Samba TNG Error on Win2k
Andrew
I'm trying to install SambaTng 0.3.2+OpenLDAP 2.0.23 as PDC for
substitute Win2k Server. OpenLDAP is an rpm of RedHat 8.0.
I follow the HOWTO of
http://www.unav.es/cti/ldap-smb/ldap-smb-TNG-howto.html
but nothing. When i try to logon from win9x it's work correctly but
when I try to logon from win2k professional or win Nt Workstation 4.0
SP6 it's tell me which the password isn't correct or workstation isn't
present or domain.
Naturally I created on linux the account of workstation with the name
of workstation + $ and I create it also on ldap and same for account
which I use for logon. I see in log of samba this
--------------------------------------------------------------------------------------------------------
Changed root to /
msrpc_process: client_name: lsarpc my_name: pdcldap
Changed root to /
Closing connections
msrpc_process: client_name: netlogon my_name: pdcldap
Changed root to /
msrpc_process: client_name: lsarpc my_name: pdcldap
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(ntuid=nobody)(objectclass=sambaAccount))] with scope [1]
0 matching entries found
Connection closed
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(cn=nobody)(objectClass=sambaGroup))] with scope [1]
Closing connections
0 matching entries found
Connection closed
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(cn=nobody)(objectClass=sambaAlias))] with scope [1]
0 matching entries found
Connection closed
_net_sam_logon/TooMuchInformation: NT_STATUS_NO_SUCH_USER
NET_SAMLOGON: NT_STATUS_NO_SUCH_USER
domain_client_validate_backend: unable to validate password for user
MYDOMAIN\nobody to Domain controller \\.: NT_STATUS_NO_SUCH_USER
---------------------------------------------------------------------------------------------------------------
After I change the ntuid of nobody user in nobody from guest and I get
this from log:
---------------------------------------------------------------------------------------------------------------
api_rpc_command: api_netlog_rpc op 0x02 - NET_SAMLOGON
_net_sam_logon: User:[MYDOMAIN\nobody] for workstation [PDCLDAP] from
[PDCLDAP] at level Interactive.
Setting policy sid=S-1-5-21-1201015100-3247829658-3833553632
Service setting policy sid=S-1-5-21-1201015100-3247829658-3833553632
Closing connections
Server exit (normal exit)
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(ntuid=nobody)(objectclass=sambaAccount))] with scope [1]
1 matching entries found
get: [uid] = [nobody]
Retrieving account [nobody]
get: [ntuid] = [nobody]
get: [rid] = [1f5]
get: [acctFlags] = [[NU ]]
get: [lmPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
get: [ntPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
get: [pwdLastSet] = [39856D06]
Connection closed
unix_name_to_nt_name_info: getgrnam for group admin failed. Error was
No such file or directory.
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(rid=1f5)(objectclass=sambaAccount))] with scope [1]
1 matching entries found
get: [uid] = [nobody]
Retrieving account [nobody]
get: [ntuid] = [nobody]
get: [rid] = [1f5]
get: [acctFlags] = [[NU ]]
get: [lmPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
get: [ntPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
get: [pwdLastSet] = [39856D06]
Connection closed
TODO: verify that the rid exists
Setting policy sid=S-1-5-21-1201015100-3247829658-3833553632-501
Service setting policy
sid=S-1-5-21-1201015100-3247829658-3833553632-501
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(rid=1f5)(objectclass=sambaAccount))] with scope [1]
1 matching entries found
get: [uid] = [nobody]
Retrieving account [nobody]
get: [ntuid] = [nobody]
get: [rid] = [1f5]
get: [acctFlags] = [[NU ]]
get: [lmPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
get: [ntPassword] = [NO PASSWORDXXXXXXXXXXXXXXXXXXXXX]
get: [pwdLastSet] = [39856D06]
Connection closed
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(sambaMember=nobody,*)(objectclass=sambaGroup))] with scope [1]
0 matching entries found
Connection closed
Connected to LDAP server
----------------------------------------------------------------------------------------------
Why samba search for nobody when I logon with another user?
From log I can see which the account of computer is present on ldap.
---------------------------------------------------------------------------------------------
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(rid=1f5)(objectclass=sambaAccount))] with scope [1]
1 matching entries found
get: [uid] = [nobody]api_rpc_command: api_netlog_rpc op 0x0f -
NET_AUTH2
_net_auth_2: comp=[NAMEPC], acct=[NAMEPC$], logon_srv=[\\PDCLDAP]
Setting policy sid=S-1-5-21-1201015100-3247829658-3833553632
Service setting policy sid=S-1-5-21-1201015100-3247829658-3833553632
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(ntuid=NAMEPC$)(objectclass=sambaAccount))] with scope [1]
1 matching entries found
get: [uid] = [namepc$]
Retrieving account [namepc$]
get: [ntuid] = [namepc$]
get: [rid] = [3e9]
get: [acctFlags] = [[W ]]
get: [lmPassword] = [45454545454545454545454545454545] -- This is
modified
get: [ntPassword] = [45454545454545454545454545454545] -- This is
modified
get: [pwdLastSet] = [3EDF064F]
get: [grouprid] = [201]
get: [cn] = [namepc]
get: [smbHome] = [\\pdcldap\namepc_]
get: [homeDrive] = [H:]
get: [pwdCanChange] = [7fffffff]
Connection closed
Connected to LDAP server
Searching in [o=samba,dc=mydomain,dc=com] for
[(&(rid=3e9)(objectclass=sambaAccount))] with scope [1]
1 matching entries found
get: [uid] = [namepc$]
Retrieving account [namepc$]
get: [ntuid] = [namepc$]
get: [rid] = [3e9]
get: [acctFlags] = [[W ]]
get: [lmPassword] = [45454545454545454545454545454545] -- This is
modified
get: [ntPassword] = [45454545454545454545454545454545] -- This is
modified
get: [pwdLastSet] = [3EDF064F]
get: [grouprid] = [201]
get: [cn] = [NAMEPC]
get: [smbHome] = [\\pdcldap\namepc_]
get: [homeDrive] = [H:]
get: [pwdCanChange] = [7fffffff]
Connection closed
TODO: verify that the rid exists
Retrieving account [nobody]
get: [ntuid] = [nobody]
get: [rid] = [1f5]
get: [acctFlags] = [[NU ]]
-----------------------------------------------------------------------------------------------------------
The file of configuration of openldap and samba-tng I get the file of
the site.
Thanks to all.
Excuse for my bad english.