> DomainName : *
> DomainName : 'MYDOMAIN'
> UserNameLen : 0x0010 (16)
> UserNameMaxLen : 0x0010 (16)
> UserName : *
> UserName : 'cdavis15'
> WorkstationLen : 0x001e (30)
> WorkstationMaxLen : 0x001e (30)
> Workstation : *
> Workstation : 'myserver'
> EncryptedRandomSessionKeyLen: 0x0010 (16)
> EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
> EncryptedRandomSessionKey: *
> EncryptedRandomSessionKey: DATA_BLOB length=16
> [0000] 7F 69 AF 9D 61 58 E0 8F FB 4B BF 94 3B B4 B9 EE .i..aX?.
> ?K?.;..?
> NegotiateFlags : 0x60088215 (1611170325)
> 1: NTLMSSP_NEGOTIATE_UNICODE
> 0: NTLMSSP_NEGOTIATE_OEM
> 1: NTLMSSP_REQUEST_TARGET
> 1: NTLMSSP_NEGOTIATE_SIGN
> 0: NTLMSSP_NEGOTIATE_SEAL
> 0: NTLMSSP_NEGOTIATE_DATAGRAM
> 0: NTLMSSP_NEGOTIATE_LM_KEY
> 0: NTLMSSP_NEGOTIATE_NETWARE
> 1: NTLMSSP_NEGOTIATE_NTLM
> 0: NTLMSSP_NEGOTIATE_NT_ONLY
> 0: NTLMSSP_ANONYMOUS
> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 0: NTLMSSP_TARGET_TYPE_DOMAIN
> 0: NTLMSSP_TARGET_TYPE_SERVER
> 0: NTLMSSP_TARGET_TYPE_SHARE
> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> 0: NTLMSSP_NEGOTIATE_IDENTIFY
> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> 0: NTLMSSP_NEGOTIATE_TARGET_INFO
> 0: NTLMSSP_NEGOTIATE_VERSION
> 1: NTLMSSP_NEGOTIATE_128
> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
> 0: NTLMSSP_NEGOTIATE_56
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> smb_signing_sign_pdu: sent SMB signature of
> [0000] 42 53 52 53 50 59 4C 20 BSRSPYL
> write_socket(6,380)
> write_socket(6,380) wrote 380
> got smb length of 35
> size=35
> smb_com=0x73
> smb_rcls=141
> smb_reh=1
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> size=35
> smb_com=0x73
> smb_rcls=141
> smb_reh=1
> smb_err=49152
> smb_flg=136
> smb_flg2=51203
> smb_tid=0
> smb_pid=28352
> smb_uid=100
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> SPNEGO login failed: Trust relationship failure
> session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
>
>
Niels Dettenbach (Syndicat IT&Internet)
2012-Apr-15 11:46 UTC
[Samba] NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE with Server 2008R2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 "Oliver R." <samba at solar-imperium.com> schrieb:>Regarding the changes in SAMBA 3.4/5/6 I have no doubt that there could > >have been changes affecting my configuration but you can't expect >everybody to >read through the changes of the last n versions to get a previously >working config to fly again.I fully understand you, but i had a more or less similiar problem while upgrading and read this from others att - it helped me in several steps then to read CHANGES. It depends from your setup if samba could be updated smoothly or not as there was/is a strong ongoing development especially towards newer Windows Protocols etc...>I would expect a Wiki page titled: SAMBA 3.x in an Windows 2008 R2 >EnvironmentOk, just write one ?) ...sorry, just btw... Yes, some docs are not very "consistent" from a typical end users view, here still could be something done in different ways as samba is a complex pile of software and - from my experience - a very wide range of different setup constellations out in the world. A widely "complete" wiki would be a very nice idea... As i'm usually build most of my software binaries byself from source (BSD, Gentoo, Archlinux) i would try to build samba byself instead i.e. in a private suffix path for testing to exclude that things like broken/incomplete packages from a distrubutor are happen (it seems so here if the file really is not anywhere in the sys). Maybe that's an option for you here too, even if you do it for testing purposes only... But i hope someone has more details then me for you here, sorry... best regards, Niels. - -- Niels Dettenbach Syndicat IT&Internet http://www.syndicat.com -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iIEEAREIAEEFAk+KtQo6HE5pZWxzIERldHRlbmJhY2ggKFN5bmRpY2F0IElUJklu dGVybmV0KSA8bmRAc3luZGljYXQuY29tPgAKCRBU3ERlZRyiDQVkAJwNTcPnFjhi vzXxHH7ICpLr+K9qzwCeL3GK99rzKhmWcWl7CbjKiYjKp2E=cWCA -----END PGP SIGNATURE-----
Christopher Davis
2012-Apr-16 13:47 UTC
[Samba] NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE with Server 2008R2
A reply to myself to pop this back up -
I've tried to find some documentation on CHANGES in my version of Samba
(3.5.8) but I haven't had much luck. This is the version of Samba that came
with my Solaris 10 box. I have been trying to get a newer version on but have
issues with that as well (see my other thread on 3.5.8 vs 3.6.3)
Any thoughts on where to go/look next?
