[Samba] Domain Authentication oddities

Hello List,



I am running Samba 3.0.10-1.4E on RHEL 4.0. I was able to join this server
to the domain using the 'net ads join' command and it created a machine
account in AD with the name of the server. My issue is that I can
authenticate using domain credentials when I access the server from a
Windows computer using //SMBSERVERNAME/SHARE, however when I access the
server using //SMBSERVERIPADDRESS/SHARE I can not authenticate with domain
credentials, I must use an account local to the SMB Server.
(SMBSERVERNAME/username) Please help me with this issue, I have checked a
fair amount of the archive and google to no avail. I have included snippets
of log files, config files, and some results from commands below: THANKS
FOR THE HELP!!!



Smb.conf:



[global]

realm = metrolist.dmz

security = ADS

workgroup = MTRODMZ

netbios name = FS03

server string = Samba %v on %m

encrypt passwords = Yes

username map = /etc/samba/smbusers

password server = DMZDC02.METROLIST.DMZ

log level = 1

log file = /var/log/samba/%m.log

max log size = 1000

socket options = IPTOS_LOWDELAY TCP_NODELAY

os level = 1

preferred master = False

local master = No

template primary group = "Domain Users"

template shell = /bin/bash

winbind separator = +

domain master = False

dns proxy = No

guest ok = Yes

hosts allow = 192.168. 127.0.0.1

printing = lprng

idmap uid = 10000-20000

idmap gid = 10000-20000



nsswitch.conf:



passwd: files winbindd

shadow: files winbindd

group: files winbindd

hosts: files dns wins



smbd.log:

[2005/10/03 15:53:41, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/03 15:53:55, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 08:50:36, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 08:50:39, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 08:50:47, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 08:50:52, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 08:50:55, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 08:56:10, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 08:56:16, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 09:01:45, 0] lib/util_sock.c:get_peer_addr(1000)

getpeername failed. Error was Transport endpoint is not connected

[2005/10/04 09:06:13, 1] smbd/server.c:open_sockets_smbd(348)

Reloading services after SIGHUP

[2005/10/04 09:06:13, 1] printing/printing.c:start_background_queue(1257)

Reloading services after SIGHUP



winbindd.log:

[2005/10/06 10:37:06, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)

Kinit failed: Preauthentication failed

[2005/10/06 10:37:15, 0] libads/kerberos.c:ads_kinit_password(146)

kerberos_kinit_password host/FS03@METROLIST.DMZ failed: Preauthentication
failed

[2005/10/06 10:37:15, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)

ads_connect for domain MTRODMZ failed: Preauthentication failed

[2005/10/06 10:39:44, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764)

Kinit failed: Preauthentication failed



0.0.0.0.log

[2005/10/06 09:58:40, 0] lib/util_sock.c:read_socket_data(384)

read_socket_data: recv failure for 4. Error = Connection reset by peer

[2005/10/06 09:58:44, 0] lib/util_sock.c:read_socket_data(384)

read_socket_data: recv failure for 4. Error = Connection reset by peer

[2005/10/06 09:58:48, 0] lib/util_sock.c:read_socket_data(384)

read_socket_data: recv failure for 4. Error = Connection reset by peer

[2005/10/06 10:36:56, 0] lib/util_sock.c:read_socket_data(384)

read_socket_data: recv failure for 4. Error = Connection reset by peer

[2005/10/06 10:36:58, 0] lib/util_sock.c:read_socket_data(384)

read_socket_data: recv failure for 4. Error = Connection reset by peer



Nmbd.log

[2005/10/05 04:02:02, 0] nmbd/nmbd.c:process(542)

Got SIGHUP dumping debug info.

[2005/10/05 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(284)

dump_workgroups()

dump workgroup on subnet 192.168.250.78: netmask= 255.255.255.0:

MTRODMZ(1) current master browser = DMZDC02

FS03 40009b03 (FS03)

DMZDC02 4204102b ()

WEBS10 40849003 ()

WEBS09 40849003 ()

[2005/10/06 09:57:42, 0] nmbd/nmbd.c:terminate(56)

Got SIGTERM: going down...

[2005/10/06 09:57:42, 0] nmbd/nmbd.c:main(669)

Netbios nameserver version 3.0.10-1.4E started.

Copyright Andrew Tridgell and the Samba Team 1994-2004

[2005/10/06 10:36:18, 0] nmbd/nmbd.c:terminate(56)

Got SIGTERM: going down...

[2005/10/06 10:36:18, 0] nmbd/nmbd.c:main(669)

Netbios nameserver version 3.0.10-1.4E started.

Copyright Andrew Tridgell and the Samba Team 1994-2004





[bluemoon@fs01 etc]#net ads user -U Administrator

<Shows domain user accounts>



[bluemoon@fs01 etc]# wbinfo -u

Error looking up domain users



[bluemoon@fs01 etc]# wbinfo -g

BUILTIN+System Operators

BUILTIN+Replicators

BUILTIN+Guests

BUILTIN+Power Users

BUILTIN+Print Operators

BUILTIN+Administrators

BUILTIN+Account Operators

BUILTIN+Backup Operators

BUILTIN+Users







Thanks again for any help



Eduard Tieseler

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba