HPE Community
Operating System - HP-UX
1833781 Members
2143 Online
110063 Solutions
New Discussion

authentification problem on Samba3

 
Oleg Mercader-Kashin
Frequent Advisor

‎02-01-2006 01:05 AM

‎02-01-2006 01:05 AM

authentification problem on Samba3

I've just "cloned" my working samba2 server on my new Tru64 machine's samba3. I use the same smb.conf changing only a netbios name:

# Global parameters
[global]
workgroup = SC1
netbios name = SGIIC3
security = SERVER
encrypt passwords = Yes
update encrypted = Yes
password server = NTIMP1

My MS admin registered the new netbios name sgiic3.
Well, now I see a SGIIC3 server but any connection is rejected. The output of a debug level = 3 is in attachement.

Any idea :-)?

0 Kudos
30 REPLIES 30
Zinky
Honored Contributor

‎02-01-2006 01:35 AM

‎02-01-2006 01:35 AM

Re: authentification problem on Samba3

How are you connecting to your Samba 3 server? On your windows client - do you login with a user-id that matches you ruser-id on your UNIX server hosting samba?

Do you use user maps?

I suppose your Samba2 server is not a domain member right? Can you post "testparm" output from both your Samba2 and your Samba3 configs?
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Steven E. Protter
Exalted Contributor

‎02-01-2006 01:43 AM

‎02-01-2006 01:43 AM

Re: authentification problem on Samba3

Shalom,

Check the samba log file mentioned in smb.conf

It may have errors.

You may need to run the net join command again.

The trust relationship with the domain may need to be reset on the PDC.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Geoff Wild
Honored Contributor

‎02-01-2006 01:46 AM

‎02-01-2006 01:46 AM

Re: authentification problem on Samba3

You need to re-join the domain from the new server...

Get the MS Admin to remove the host from server manager....

I would use SECURITY=DOMAIN or ADS not SERVER with samba 3....

You may also need winbind running as well...

I have some good info and pointers to docs in this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=949365

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Zinky
Honored Contributor

‎02-01-2006 01:50 AM

‎02-01-2006 01:50 AM

Re: authentification problem on Samba3

Peace SEP.

His config is not a Windows Domain member but SERVER security but uses a password server for authentication (NTIMP1)


Oleg:

I am not sure if such scheme is still supported in SAMBA3 -- SECURITY=SERVER and a PASSWORD SERVER. However can you check if NTIMP1 is accessible on your SAMBA3 machine? Also - from your logs -- what does 172.16.241.43 correspond to? Also, is NTIMP1 an NT 4.0 PDC or BDC?

I used to have several servers configured as yours (with a password server - usually a BDC). I never attempted to maintain the same config but instead am using SECURITY=DOMAIN.
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-01-2006 02:55 AM

‎02-01-2006 02:55 AM

Re: authentification problem on Samba3

The output of a findsmb:
...
172.16.241.43 NTIMP1 [SC1][Windows NT 4.0][NT LAN Manager 4.0]
Yes, I did "net join" but really I don't understand what a user name I have to use. In samba I didn't define any :-( or simple:
net rpc join -U administrator
??
a testparm is in attachment.
Well, I'll go to change to security = DOMAIN.

0 Kudos
Zinky
Honored Contributor

‎02-01-2006 03:07 AM

‎02-01-2006 03:07 AM

Re: authentification problem on Samba3

Hmm.. I never thought security=Server plus a password server configuration is considered a Domain Member under testparm.. It is supposd to be a pass thru authentication scheme.

Anyways, to add your Samba3 config to your domain. Have your Windows Admin add the samba service to your domain which is basically creating a "machine account" on the domain PDC. If you're running Windows 2000/2003 .. then the Windows Admin will need to use Server Manager or the WIzard and create the machine account. Make sure "Allow Pre-Windows 2000 Computers to use this account" is enabled to the machine account.

