Regedit [Samba]

Prev: Windows Server 2008 R2 backup with windows server backup
Next: Samba PDC LDAP and LDAP Aliases

From: Nick Pappin on 10 Dec 2009 14:50

On Tue, Dec 8, 2009 at 4:40 PM, Nick Pappin <npappin(a)latahfcu.org> wrote:

> Hey Everyone,
> So here is what is going on I have two computers on the same network
> that are both connected to the PDC of a samba domain (on the same network
> segment):
>
>
> ____________________________________________
> |
> | |
> |
> | |
> _________
> _________ ______
> | comp1 | | comp2 |
> | PDC |
> ---------------
> --------------- ----------
>
> Now when i try to connect to the registry of comp1 from comp2 I get an
> error saying i don't have permission to connect using the domain
> administrator account. This also coincides with a name mismatch error:
>
> [2009/12/08 16:10:43, 0] lib/util_sock.c:matchname(1721)
> matchname: host name/name mismatch: FOO != FOO.bar.com
>
> Could this be causing my problem and how should I troubleshoot this
> problem. Any ideas would be greatly appreciated.
>
> Thanks,
> Nick
>
>

Hi everyone,
I have fixed the mismatch error but it still isn't working I was
hoping someone could help me. From what I can tell in the logs I am
authenticating on the machine however then I see a wrong password entry.
Could someone please explain to me what is going on.

I have attached a level 2 log file if you need higher I can do that as well.

[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: root
[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
init_group_from_ldap: Entry found for group: 512
[2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: root
[2009/12/10 11:21:49, 0] lib/util_sock.c:matchname(1749)
matchname: host name/address mismatch: ::ffff:192.168.1.200 != it0
[2009/12/10 11:21:49, 0] lib/util_sock.c:get_peer_name(1870)
Matchname failed on it0 ::ffff:192.168.1.200
[2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
Returning domain sid for domain LATAHFCU ->
S-1-5-21-2238568125-4161709326-2298815865
[2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
Returning domain sid for domain LATAHFCU ->
S-1-5-21-2238568125-4161709326-2298815865
[2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
Returning domain sid for domain LATAHFCU ->
S-1-5-21-2238568125-4161709326-2298815865
[2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
Returning domain sid for domain LATAHFCU ->
S-1-5-21-2238568125-4161709326-2298815865
[2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2009/12/10 11:21:49, 2] lib/smbldap.c:smbldap_open_connection(856)
smbldap_open_connection: connection opened
[2009/12/10 11:21:49, 2] lib/module.c:do_smb_load_module(64)
Module '/usr/lib64/samba/vfs/full_audit.so' loaded
[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: root
[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
init_ldap_from_sam: Setting entry for user: root
[2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [Administrator] -> [root]
FAILED with error NT_STATUS_WRONG_PASSWORD
[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: root
[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
init_group_from_ldap: Entry found for group: 512
[2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: root
[2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
[2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
init_sam_from_ldap: Entry found for user: root
[2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
init_ldap_from_sam: Setting entry for user: root
[2009/12/10 11:21:54, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [Administrator] -> [root]
FAILED with error NT_STATUS_WRONG_PASSWORD

Thank you for your time,
--
Nick
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From: Gaiseric Vandal on 11 Dec 2009 11:30

On 12/10/09 14:39, Nick Pappin wrote:
> On Tue, Dec 8, 2009 at 4:40 PM, Nick Pappin<npappin(a)latahfcu.org> wrote:
>
>
>> Hey Everyone,
>> So here is what is going on I have two computers on the same network
>> that are both connected to the PDC of a samba domain (on the same network
>> segment):
>>
>>
>> ____________________________________________
>> |
>> | |
>> |
>> | |
>> _________
>> _________ ______
>> | comp1 | | comp2 |
>> | PDC |
>> ---------------
>> --------------- ----------
>>
>> Now when i try to connect to the registry of comp1 from comp2 I get an
>> error saying i don't have permission to connect using the domain
>> administrator account. This also coincides with a name mismatch error:
>>
>> [2009/12/08 16:10:43, 0] lib/util_sock.c:matchname(1721)
>> matchname: host name/name mismatch: FOO != FOO.bar.com
>>
>> Could this be causing my problem and how should I troubleshoot this
>> problem. Any ideas would be greatly appreciated.
>>
>> Thanks,
>> Nick
>>
>>
>>
> Hi everyone,
> I have fixed the mismatch error but it still isn't working I was
> hoping someone could help me. From what I can tell in the logs I am
> authenticating on the machine however then I see a wrong password entry.
> Could someone please explain to me what is going on.
>
> I have attached a level 2 log file if you need higher I can do that as well.
>
>
>
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
> init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
> init_group_from_ldap: Entry found for group: 512
> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
> succeeded
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
> init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49, 0] lib/util_sock.c:matchname(1749)
> matchname: host name/address mismatch: ::ffff:192.168.1.200 != it0
> [2009/12/10 11:21:49, 0] lib/util_sock.c:get_peer_name(1870)
> Matchname failed on it0 ::ffff:192.168.1.200
> [2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
> Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
> Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
> Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
> Returning domain sid for domain LATAHFCU ->
> S-1-5-21-2238568125-4161709326-2298815865
> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
> old resources.
> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
> old resources.
> [2009/12/10 11:21:49, 2] lib/smbldap.c:smbldap_open_connection(856)
> smbldap_open_connection: connection opened
> [2009/12/10 11:21:49, 2] lib/module.c:do_smb_load_module(64)
> Module '/usr/lib64/samba/vfs/full_audit.so' loaded
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
> init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
> init_ldap_from_sam: Setting entry for user: root
> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(318)
> check_ntlm_password: Authentication for user [Administrator] -> [root]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
> init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
> init_group_from_ldap: Entry found for group: 512
> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
> succeeded
> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
> init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
> check_ntlm_password: authentication for user [root] -> [root] -> [root]
> succeeded
> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
> init_sam_from_ldap: Entry found for user: root
> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
> init_ldap_from_sam: Setting entry for user: root
> [2009/12/10 11:21:54, 2] auth/auth.c:check_ntlm_password(318)
> check_ntlm_password: Authentication for user [Administrator] -> [root]
> FAILED with error NT_STATUS_WRONG_PASSWORD
>
>
> Thank you for your time,
> --
> Nick
>

Did you map the Administrator account to the root account?

