URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 93424
[ Назад ]

Исходное сообщение
"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено Dark Smoke , 29-Май-12 14:43

Не как не могу ввести компьютер в домен, пишет:
При присоеденении к домену "remi" произошла следующая ошибка:
Сетевой пароль указан не верно.
# uname -a
FreeBSD PDC.local 8.3-RELEASE FreeBSD 8.3-RELEASE #0: Mon Apr  9 21:23:18 UTC 2012     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
Лог файл
# tail /var/log/messages
May 24 12:00:00 PDC newsyslog[35121]: logfile turned over due to size>100K
May 24 12:02:32 PDC smbd[35148]: [2012/05/24 12:02:32.877134,  0] rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3)
May 24 12:02:33 PDC smbd[35148]:   _netr_ServerAuthenticate: no challenge sent to client MANAGER5
May 24 12:02:34 PDC smbd[35149]: [2012/05/24 12:02:34.262432,  0] ../libcli/auth/smbencrypt.c:589(decode_pw_buffer)
May 24 12:02:34 PDC smbd[35149]:   decode_pw_buffer: incorrect password length (477368547).
May 24 12:02:34 PDC smbd[35149]: [2012/05/24 12:02:34.262494,  0] ../libcli/auth/smbencrypt.c:590(decode_pw_buffer)
May 24 12:02:34 PDC smbd[35149]:   decode_pw_buffer: check that 'encrypt passwords = yes'
May 24 12:02:34 PDC smbd[35149]: [2012/05/24 12:02:34.687787,  0] passdb/pdb_interface.c:431(smb_delete_user)
May 24 12:02:34 PDC smbd[35149]:   smb_delete_user: Running the command `/usr/local/sbin/ldapdeleteuser 'manager5$'' gave
Конфиг самбы
# cat /usr/local/etc/smb.conf
[global]
    workgroup = remi
    server string = PDC
    netbios name = PDC
    security = user
    hosts allow = 192.168.100. 127.
    load printers = no
    log file = /var/log/samba/log.%m
    max log size = 500
    acl compatibility = win2k
encrypt passwords = yes
    admin users = admin
    passdb backend = ldapsam:ldap://localhost/
socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY
min receivefile size=16384
use sendfile=true
aio read size = 16384
aio write size = 16384
aio write behind = true
ldap suffix = dc=remi,dc=local
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap admin dn = "cn=root,dc=remi,dc=local"
ldap delete dn = no
ldap ssl = off
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = @
winbind use default domain = yes
local master = yes
os level = 255
domain master = yes
preferred master = yes
domain logons = yes
logon script = %G.cmd
logon path =
logon home = \\pdc\home
logon drive = Z:
wins support = yes
dns proxy = no
display charset = cp1251
unix charset = cp1251
dos charset = cp866
time server = yes
add machine script = /usr/local/sbin/ldapaddmachine '%u' computers
add user script = /usr/local/sbin/ldapadduser '%u' users
add group script = /usr/local/sbin/ldapaddgroup '%g'
add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
delete user script = /usr/local/sbin/ldapdeleteuser '%u'
delete group script = /usr/local/sbin/ldapdeletegroup '%g'
delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
force create mode  = 0640
   force directory mode = 0750
   create mask = 0640
   directory mask = 0750
   force user = root
   force group = wheel
[home]
   comment = Home Directories
   path = /home/samba/homes/%U
   read only = no
   public = no
   writable = yes
   create mask = 0600
   browseable = no
   directory mask = 0700
[netlogon]
   comment = Network Logon Service
   path = /usr/local/etc/samba/netlogon
   guest ok = yes
   writable = no
   share modes = no
   browseable = no
[profiles]
    create mask = 0600
    directory mask = 0700
    path = /home/samba/profiles/%u
    writeable = yes
    browseable = no
    locking = no
[IPC$]
path = /tmp
hosts allow = 192.168.100.0/24 127.0.0.1
hosts deny = 0.0.0.0/0
[public]
   comment = Public share
   path = /share/public
   browseable = yes
   public = no
   writable = yes
   force create mode  = 0640
   force directory mode = 0750
   create mask = 0640
   directory mask = 0750
   force user = root
   force group = wheel