Once that is done, edit your smb.conf so its security=domain. Restart it and simply do:

net rpc join

or if that does not work.

net rpc oldjoin

HTH.
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Gavin Clarke
Trusted Contributor

‎02-01-2006 03:08 AM

‎02-01-2006 03:08 AM

Re: authentification problem on Samba3

Hi Oleg,

With net join you are asking to join the Windows/NT domain.

You will need a username and password of a Windows/NT user that has permission to join the domain.

Cheers.
0 Kudos
Zinky
Honored Contributor

‎02-01-2006 03:11 AM

‎02-01-2006 03:11 AM

Re: authentification problem on Samba3

BTW.. using the method I described - you will not need to drag the WIndows Admin to your UNIX Samba machine and ask him to type in the Admin password..
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Gavin Clarke
Trusted Contributor

‎02-01-2006 03:16 AM

‎02-01-2006 03:16 AM

Re: authentification problem on Samba3

Oleg,

Use Nelson's method or look at Geoff Wild's post.

I was just answering a little question not giving you the best solution overall.

Cheers.

Anyway dragging Windows admins around is fun.
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-01-2006 03:20 AM

‎02-01-2006 03:20 AM

Re: authentification problem on Samba3

Hmm.. in other words I have to
1. reset machine name in a MS DOMAIN;
2. put in a smb.conf only the following (?):

[global]
workgroup = SC1
netbios name = SGIIC3
security = DOMAIN
encrypt passwords = Yes
update encrypted = Yes

3. restart samba
4. net rcp join

??
0 Kudos
Geoff Wild
Honored Contributor

‎02-01-2006 03:32 AM

‎02-01-2006 03:32 AM

Re: authentification problem on Samba3

encrypt passwords = Yes is the default

If you really want update encrypted = Yes, then in order for this parameter to work correctly the encrypt passwords parameter must be set to no .

You do not want that....

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-01-2006 04:10 AM

‎02-01-2006 04:10 AM

Re: authentification problem on Samba3

Do I have to remove a private/secrets.tdb before restart?
0 Kudos
Zinky
Honored Contributor

‎02-01-2006 05:23 AM

‎02-01-2006 05:23 AM

Re: authentification problem on Samba3

I think there should be no need. Or if you bliew it away .. a new one will simply be created..
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-02-2006 03:44 AM

‎02-02-2006 03:44 AM

Re: authentification problem on Samba3

Sorry but doesn't work.
./net rpc oldjoin was OK but like before I see the smba server but if I want connect to I get the popup window asks me user/pw, etc. Seems like samba can't identify:

[2006/02/02 17:10:47, 0] smbd/server.c:(806)
smbd version 3.0.20b started.
Copyright Andrew Tridgell and the Samba Team 1992-2005
[2006/02/02 17:10:47, 1] smbd/files.c:(207)
file_init: Information only: requested 10000 open files, 4076 are available.
[2006/02/02 17:15:13, 0] auth/auth_util.c:(1173)
make_server_info_info3: pdb_init_sam failed!
[2006/02/02 17:15:13, 0] auth/auth_util.c:(1173)
make_server_info_info3: pdb_init_sam failed!
[2006/02/02 17:15:34, 0] auth/auth_util.c:(1173)
make_server_info_info3: pdb_init_sam failed!
[2006/02/02 17:15:34, 0] auth/auth_util.c:(1173)
make_server_info_info3: pdb_init_sam failed!

pls, HELP!
0 Kudos
Zinky
Honored Contributor

‎02-02-2006 03:48 AM

‎02-02-2006 03:48 AM

Re: authentification problem on Samba3

Kongratz on your join!

Your current problem appears to be kernel related.... what's your kernel param for maximum number of open files set at? You may need to increase that...

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-02-2006 03:48 AM

‎02-02-2006 03:48 AM

Re: authentification problem on Samba3

Well, including I try to register (after all:-() like (with the help from the client's MS admin) but:

./net rpc join
Password:
Could not connect to server SRVSC1
The account was locked out.

