[samba-jp:19234] Re: アクティブディレクトリに参加しても、パスワードなしで参加できない問題

Toshihiro Kano kanout @ nttdata.co.jp
2007年 2月 1日 (木) 09:45:53 JST 

加納です。

希望されている構成がいまひとつ分からないのですが、
参考にされたたかはしさんの記事は、一般的なAD連携
です。

> WINBINDとかはとりあえずつかわずLINUXのほうに同一
> 名でアクセスするユーザー名をいれておきます。

AD連携には、WINBINDがなくては動きませんし、AD連携
において、Linux側にuser登録する必要もありません。

もう一度、記事の内容を順番どおり丁寧に実施されると
よいと思います。



柴田 健郎 wrote:
> 現在、
> http://www.atmarkit.co.jp/flinux/special/samba3b/samba04.html
>
> を参考に、LINUXにあるユーザーと同じWINDOWS側のアクティブディレクトリ
> ユーザー
>> アクセスしようとしてもアクセスできません。
> WINBINDとかはとりあえずつかわずLINUXのほうに同一名でアクセスするユー
> ザー名
> をいれておきます。
>
> 問題1. 正式なユーザーにもかかわらずログインのポップアップがでてくる
>        すでに正式なアクティブヂィレクトリユーザーで
> test.user (パスワード winpass)ではいっている
>        そこから\\samba でアクセスしようとするとポップアップ
>      
> 問題2. アクティブディレクトリユーザー test.user、
>       パスワード winpassをいれてもまたポップアップ
>       mydoain\test.user / winpassでもNG
>       mydomain.com\test.user / winpassでもNG
>
> samba\test.user / linuxpass       (sambaはサンバサーバー名、
> LinuxpassはLINUXのほうのパスワード
>  )
>       ではじめてSAMBAにアクセスできる
>
> 現状として、アクティブディレクトリには問題なくSAMBAのサーバー名が
> ドメインメンバーとしてみえております。
> kinit, net join ads も問題ありませんでした。
>
> SELINUXはDISABLEし、
> ファイヤーウォールもDIABLEしてもNGです。(もともとはSAMBAを許す設定で
> いた)
>
> ただログインをとばせず、ログインもLINUX側のものでなければできないのです。
> LINUX側で、パスワードをまったく設定していないものでもポップアップがでまし
> た。
>
> 以下が\\sambaとアクセスしてから、ポップアップがでるまでのログですが
> 簡単にかいつまむと、
>
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
> Ticket name is [Test.User @ MYDOMAIN.COM]
> [2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
> make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
> [2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
> error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
> timeout_processing: End of file from client (client has disconnected).
>
> とそんあユーザーおないといってます。
> 何度もやっていたら、アクティブディレクトリのTest.USerのアカウントが
> ロックさ
> れ、アクティブ
> ディレクトリのほうではたしかにアクセスがされた形跡があります。
>
> ケルベロスの問題かとおもいましたが、別件で認証をすべてアクティブディレ
> クトリ
>
> にする方法があったのでためしましたが、
> http://www.monyo.com/technical/windows/kerberos1.html
> そういった試みは問題なく成功しております。
>
> winbindなどを利用したことを試みる前にこのあたりをきちっとしておきたいので
> なんとかやってますがなかなか成功しません。
> こういった方法ですでに成功されたかたがいらしゃいましたら、
> どうかアドバイスいただけると助かります。
>
>
> ==ログ====
>
>
> [2007/01/31 13:52:18, 3] smbd/oplock.c:init_oplocks(862)
> open_oplock_ipc: initializing messages.
> [2007/01/31 13:52:18, 3]
> smbd/oplock_linux.c:linux_init_kernel_oplocks(260)
> Linux kernel oplocks enabled
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 0 of length 137
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBnegprot (pid 5288) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [PC NETWORK PROGRAM 1.0]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LANMAN1.0]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [Windows for Workgroups 3.1a]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LM1.2X002]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LANMAN2.1]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [NT LM 0.12]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_nt1(357)
> using SPNEGO
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(580)
> Selected protocol NT LM 0.12
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 1 of length 1520
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBsesssetupX (pid 5288) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
> wct=12 flg2=0xc807
> [2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
> Doing spnego session setup
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
> NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
> 5.1] PrimaryDomain=[]
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 48018 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 113554 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 3 6 1 4 1 311 2 2 10
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
> Got secblob of size 1289
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
> Ticket name is [Test.User @ MYDOMAIN.COM]
> [2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
> make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
> [2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
> error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 2 of length 1520
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBsesssetupX (pid 5288) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
> wct=12 flg2=0xc807
> [2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
> Doing spnego session setup
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
> NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
> 5.1] PrimaryDomain=[]
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 48018 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 113554 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 3 6 1 4 1 311 2 2 10
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
> Got secblob of size 1289
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
> Ticket name is [Test.User @ MYDOMAIN.COM]
> [2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
> make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
> [2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
> error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
> timeout_processing: End of file from client (client has disconnected).
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to [2007/01/31 13:52:18, 3]
> smbd/server.c:exit_server_common(675)
> Server exit (normal exit)
> [2007/01/31 13:52:18, 3] smbd/oplock.c:init_oplocks(862)
> open_oplock_ipc: initializing messages.
> [2007/01/31 13:52:18, 3]
> smbd/oplock_linux.c:linux_init_kernel_oplocks(260)
> Linux kernel oplocks enabled
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 0 of length 137