###########################################################################################
My previous message:
I am having problems implementing Samba using security=domain against a
Windows 2008R2 server.
I have been able to successfully join the domain via a net rpc join.
Anytime I try to access a share through smbclient I get a
NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE but nothing in the logs (on
either side) seems to be giving me any leads on where to look. The
system is locked down to allow NTLv2 ONLY.
The 2008R2 server is running with a number of additional security
lock-downs and it is somewhat likely one or more of those may be the
culprit but I'm hoping someone might have an idea of a specific place to
start looking.
Any help would be much appreciated - I can dig up more logs if needed.
I have included my smb.conf, the output from a a net rpg testjoin and
output from my test run of smbclient
#########################################################################################################
My smb.conf:
[global]
workgroup = MYDOMAIN
netbios name = myserver
security = domain
password server = dc1
server string = Samba (%v) domain (%h)
username map = /cm-views/samba.server/lib/users.map
log level = 10
log file = /cm-views/samba.server/logs/log.%m
lock dir = /cm-views/samba.server/locks
private dir = /cm-views/samba.server/private
client use spnego = yes
client ntlmv2 auth = yes
client signing = yes
server signing = yes
client ldap sasl wrapping = seal
client schannel = yes
server schannel = yes
encrypt passwords = yes
[test]
comment = Monitor Directory for Sun Cluster
path = /cm-views/samba.server/logs
guest ok = Yes
#########################################################################################################
[root at cc1 /cm-views/samba.server/logs ]# net rpc testjoin -s
../lib/smb.conf
Join to 'MYDOMAIN' is OK
#########################################################################################################
[root at cc1 /cm-views/samba.server/logs ]# smbclient -L myserver -U
cdavis15 -s ../lib/smb.conf -d10
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file
"../lib/smb.conf"
Processing section "[global]"
doing parameter workgroup = MYDOMAIN
doing parameter netbios name = myserver
handle_netbios_name: set global_myname to: myserver
doing parameter security = domain
doing parameter password server = dc1
doing parameter server string = Samba (%v) domain (%h)
doing parameter username map = /cm-views/samba.server/lib/users.map
doing parameter log level = 10
doing parameter log file = /cm-views/samba.server/logs/log.%m
doing parameter lock dir = /cm-views/samba.server/locks
doing parameter private dir = /cm-views/samba.server/private
doing parameter client use spnego = yes
doing parameter client ntlmv2 auth = yes
doing parameter client signing = yes
doing parameter server signing = yes
doing parameter client ldap sasl wrapping = seal
doing parameter client schannel = yes
doing parameter server schannel = yes
doing parameter encrypt passwords = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_MEMBER
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
added interface bge1 ip=172.16.0.130 bcast=172.16.0.255
netmask=255.255.255.128
added interface bge3 ip=172.16.1.2 bcast=172.16.1.127
netmask=255.255.255.128
added interface clprivnet0 ip=172.16.4.2 bcast=172.16.5.255
netmask=255.255.254.0
added interface bge0 ip=10.10.10.43 bcast=10.10.10.255 netmask=255.255.255.0
added interface bge0:2 ip=10.10.10.60 bcast=10.10.10.255
netmask=255.255.255.0
added interface bge0:4 ip=10.10.10.61 bcast=10.10.10.255
netmask=255.255.255.0
added interface bge0:3 ip=10.10.10.62 bcast=10.10.10.255
netmask=255.255.255.0
add_interface: not adding duplicate interface 0.0.0.0
Netbios name list:-
my_netbios_names[0]="myserver"
Client started (version 3.5.8).
Enter cdavis15's password:
Opening cache file at /cm-views/samba.server/locks/gencache.tdb
Opening cache file at /cm-views/samba.server/locks/gencache_notrans.tdb
Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
sitename_fetch: No stored sitename for
internal_resolve_name: looking up myserver#20 (sitename (null))
Cache entry with key = NBT/myserver#20 couldn't be found
no entry for myserver#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name myserver<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
resolve_wins: Attempting wins lookup for name myserver<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name myserver<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for myserver#20: 10.10.10.62
Adding cache entry with key = NBT/myserver#20 and timeout = Fri Apr 13
17:34:17 2012
(660 seconds ahead)
internal_resolve_name: returning 1 addresses: 10.10.10.62:0
Running timed event "tevent_req_timedout" 7b11d0
Connecting to 10.10.10.62 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 49152
SO_RCVBUF = 49152
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
session request ok
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Substituting charset 'ISO8859-1' for LOCALE
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
&negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0007 (7)
DomainNameMaxLen : 0x0007 (7)
DomainName : *
DomainName : 'MYDOMAIN'
WorkstationLen : 0x000f (15)
WorkstationMaxLen : 0x000f (15)
Workstation : *
Workstation : 'myserver'
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
write_socket(6,174)
write_socket(6,174) wrote 174
got smb length of 256
size=256
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 163 (0xA3)
smb_bcc=213
[0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ?. 0.. .
...?...+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7.. .......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0
[0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y ..,.d...