Содержание

Не могу ввести компьютер в домен Samba, FreeBSD,Dark Smoke, 17:18 , 29-Май-12
- Не могу ввести компьютер в домен Samba, FreeBSD,ALex_hha, 23:26 , 30-Май-12
  - Не могу ввести компьютер в домен Samba, FreeBSD,Dark Smoke, 13:02 , 08-Авг-12
    - Не могу ввести компьютер в домен Samba, FreeBSD,Dark Smoke, 14:48 , 08-Авг-12
      - Не могу ввести компьютер в домен Samba, FreeBSD,ALex_hha, 18:07 , 08-Авг-12
        
        Не могу ввести компьютер в домен Samba, FreeBSD,Dark Smoke, 12:56 , 13-Авг-12
Не могу ввести компьютер в домен Samba, FreeBSD,gardener, 02:30 , 15-Авг-12
- Не могу ввести компьютер в домен Samba, FreeBSD,Dark Smoke, 09:35 , 17-Авг-12
  - Не могу ввести компьютер в домен Samba, FreeBSD,gardener, 13:47 , 20-Авг-12

Сообщения в этом обсуждении

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено Dark Smoke , 29-Май-12 17:18

лог когда пытаюсь ввести машину в домен debug.log
May 29 16:04:50 PDC slapd[37306]: conn=5 op=103 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
May 29 16:04:50 PDC slapd[37306]: conn=5 op=103 SEARCH RESULT tag=101 err=0 nentries=0 text=
May 29 16:04:50 PDC slapd[37306]: conn=4 op=417 SRCH base="dc=remi,dc=local" scope=2 deref=0 filter="(&(uid=admin)(objectClass=sambaSamAccount))"
May 29 16:04:50 PDC slapd[37306]: conn=4 op=417 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
May 29 16:04:50 PDC slapd[37306]: conn=4 op=417 SRCH attr=homeDirectory loginShell gecos
May 29 16:04:50 PDC slapd[37306]: conn=4 op=417 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 29 16:04:50 PDC slapd[37306]: conn=3 op=339 SRCH base="ou=groups,dc=remi,dc=local" scope=1 deref=0 filter="(&(objectClass=posixGroup)(gidNumber=10012))"
May 29 16:04:50 PDC slapd[37306]: conn=3 op=339 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
May 29 16:04:50 PDC slapd[37306]: conn=3 op=339 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 29 16:04:50 PDC slapd[37306]: conn=3 op=340 SRCH base="ou=groups,dc=remi,dc=local" scope=1 deref=0 filter="(&(objectClass=posixGroup)(gidNumber=10012))"
May 29 16:04:50 PDC slapd[37306]: conn=3 op=340 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
May 29 16:04:50 PDC slapd[37306]: conn=3 op=340 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 29 16:04:50 PDC slapd[37306]: conn=4 op=418 SRCH base="dc=remi,dc=local" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
May 29 16:04:50 PDC slapd[37306]: conn=4 op=418 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
May 29 16:04:50 PDC slapd[37306]: conn=4 op=418 SEARCH RESULT tag=101 err=0 nentries=0 text=
May 29 16:04:50 PDC slapd[37306]: conn=67 fd=35 closed (connection lost)
May 29 16:04:50 PDC slapd[37306]: conn=4 op=419 SRCH base="" scope=2 deref=0 filter="(objectClass=sambaTrustedDomainPassword)"
May 29 16:04:50 PDC slapd[37306]: conn=4 op=419 SRCH attr=sambaDomainName sambaSID
May 29 16:04:50 PDC slapd[37306]: conn=4 op=419 SEARCH RESULT tag=101 err=32 nentries=0 text=

id admin
uid=10000(admin) gid=10012(admins) groups=10012(admins)

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено ALex_hha , 30-Май-12 23:26

# net rpc join -U root MEMBER -d 3
и смотреть на что он ругается

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено Dark Smoke , 08-Авг-12 13:02

