[bglug] Samba PDC inaccessibile da client WinXP
Jimmi
jimmi@bglug.it
Mar 20 Mar 2012 14:37:03 CET
Ciao,
dopo diversi tentativi sono finalmente riuscito a far funzionare il
server Samba con backend LDAP [0], ed ora i client Linux si collegano
allegramente e condividono il condivisibile :)
Purtroppo il client WinXP ancora fa i capricci e nonostante abbia
modificato quanto richiesto dalla guida non riesco a collegarmi al
dominio perchè durante la procedura ricevo un messaggio di password
utente errata (ovviamente lo stesso che uso con Linux). Nei log di Samba
trovo tra l'altro:
[2012/03/19 20:14:52.159880, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[PIPPO]\[pippo]@[PIPPO] with the new password interface
[2012/03/19 20:14:52.159912, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [HOME]\[pippo]@[PIPPO]
[2012/03/19 20:14:52.159933, 10] auth/auth.c:228(check_ntlm_password)
check_ntlm_password: auth_context challenge created by NTLMSSP
callback (NTLM2)
[2012/03/19 20:14:52.159954, 10] auth/auth.c:230(check_ntlm_password)
challenge is:
[2012/03/19 20:14:52.159980, 10] auth/auth.c:256(check_ntlm_password)
check_ntlm_password: guest had nothing to say
[2012/03/19 20:14:52.167017, 2]
passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: pippo
[2012/03/19 20:14:52.172131, 4]
passdb/pdb_ldap.c:2562(ldapsam_getgroup)
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(gidNumber=1002))
[2012/03/19 20:14:52.176076, 4]
passdb/pdb_ldap.c:2562(ldapsam_getgroup)
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(gidNumber=1002))
[2012/03/19 20:14:52.176378, 5]
passdb/pdb_interface.c:1473(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2012/03/19 20:14:52.181968, 4]
passdb/pdb_ldap.c:1695(ldapsam_getsampwsid)
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-513] count=0
[2012/03/19 20:14:52.189820, 2]
passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 513
[2012/03/19 20:14:52.190190, 4]
passdb/pdb_ldap.c:2016(ldapsam_update_sam_account)
ldapsam_update_sam_account: user pippo to be modified has dn:
uid=pippo,ou=Users,dc=home,dc=local
[2012/03/19 20:14:52.190249, 2]
passdb/pdb_ldap.c:1200(init_ldap_from_sam)
init_ldap_from_sam: Setting entry for user: pippo
[2012/03/19 20:14:52.190319, 4]
passdb/pdb_ldap.c:2030(ldapsam_update_sam_account)
ldapsam_update_sam_account: mods is empty: nothing to update for
user: pippo
[2012/03/19 20:14:52.190364, 5] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: sam authentication for user [pippo] FAILED with
error NT_STATUS_WRONG_PASSWORD
[2012/03/19 20:14:52.190409, 3]
auth/auth_winbind.c:54(check_winbind_security)
check_winbind_security: Not using winbind, requested domain [HOME]
was for this SAM.
[2012/03/19 20:14:52.190434, 10] auth/auth.c:256(check_ntlm_password)
check_ntlm_password: winbind had nothing to say
[2012/03/19 20:14:52.190454, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [pippo] -> [pippo]
FAILED with error NT_STATUS_WRONG_PASSWORD
[2012/03/19 20:14:52.190480, 5] auth/auth_util.c:2119(free_user_info)
attempting to free (and zero) a user_info structure
[2012/03/19 20:14:52.190500, 10] auth/auth_util.c:2123(free_user_info)
structure was created for pippo
Noto quel "Unable to locate SID" con il SID giusto del server Samba
seguito dal -513 che leggo sopra essere il RID. Poi i due
"authentication FAILED".
In rete trovo millemila tracce di questi errori ma niente che sembri
fare al caso mio. Avete qualche idea?
Grazie in anticipo
[0]http://guide.debianizzati.org/index.php/Samba_e_OpenLDAP:_creare_un_controller_di_dominio_con_Debian_Squeeze
--
Jimmi
Maggiori informazioni sulla lista
bglug