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBnegprot (pid 5289) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [PC NETWORK PROGRAM 1.0]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LANMAN1.0]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [Windows for Workgroups 3.1a]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LM1.2X002]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LANMAN2.1]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [NT LM 0.12]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_nt1(357)
> using SPNEGO
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(580)
> Selected protocol NT LM 0.12
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 1 of length 1520
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBsesssetupX (pid 5289) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
> wct=12 flg2=0xc807
> [2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
> Doing spnego session setup
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
> NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
> 5.1] PrimaryDomain=[]
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 48018 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 113554 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 3 6 1 4 1 311 2 2 10
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
> Got secblob of size 1289
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
> Ticket name is [Test.User @ MYDOMAIN.COM]
> [2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
> make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
> [2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
> error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
> timeout_processing: End of file from client (client has disconnected).
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/connection.c:yield_connection(69)
> Yielding connection to [2007/01/31 13:52:18, 3]
> smbd/server.c:exit_server_common(675)
> Server exit (normal exit)
> [2007/01/31 13:52:18, 3] smbd/oplock.c:init_oplocks(862)
> open_oplock_ipc: initializing messages.
> [2007/01/31 13:52:18, 3]
> smbd/oplock_linux.c:linux_init_kernel_oplocks(260)
> Linux kernel oplocks enabled
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 0 of length 137
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBnegprot (pid 5290) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [PC NETWORK PROGRAM 1.0]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LANMAN1.0]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [Windows for Workgroups 3.1a]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LM1.2X002]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [LANMAN2.1]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(487)
> Requested protocol [NT LM 0.12]
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_nt1(357)
> using SPNEGO
> [2007/01/31 13:52:18, 3] smbd/negprot.c:reply_negprot(580)
> Selected protocol NT LM 0.12
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 1 of length 1520
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBsesssetupX (pid 5290) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
> wct=12 flg2=0xc807
> [2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
> Doing spnego session setup
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
> NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
> 5.1] PrimaryDomain=[]
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 48018 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 113554 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 3 6 1 4 1 311 2 2 10
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
> Got secblob of size 1289
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
> Ticket name is [Test.User @ MYDOMAIN.COM]
> [2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
> make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
> [2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
> error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2007/01/31 13:52:18, 3] smbd/process.c:process_smb(1110)
> Transaction 2 of length 1520
> [2007/01/31 13:52:18, 3] smbd/process.c:switch_message(914)
> switch message SMBsesssetupX (pid 5290) conn 0x0
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849)
> wct=12 flg2=0xc807
> [2007/01/31 13:52:18, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660)
> Doing spnego session setup
> [2007/01/31 13:52:18, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691)
> NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002
> 5.1] PrimaryDomain=[]
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 48018 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 2 840 113554 1 2 2
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(551)
> Got OID 1 3 6 1 4 1 311 2 2 10
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(554)
> Got secblob of size 1289
> [2007/01/31 13:52:18, 3] smbd/sesssetup.c:reply_spnego_kerberos(207)
> Ticket name is [Test.User @ MYDOMAIN.COM]
> [2007/01/31 13:52:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
> make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!
> [2007/01/31 13:52:18, 3] smbd/error.c:error_packet(146)
> error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2007/01/31 13:52:18, 3] smbd/process.c:timeout_processing(1359)
> timeout_processing: End of file from client (client has disconnected).
> [2007/01/31 13:52:18, 3] smbd/sec_ctx.c:set_sec_ctx(241)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>
>
>
>        
>
> _________________________________________________________________
> Hotmail に直接アクセス!MSN がさらに使いやすく http://jp.msn.com/
>

samba-jp メーリングリストの案内