Mario Codeniera
2018-Sep-11 03:16 UTC
[Samba] shared folder in the samba domain, can't be access on trusting domain users
Hi, Anybody got experienced that the shared folder (in SAMBAAD domain) can't be accessible on the trusting domain (TESTHV). Background: SAMBAAD has one-way trust with TESTHV. TESTHV users can login in the SAMBAAD connected machines. Currently using Version 4.9.0rc5. It's working fine if the SAMBAAD users access with it, but users in TESTHV could not access with it even the permission has been added. Even change the ntlm, NTLMv2 but no avail in the configuration in samba. But on the configuration seems weird related to NTLMv2, I don't know if related also to the bugs on GPO <https://bugzilla.samba.org/show_bug.cgi?id=11517> (in which the default domain is the samba, not the trusting domain). [2018/09/10 18:18:57.226639, 3]> ../libcli/auth/schannel_state_tdb.c:199(schannel_fetch_session_key_tdb) > schannel_fetch_session_key_tdb: restored schannel info key > SECRETS/SCHANNEL/VM000459 > [2018/09/10 18:18:57.227149, 3] > ../libcli/auth/schannel_state_tdb.c:199(schannel_fetch_session_key_tdb) > schannel_fetch_session_key_tdb: restored schannel info key > SECRETS/SCHANNEL/VM000459 > [2018/09/10 18:18:57.227191, 3] > ../source4/auth/ntlm/auth.c:243(auth_check_password_send) > auth_check_password_send: Checking password for unmapped user > [TESTHV]\[mtest]@[TESTHV-DC1] > auth_check_password_send: user is: [TESTHV]\[mtest]@[TESTHV-DC1] > [2018/09/10 18:18:57.227872, 2] > ../source4/auth/ntlm/auth.c:478(auth_check_password_recv) > auth_check_password_recv: NO_METHOD authentication for user > [TESTHV\mtest] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=0 > [2018/09/10 18:18:57.227909, 2] > ../auth/auth_log.c:476(log_authentication_event_human_readable) > Auth: [SamLogon,network] user [TESTHV]\[mtest] at [Mon, 10 Sep 2018 > 18:18:57.227901 NZST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [TESTHV-DC1] remote host [ipv4:192.168.179.229:50070] mapped > to [TESTHV]\[mtest]. local host [ipv4:192.168.179.226:49153] NETLOGON > computer [VM000459] trust account [VM000459$] > [2018/09/10 18:18:57.228057, 2] > ../lib/audit_logging/audit_logging.c:141(audit_log_json) > JSON Authentication: {"timestamp": "2018-09-10T18:18:57.227924+1200", > "type": "Authentication", "Authentication": {"version": {"major": 1, > "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4: > 192.168.179.226:49153", "remoteAddress": "ipv4:192.168.179.229:50070", > "serviceDescription": "SamLogon", "authDescription": "network", > "clientDomain": "TESTHV", "clientAccount": "mtest", "workstation": > "TESTHV-DC1", "becameAccount": null, "becameDomain": null, "becameSid": > null, "mappedAccount": "mtest", "mappedDomain": "TESTHV", > "netlogonComputer": "VM000459", "netlogonTrustAccount": "VM000459$", > "netlogonNegotiateFlags": "0x612FFFFF", "netlogonSecureChannelType": 2, > "netlogonTrustAccountSid": > "S-1-5-21-3359915894-2567539813-9720661963-1612", "passwordType": "NTLMv2", > "duration": 844}} > [2018/09/10 18:18:57.237759, 3] > ../libcli/auth/schannel_state_tdb.c:199(schannel_fetch_session_key_tdb) > schannel_fetch_session_key_tdb: restored schannel info key > SECRETS/SCHANNEL/VM000459 > [2018/09/10 18:18:57.237791, 3] > ../source4/auth/ntlm/auth.c:243(auth_check_password_send) > auth_check_password_send: Checking password for unmapped user > [TESTHV]\[mtest]@[TESTHV-DC1] > auth_check_password_send: user is: [TESTHV]\[mtest]@[TESTHV-DC1] > [2018/09/10 18:18:57.238119, 2] > ../source4/auth/ntlm/auth.c:478(auth_check_password_recv) > auth_check_password_recv: NO_METHOD authentication for user > [TESTHV\mtest] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=0 > [2018/09/10 18:18:57.238143, 2] > ../auth/auth_log.c:476(log_authentication_event_human_readable) > Auth: [SamLogon,network] user [TESTHV]\[mtest] at [Mon, 10 Sep 2018 > 18:18:57.238136 