[0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F .F.>...S
[0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T .R.E....
[0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C .T.R.E..
[0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S .-.C.C.-
[0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V .I.E.W.S
[0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........ .c.c.1..
[00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i .x...S.a
[00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a. .3...5..
[00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P .E.C.T.R
[00D0] 00 45 00 00 00 .E...
size=256
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 163 (0xA3)
smb_bcc=213
[0000] A1 81 A0 30 81 9D A0 03 0A 01 01 A1 0C 06 0A 2B ?. 0.. .
...?...+
[0010] 06 01 04 01 82 37 02 02 0A A2 81 87 04 81 84 4E .....7.. .......N
[0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0
[0030] 00 00 00 15 82 89 60 79 0C B4 2C A3 64 A6 AD 00 ......`y ..,.d...
[0040] 00 00 00 00 00 00 00 46 00 46 00 3E 00 00 00 53 .......F .F.>...S
[0050] 00 50 00 45 00 43 00 54 00 52 00 45 00 02 00 0E .P.E.C.T .R.E....
[0060] 00 53 00 50 00 45 00 43 00 54 00 52 00 45 00 01 .S.P.E.C .T.R.E..
[0070] 00 1E 00 43 00 4F 00 53 00 2D 00 43 00 43 00 2D ...C.O.S .-.C.C.-
[0080] 00 43 00 4D 00 2D 00 56 00 49 00 45 00 57 00 53 .C.M.-.V .I.E.W.S
[0090] 00 04 00 00 00 03 00 06 00 63 00 63 00 31 00 00 ........ .c.c.1..
[00A0] 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i .x...S.a
[00B0] 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E .m.b.a. .3...5..
[00C0] 00 38 00 00 00 53 00 50 00 45 00 43 00 54 00 52 .8...S.P .E.C.T.R
[00D0] 00 45 00 00 00 .E...
&challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x000e (14)
TargetNameMaxLen : 0x000e (14)
TargetName : *
TargetName : 'MYDOMAIN'
NegotiateFlags : 0x60898215 (1619624469)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : 790cb42ca364a6ad
Reserved : 0000000000000000
TargetInfoLen : 0x0046 (70)
TargetNameInfoMaxLen : 0x0046 (70)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName (0x2)
AvLen : 0x000e (14)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'MYDOMAIN'
pair: struct AV_PAIR
AvId : MsvAvNbComputerName
(0x1)
AvLen : 0x001e (30)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'myserver'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName (0x4)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : ''
pair: struct AV_PAIR
AvId : MsvAvDnsComputerName
(0x3)
AvLen : 0x0006 (6)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'cc1'
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
&authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
v1: struct LM_RESPONSE
Response :
078e894cc35e1708df68607b51c47cd6fc4cd6febd7d4ca4
NtChallengeResponseLen : 0x0072 (114)
NtChallengeResponseMaxLen: 0x0072 (114)
NtChallengeResponse : *
NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case
114)
v2: struct NTLMv2_RESPONSE
Response : ff564e232df73299417995e0973dd4e3
Challenge: struct NTLMv2_CLIENT_CHALLENGE
RespType : 0x01 (1)
HiRespType : 0x01 (1)
Reserved1 : 0x0000 (0)
Reserved2 : 0x00000000 (0)
TimeStamp : April 13, 2012 05:23:17
PM GMT GMT
ChallengeFromClient : 7cc0c9cc205d2ce2
Reserved3 : 0x00000000 (0)
AvPairs: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId :
MsvAvNbDomainName (0x2)
AvLen : 0x000e (14)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'MYDOMAIN'
pair: struct AV_PAIR
AvId :
MsvAvNbComputerName (0x1)
AvLen : 0x001e (30)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'myserver'
pair: struct AV_PAIR
AvId :
MsvAvDnsDomainName (0x4)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : ''
pair: struct AV_PAIR
AvId :
MsvAvDnsComputerName (0x3)
AvLen : 0x0006 (6)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'cc1'
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
DomainNameLen : 0x000e (14)
DomainNameMaxLen : 0x000e (14)
DomainName : *
DomainName : 'MYDOMAIN'
UserNameLen : 0x0010 (16)
UserNameMaxLen : 0x0010 (16)
UserName : *
UserName : 'cdavis15'
WorkstationLen : 0x001e (30)
WorkstationMaxLen : 0x001e (30)
Workstation : *
Workstation : 'myserver'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[0000] 7F 69 AF 9D 61 58 E0 8F FB 4B BF 94 3B B4 B9 EE .i..aX?.
?K?.;..?
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
write_socket(6,380)
write_socket(6,380) wrote 380
got smb length of 35
size=35
smb_com=0x73
smb_rcls=141
smb_reh=1
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
size=35
smb_com=0x73
smb_rcls=141
smb_reh=1
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=28352
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
SPNEGO login failed: Trust relationship failure
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
--------------------------------------------------------------------------------
Previous message: [Samba] Configuration of idmap_ldap "No backend
defined"
Next message: [Samba] NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE with Server
2008R2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--------------------------------------------------------------------------------
More information about the samba mailing list