#  net rpc join -U root alex -d 3
[2012/08/08 11:57:58,  3] param/loadparm.c:9209(lp_load_ex)
  lp_load_ex: refreshing parameters
[2012/08/08 11:57:58,  3] param/loadparm.c:4948(init_globals)
  Initialising global parameters
[2012/08/08 11:57:58.844972,  3] ../lib/util/params.c:550(pm_process)
  params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf"
[2012/08/08 11:57:58.845009,  3] param/loadparm.c:7893(do_section)
  Processing section "[global]"
[2012/08/08 11:57:58.846008,  2] lib/interface.c:340(add_interface)
  added interface vlan6 ip=172.16.16.16 bcast=172.16.16.255 netmask=255.255.255.0
[2012/08/08 11:57:58.846072,  2] lib/interface.c:340(add_interface)
  added interface vlan7 ip=172.17.17.17 bcast=172.17.17.255 netmask=255.255.255.0
[2012/08/08 11:57:58.846087,  2] lib/interface.c:340(add_interface)
  added interface em0 ip=192.168.100.250 bcast=192.168.100.255 netmask=255.255.255.0
[2012/08/08 11:57:58.846100,  2] lib/interface.c:340(add_interface)
  added interface em1 ip=192.168.200.1 bcast=192.168.200.255 netmask=255.255.255.0
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf"
Processing section "[global]"
added interface vlan6 ip=172.16.16.16 bcast=172.16.16.255 netmask=255.255.255.0
added interface vlan7 ip=172.17.17.17 bcast=172.17.17.255 netmask=255.255.255.0
added interface em0 ip=192.168.100.250 bcast=192.168.100.255 netmask=255.255.255.0
added interface em1 ip=192.168.200.1 bcast=192.168.200.255 netmask=255.255.255.0
Connecting to host=PDC
Connecting to 192.168.100.250 at port 445
rpc command function failed! (NT_STATUS_NOT_SUPPORTED)
Enter root's password:
Connecting to host=PDC
Connecting to 192.168.100.250 at port 445
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE
Could not connect to server PDC
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
return code = 1

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено Dark Smoke , 08-Авг-12 14:48

Что с этим делать?

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено ALex_hha , 08-Авг-12 18:07

SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE
Could not connect to server PDC
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
return code = 1
ну тут как бы все сказано

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено Dark Smoke , 13-Авг-12 12:56

Говорит что не может подключится к серверу.
пароль правильный ввожу.
Что делать? Скажите этапы диагностики.
Я новичок учусь только.

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено gardener , 15-Авг-12 02:30

> Не как не могу ввести компьютер в домен, пишет:
> При присоеденении к домену "remi" произошла следующая ошибка:
> Сетевой пароль указан не верно.
> May 24 12:02:33 PDC smbd[35148]:   _netr_ServerAuthenticate: no challenge sent to
> client MANAGER5
> May 24 12:02:34 PDC smbd[35149]: [2012/05/24 12:02:34.262432,  0] ../libcli/auth/smbencrypt.c:589(decode_pw_buffer)
> May 24 12:02:34 PDC smbd[35149]:   decode_pw_buffer: incorrect password length (477368547).
> May 24 12:02:34 PDC smbd[35149]: [2012/05/24 12:02:34.262494,  0] ../libcli/auth/smbencrypt.c:590(decode_pw_buffer)
А что отвечает за шифрование? Похоже проблема в нем, а не в самбе.

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено Dark Smoke , 17-Авг-12 09:35

Я извиняюсь за ламерский вопрос, а как это узнать? Керберос я не ставил.

"Не могу ввести компьютер в домен Samba, FreeBSD"
Отправлено gardener , 20-Авг-12 13:47

> Я извиняюсь за ламерский вопрос, а как это узнать?
В документации http://wiki.samba.org/index.php/Samba_&_Active_Directory в секции [GLOBAL] параметр security должен быть ADS, а не user.
> Керберос я не ставил.
А как без него ввести машину в домен? Нужно ставить и настраивать.