Samba4 - PDC and windows 2000 how to make friends?

D

Dmitry Shvedchenko2015-06-05 18:06:38

linux

Dmitry Shvedchenko, 2015-06-05 18:06:38

Greetings dear community!
Please advise what could be wrong.
Installed Samba4 as a domain controller, authorizes workstations in the domain. The problem arises with a couple of machines where win2000Server is running, namely: the machine enters the domain without problems, but one service is running on the machine, which should be started from the domain user. The service sees domain users, but when you click apply, I get an error that such a user or group was not found ... The following error is visible in the samba logs:

../source4/rpc_server/handles.c:102: Attempt to use invalid sid S-1-5-21-1361936360-2398760880-742651799-1148 - S-1-5-7

../source4/rpc_server/handles.c:102 - the code shows that the data comparison does not pass...but why then does windows send nonsense? The same procedure on win7 is successful... (Suggestions not to use win2000 are not considered...) or AD from Microsoft...
samba config:

# Global parameters
[global]
workgroup = NMEDIA
realm = NMEDIA.LOCAL
netbios name = DUS-PDC-01
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
log level = 0
idmap config * :backend =rid
idmap config * :base_rid = 0
lanman auth = yes
ntlm auth = yes
client ntlmv2 auth = yes
[netlogon]
path = /var/ lib/samba/sysvol/nmedia.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No

Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

Konkase, 2015-06-06
@Konkase

enable log level = 3 and take a closer look

D

Dmitry Shvedchenko, 2015-06-06
@kbu

here is the log level 3:
when entering the domain

Jun 6 20:20:44 dus-pdc-01 samba[2231]: [2015/06/06 20:20:44.750693, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
Jun 6 20: 20:44 dus-pdc-01 samba[2231]: NTLMSSP NTLM2 packet check failed due to invalid signature!
Jun 6 20:21:55 dus-pdc-01 samba[2227]: [2015/06/06 20:21:55.504309, 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn)
Jun 6 20:21:55 dus-pdc-01 samba[2227]: Failed to modify SPNs on CN=WIN2000,CN=Computers,DC=nmedia,DC=local: error in module acl: Constraint violation (19)

when starting the service:

Jun 6 20:23:45 dus-pdc-01 samba[2227]: [2015/06/06 20:23:45.337839, 0] ../source4/rpc_server/handles.c:102(dcesrv_handle_fetch)
Jun 6 20: 23:45 dus-pdc-01 samba[2227]: ../source4/rpc_server/handles.c:102: Attempt to use invalid sid S-1-5-21-1361936360-2398760880-742651799-1150 - S-1 -5-7
Jun 6 20:23:45 dus-pdc-01 samba[2227]: [2015/06/06 20:23:45.339229, 0] ../source4/rpc_server/handles.c:102(dcesrv_handle_fetch)
Jun 6 20:23:45 dus-pdc-01 samba[2227]: ../source4/rpc_server/handles.c:102: Attempt to use invalid sid S-1-5-21-1361936360-2398760880-742651799-1150 - S-1-5-7
Jun 6 20:23:45 dus-pdc-01 samba[2227]: [2015/06/06 20:23:45.342529, 0] ../source4/rpc_server/handles.c: 102(dcesrv_handle_fetch)
Jun 6 20:23:45 dus-pdc-01 samba[2227]: ../source4/rpc_server/handles.c:102: Attempt to use invalid sid S-1-5-21-1361936360-2398760880-742651799-1150 - S-1-5-7
Jun 6 20:23:45 dus-pdc-01 samba[2227]: [2015/06/06 20:23:45.343706, 0] ../source4/rpc_server/handles.c: 102(dcesrv_handle_fetch)
Jun 6 20:23:45 dus-pdc-01 samba[2227]: ../source4/rpc_server/handles.c:102: Attempt to use invalid sid S-1-5-21-1361936360-2398760880 -742651799-1150 - S-1-5-7

sid samba defines as the sid of the machine from which all actions take place