:-(
0 Kudos
Zinky
Honored Contributor

‎02-02-2006 03:50 AM

‎02-02-2006 03:50 AM

Re: authentification problem on Samba3

Once you've joined the domain.. that's it.. you need not net join once more or your machine account will be locked out! You will now need to have your machine account refreshed and do a net old join once more since you're locked out.

net rpc testjoin to validate your joined to the domain.

Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-02-2006 03:52 AM

‎02-02-2006 03:52 AM

Re: authentification problem on Samba3

In a sysconfigtab I don't see any about it. How can I know a max file?
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-02-2006 03:54 AM

‎02-02-2006 03:54 AM

Re: authentification problem on Samba3

# ./net rpc testjoin
Join to 'SC1' is OK
0 Kudos
Zinky
Honored Contributor

‎02-02-2006 04:02 AM

‎02-02-2006 04:02 AM

Re: authentification problem on Samba3

Am not knowledgeable on Tru64 so I cannot help you on that.. but am sure pretty sure it will require a kernel rebuild and a reboot of your Tru64 system...

You're getting close amigo.
Hakuna Matata

Favourite Toy:
AMD Athlon II X6 1090T 6-core, 16GB RAM, 12TB ZFS RAIDZ-2 Storage. Linux Centos 5.6 running KVM Hypervisor. Virtual Machines: Ubuntu, Mint, Solaris 10, Windows 7 Professional, Windows XP Pro, Windows Server 2008R2, DOS 6.22, OpenFiler
0 Kudos
Oleg Mercader-Kashin
Frequent Advisor

‎02-02-2006 11:36 PM

‎02-02-2006 11:36 PM

Re: authentification problem on Samba3

Well, once again :-),

#### when I put a correct user/pw:

# ./smbclient -L sgiic3 -Uformacion%formacion
session setup failed: NT_STATUS_LOGON_FAILURE

#### I get (log.smbd):

[2006/02/03 10:49:42, 0] auth/auth_util.c:(1173)
make_server_info_info3: pdb_init_sam failed!

#### When I put an incorrect user/pw

# ./smbclient -L sgiic3
Password:
session setup failed: NT_STATUS_ACCOUNT_LOCKED_OUT

##### I get:

# tail log.smbd
[2006/02/03 10:58:40, 0] auth/auth_domain.c:(195)
domain_client_validate: unable to validate password for user root in domain SC1 to Domain controller \\NTIMP1. Error was NT_STATUS_ACCOUNT_LOCKED_OUT.


Some fresh idea?
0 Kudos
Gavin Clarke
Trusted Contributor

‎02-03-2006 12:18 AM

‎02-03-2006 12:18 AM

Re: authentification problem on Samba3

This is what we use with
HP CIFS Server 2.2g
Version A.01.10
(based on samba 2.2.8):

It might or might not help

/usr/bin/cifsmount "//NTserver/share" /mountpoint -U NTUSER -P NTpassword -I NTserver

Please note that NTserver is defined in the /etc/hosts file.



##================================================================
##
## Name: smb.conf
##
## Set the values below to the actual names used in your
## environment.
##
## Any line which starts with a semi-colon (;) or a hash (#) is
## a comment and is ignored.
##
##================================================================


##======================= Global Settings ========================
[global]

## workgroup: NT-Domain-Name or Workgroup-Name
workgroup = domain.com

## password server: the netbios names of systems which will
## be used to authenticate logins.
password server = DC DC

## wins server: the system used to locate password servers,
## specified as a fully-qualified DNS name or an IP address.
wins server = DC.domain.com

It looks to me like yours might be using the wrong user name perhaps?

Cheers.
0 Kudos
Gavin Clarke
Trusted Contributor

‎02-03-2006 12:24 AM

‎02-03-2006 12:24 AM

Re: authentification problem on Samba3

Or to put it another way I think you might need a space between -U and username%password.

?
0 Kudos
Gavin Clarke
Trusted Contributor

‎02-03-2006 12:30 AM

‎02-03-2006 12:30 AM

Re: authentification problem on Samba3

Hmmm, no that is not it, the space isn't needed.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.