I would try either creating an Administrator account in unix and not
have the mapping or try adding another WIndows account to the domain
admin group and seeing if that account can to the remote registry
management.

If you log in to a PC as a Domain Administrator, are you able to do
Administrative things like adding local users?

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From: Nick Pappin on 14 Dec 2009 13:40

On Fri, Dec 11, 2009 at 8:27 AM, Gaiseric Vandal
<gaiseric.vandal(a)gmail.com>wrote:

> On 12/10/09 14:39, Nick Pappin wrote:
>
>> On Tue, Dec 8, 2009 at 4:40 PM, Nick Pappin<npappin(a)latahfcu.org> wrote:
>>
>>
>>
>>> Hey Everyone,
>>> So here is what is going on I have two computers on the same network
>>> that are both connected to the PDC of a samba domain (on the same network
>>> segment):
>>>
>>>
>>> ____________________________________________
>>> |
>>> | |
>>> |
>>> | |
>>> _________
>>> _________ ______
>>> | comp1 | | comp2 |
>>> | PDC |
>>> ---------------
>>> --------------- ----------
>>>
>>> Now when i try to connect to the registry of comp1 from comp2 I get an
>>> error saying i don't have permission to connect using the domain
>>> administrator account. This also coincides with a name mismatch error:
>>>
>>> [2009/12/08 16:10:43, 0] lib/util_sock.c:matchname(1721)
>>> matchname: host name/name mismatch: FOO != FOO.bar.com
>>>
>>> Could this be causing my problem and how should I troubleshoot this
>>> problem. Any ideas would be greatly appreciated.
>>>
>>> Thanks,
>>> Nick
>>>
>>>
>>>
>>>
>> Hi everyone,
>> I have fixed the mismatch error but it still isn't working I was
>> hoping someone could help me. From what I can tell in the logs I am
>> authenticating on the machine however then I see a wrong password entry.
>> Could someone please explain to me what is going on.
>>
>> I have attached a level 2 log file if you need higher I can do that as
>> well.
>>
>>
>>
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
>> init_group_from_ldap: Entry found for group: 512
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
>> check_ntlm_password: authentication for user [root] -> [root] ->
>> [root]
>> succeeded
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 0] lib/util_sock.c:matchname(1749)
>> matchname: host name/address mismatch: ::ffff:192.168.1.200 != it0
>> [2009/12/10 11:21:49, 0] lib/util_sock.c:get_peer_name(1870)
>> Matchname failed on it0 ::ffff:192.168.1.200
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2]
>> rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456)
>> Returning domain sid for domain LATAHFCU ->
>> S-1-5-21-2238568125-4161709326-2298815865
>> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all
>> old resources.
>> [2009/12/10 11:21:49, 2] smbd/sesssetup.c:setup_new_vc_session(1368)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all
>> old resources.
>> [2009/12/10 11:21:49, 2] lib/smbldap.c:smbldap_open_connection(856)
>> smbldap_open_connection: connection opened
>> [2009/12/10 11:21:49, 2] lib/module.c:do_smb_load_module(64)
>> Module '/usr/lib64/samba/vfs/full_audit.so' loaded
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
>> init_ldap_from_sam: Setting entry for user: root
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(318)
>> check_ntlm_password: Authentication for user [Administrator] -> [root]
>> FAILED with error NT_STATUS_WRONG_PASSWORD
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_group_from_ldap(2366)
>> init_group_from_ldap: Entry found for group: 512
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
>> check_ntlm_password: authentication for user [root] -> [root] ->
>> [root]
>> succeeded
>> [2009/12/10 11:21:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:49, 2] auth/auth.c:check_ntlm_password(308)
>> check_ntlm_password: authentication for user [root] -> [root] ->
>> [root]
>> succeeded
>> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)
>> init_sam_from_ldap: Entry found for user: root
>> [2009/12/10 11:21:54, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128)
>> init_ldap_from_sam: Setting entry for user: root
>> [2009/12/10 11:21:54, 2] auth/auth.c:check_ntlm_password(318)
>> check_ntlm_password: Authentication for user [Administrator] -> [root]
>> FAILED with error NT_STATUS_WRONG_PASSWORD
>>
>>
>> Thank you for your time,
>> --
>> Nick
>>
>>
>
> Did you map the Administrator account to the root account?
>
> I would try either creating an Administrator account in unix and not have
> the mapping or try adding another WIndows account to the domain admin group
> and seeing if that account can to the remote registry management.
>
>
> If you log in to a PC as a Domain Administrator, are you able to do
> Administrative things like adding local users?
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>

Yes I have set up a username map. When I log into the PC as a Domain
Administrator I am able to connect to remote machines registry. I did forget
to mention that I am using an ldap backend so my Administrator and root
accounts are one in the same. However when I log in as a local administrator
and try to use domain credentials it fails to work.

--
Nick
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

|
Pages: 1
Prev: Windows Server 2008 R2 backup with windows server backup
Next: Samba PDC LDAP and LDAP Aliases