Web lists-archives.com

Re: [Samba] Access to sharing by hostname but not by its IP




Rowland,

I downloaded the sources of the 4.6-stable version using git.
I open the file source3/auth/auth_domain.c, line 226 to understand the
role of the domain_client_validate function.
The function connect_to_domain_password_server works correctly otherwise
i would have encountered the error "domain_client_validate: Domain
password server not available." Taken at line 184.
My error occurs on line 202 as a result of calling the
rpccli_netlogon_network_logon method.
This function is defined in the source3/rpc_client/cli_netlogon.c file,
line 466.
The value of the status record is returned either by the
netlogon_creds_cli_LogonSamLogon function or by the
map_validation_to_info3 function.

The first sends and receives a structure
(netlogon_creds_cli_LogonSamLogon_send and
netlogon_creds_cli_LogonSamLogon_recv).
The second can return the error NT_STATUS_WRONG_PASSWORD following the
invocation of the copy_netr_SamBaseInfo function.

What I understand is that Samba, when it does not use winbind, tries to
perform an identification through the operating system. By using SSSD,
it is up to the operating system to validate an identification phase on
Active Directory.
So, as you recommended, I sent an email on the SSSD discussion list.

In the meantime, I try to understand ;)

I perform a "tail -f" on each log file concerned by the query
//192.168.1.2; I use this command on the RHEA server with the IP address
192.168.1.2.
* The first log file is that of sssd:
$ tail -f /var/log/sssd/sssd_nss.log
* The second log file is that of Samba:
$ tail -f /var/log/samba/log.192.168.1.104

-> Only the second log reacts with the error:
Domain_client_validate: unable to validate the password for user myident
in domain MYDOMAIN to Domain controller HERA.LOCAL.MYDOMAIN. Error was
NT_STATUS_WRONG_PASSWORD.

If I use the SMB query with the RHEA hostname, then I see the
identification trace in /var/log/sssd/sssd_nss.log and no errors in
Samba. I've read the following in RedHat documentation :

"SSSD can only connect with an Active Directory provider using its host
name. If the host name is not given, the SSSD client cannot resolve the
IP address to the host, and authentication fails."

I did what was recommended (ad_server = DC_hostname), but nothing
better! let's investigate SSSD...
I'll make you feedback about this thread.

Best regards,
-- 
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue Léonard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba