[samba-jp:19233] アクティブディレクトリに参加しても、パスワードなしで参加できない問題
柴田 健郎
takeofuture @ hotmail.com
2007年 2月 1日 (木) 07:32:43 JST
現在、
http://www.atmarkit.co.jp/flinux/special/samba3b/samba04.html
を参考に、LINUXにあるユーザーと同じWINDOWS側のアクティブディレクトリユーザー
で
アクセスしようとしてもアクセスできません。
WINBINDとかはとりあえずつかわずLINUXのほうに同一名でアクセスするユーザー名
をいれておきます。
問題1. 正式なユーザーにもかかわらずログインのポップアップがでてくる
すでに正式なアクティブヂィレクトリユーザーで
test.user (パスワード winpass)ではいっている
そこから\\samba でアクセスしようとするとポップアップ
問題2. アクティブディレクトリユーザー test.user、
パスワード winpassをいれてもまたポップアップ
mydoain\test.user / winpassでもNG
mydomain.com\test.user / winpassでもNG
samba\test.user / linuxpass
(sambaはサンバサーバー名、LinuxpassはLINUXのほうのパスワード
)
ではじめてSAMBAにアクセスできる
現状として、アクティブディレクトリには問題なくSAMBAのサーバー名が
ドメインメンバーとしてみえております。
kinit, net join ads も問題ありませんでした。
SELINUXはDISABLEし、
ファイヤーウォールもDIABLEしてもNGです。(もともとはSAMBAを許す設定でいた)
ただログインをとばせず、ログインもLINUX側のものでなければできないのです。
LINUX側で、パスワードをまったく設定していないものでもポップアップがでまし
た。
以下が\\sambaとアクセスしてから、ポップアップがでるまでのログですが
簡単にかいつまむと、
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
Ticket name is [Test.User @ MYDOMAIN.COM]
[2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
[2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
timeout_processing: End of file from client (client has disconnected).
とそんあユーザーおないといってます。
何度もやっていたら、アクティブディレクトリのTest.USerのアカウントがロックさ
れ、アクティブ
ディレクトリのほうではたしかにアクセスがされた形跡があります。
ケルベロスの問題かとおもいましたが、別件で認証をすべてアクティブディレクトリ
にする方法があったのでためしましたが、
http://www.monyo.com/technical/windows/kerberos1.html
そういった試みは問題なく成功しております。
winbindなどを利用したことを試みる前にこのあたりをきちっとしておきたいので
なんとかやってますがなかなか成功しません。
こういった方法ですでに成功されたかたがいらしゃいましたら、
どうかアドバイスいただけると助かります。
==ログ====
[2007/01/31 13:52:18, 3] smbd/oplock.c:init_oplocks(862)
open_oplock_ipc: initializing messages.
[2007/01/31 13:52:18, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260)
Linux kernel oplocks enabled
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 0 of length 137
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBnegprot (pid 5288) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN1.0]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [Windows for Workgroups 3.1a]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LM1.2X002]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN2.1]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [NT LM 0.12]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_nt1(357)
using SPNEGO
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(580)
Selected protocol NT LM 0.12
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 1 of length 1520
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 5288) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 48018 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 113554 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 1289
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
Ticket name is [Test.User @ MYDOMAIN.COM]
[2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
[2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 2 of length 1520
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 5288) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 48018 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 113554 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 1289
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
Ticket name is [Test.User @ MYDOMAIN.COM]
[2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
[2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
timeout_processing: End of file from client (client has disconnected).
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2007/01/31 13:52:18, 3] smbd/server.c:exit_server_common(675)
Server exit (normal exit)
[2007/01/31 13:52:18, 3] smbd/oplock.c:init_oplocks(862)
open_oplock_ipc: initializing messages.
[2007/01/31 13:52:18, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260)
Linux kernel oplocks enabled
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 0 of length 137
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBnegprot (pid 5289) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN1.0]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [Windows for Workgroups 3.1a]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LM1.2X002]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN2.1]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [NT LM 0.12]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_nt1(357)
using SPNEGO
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(580)
Selected protocol NT LM 0.12
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 1 of length 1520
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 5289) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 48018 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 113554 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 1289
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
Ticket name is [Test.User @ MYDOMAIN.COM]
[2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
[2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
timeout_processing: End of file from client (client has disconnected).
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2007/01/31 13:52:18, 3] smbd/server.c:exit_server_common(675)
Server exit (normal exit)
[2007/01/31 13:52:18, 3] smbd/oplock.c:init_oplocks(862)
open_oplock_ipc: initializing messages.
[2007/01/31 13:52:18, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260)
Linux kernel oplocks enabled
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 0 of length 137
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBnegprot (pid 5290) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN1.0]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [Windows for Workgroups 3.1a]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LM1.2X002]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [LANMAN2.1]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
Requested protocol [NT LM 0.12]
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_nt1(357)
using SPNEGO
[2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(580)
Selected protocol NT LM 0.12
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 1 of length 1520
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 5290) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 48018 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 113554 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 1289
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
Ticket name is [Test.User @ MYDOMAIN.COM]
[2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
[2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
Transaction 2 of length 1520
[2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
switch message SMBsesssetupX (pid 5290) conn 0x0
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
wct=12 flg2=0xc807
[2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
Doing spnego session setup
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 48018 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 2 840 113554 1 2 2
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
Got OID 1 3 6 1 4 1 311 2 2 10
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
Got secblob of size 1289
[2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
Ticket name is [Test.User @ MYDOMAIN.COM]
[2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
[2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
timeout_processing: End of file from client (client has disconnected).
[2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
_________________________________________________________________
Hotmail に直接アクセス!MSN がさらに使いやすく http://jp.msn.com/
samba-jp メーリングリストの案内