NZST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [TESTHV-DC1] remote host [ipv4:192.168.179.229:50070] mapped > to [TESTHV]\[mtest]. local host [ipv4:192.168.179.226:49153] NETLOGON > computer [VM000459] trust account [VM000459$] > [2018/09/10 18:18:57.238217, 2] > ../lib/audit_logging/audit_logging.c:141(audit_log_json) > JSON Authentication: {"timestamp": "2018-09-10T18:18:57.238153+1200", > "type": "Authentication", "Authentication": {"version": {"major": 1, > "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4: > 192.168.179.226:49153", "remoteAddress": "ipv4:192.168.179.229:50070", > "serviceDescription": "SamLogon", "authDescription": "network", > "clientDomain": "TESTHV", "clientAccount": "mtest", "workstation": > "TESTHV-DC1", "becameAccount": null, "becameDomain": null, "becameSid": > null, "mappedAccount": "mtest", "mappedDomain": "TESTHV", > "netlogonComputer": "VM000459", "netlogonTrustAccount": "VM000459$", > "netlogonNegotiateFlags": "0x612FFFFF", "netlogonSecureChannelType": 2, > "netlogonTrustAccountSid": > "S-1-5-21-3359915894-2567539813-9720661963-1612", "passwordType": "NTLMv2", > "duration": 421}} > [2018/09/10 18:18:57.248268, 3] > ../libcli/auth/schannel_state_tdb.c:199(schannel_fetch_session_key_tdb) > schannel_fetch_session_key_tdb: restored schannel info key > SECRETS/SCHANNEL/VM000459 > [2018/09/10 18:18:57.248307, 3] > ../source4/auth/ntlm/auth.c:243(auth_check_password_send) > auth_check_password_send: Checking password for unmapped user > [TESTHV]\[mtest]@[TESTHV-DC1] > auth_check_password_send: user is: [TESTHV]\[mtest]@[TESTHV-DC1] > [2018/09/10 18:18:57.248645, 2] > ../source4/auth/ntlm/auth.c:478(auth_check_password_recv) > auth_check_password_recv: NO_METHOD authentication for user > [TESTHV\mtest] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=0 > [2018/09/10 18:18:57.248667, 2] > ../auth/auth_log.c:476(log_authentication_event_human_readable) > Auth: [SamLogon,network] user [TESTHV]\[mtest] at [Mon, 10 Sep 2018 > 18:18:57.248661 NZST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [TESTHV-DC1] remote host [ipv4:192.168.179.229:50070] mapped > to [TESTHV]\[mtest]. local host [ipv4:192.168.179.226:49153] NETLOGON > computer [VM000459] trust account [VM000459$] > [2018/09/10 18:18:57.248760, 2] > ../lib/audit_logging/audit_logging.c:141(audit_log_json) > JSON Authentication: {"timestamp": "2018-09-10T18:18:57.248677+1200", > "type": "Authentication", "Authentication": {"version": {"major": 1, > "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4: > 192.168.179.226:49153", "remoteAddress": "ipv4:192.168.179.229:50070", > "serviceDescription": "SamLogon", "authDescription": "network", > "clientDomain": "TESTHV", "clientAccount": "mtest", "workstation": > "TESTHV-DC1", "becameAccount": null, "becameDomain": null, "becameSid": > null, "mappedAccount": "mtest", "mappedDomain": "TESTHV", > "netlogonComputer": "VM000459", "netlogonTrustAccount": "VM000459$", > "netlogonNegotiateFlags": "0x612FFFFF", "netlogonSecureChannelType": 2, > "netlogonTrustAccountSid": > "S-1-5-21-3359915894-2567539813-9720661963-1612", "passwordType": "NTLMv2", > "duration": 452}} > [2018/09/10 18:18:57.821005, 2] > ../source4/dsdb/samdb/ldb_modules/netlogon.c:161(fill_netlogon_samlogon_response) > Unable to find a correct reference to GUID > '9fe2dd08-e8fe-435a-8633-79d8f28e6b84' or SID > 'S-1-5-21-590730843-99389099-1391847318' in samIn the PDC (Samba3.3) it only works for Windows 2012 Server but beyond it same issue above. Thanks, Mario
Possibly Parallel Threads
- [PATCH 1/2] Modify autoconf tests for intrinsics to stop clang from optimizing them away.
- Samba building is broken when some libraries are specified to be built-in to binaries !
- Samba 4.19.2: "Unwilling to perform" password change
- Problem with filenames with commas in them
- Cannot share folders access denid PDC+LDAP.
Wisdom of the Ancients
