The join of a windows 2003 server to the samba 4 domain was successful. After the windows reboot I can't login as user because I got a message "The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain". See here for a screen shot: http://marc.info/?l=samba-technical&m=129195770806953&q=p5 With Windows 7 everything works fine. I'm using Samba 4 Alpha 14. Mails on Samba technical: http://marc.info/?t=129195775700001&r=1&w=2
Created attachment 6210 [details] ldbsearch_base.ldif ldbsearch output of the ldab base
Created attachment 6211 [details] ldbsearch_w2k3server.ldif ldbsearch output of the windows 2003 server ldap object
Created attachment 6212 [details] ldbsearch_windows7.ldif ldbsearch output of the windows 7 ldap object
Created attachment 6213 [details] w2k3server_logon.pcap.gz tcpdump of the windows 2003 logon
Created attachment 6214 [details] w2k3server_logon.samba.log.gz samba log of the windows 2003 logon
Created attachment 6215 [details] windows7_logon.pcap.gz tcpdump of the windows 7 logon
Created attachment 6216 [details] windows7_logon.samba.log.gz samba log of the windows 7 logon
I am also getting this same bug. Tested on all versions of windows 2003. Git version 4.0.0alpha15-GIT-6ee39a2 seems to have the same bug. This get version does not have the bug. Version 4.0.0alpha14-GIT-ec33a87.
If I get this correctly, you are speaking about a trust scenario. Domain trusts are a still unsupported feature. So a fix from our side is not likely to be provided soon. But you could help us writing a patch. This would be highly appreciated.
(In reply to comment #9) > If I get this correctly, you are speaking about a trust scenario. Domain trusts > are a still unsupported feature. I've joined my windows 2003 server into the samba 4 domain and the windows 2003 server has not installed AD. It is not a trust scenario.
Ah sorry, you mean the machine trust account - I've misinterpreted the title. Probably we should wait for a statement by abartlet. (In reply to comment #10) > (In reply to comment #9) > > If I get this correctly, you are speaking about a trust scenario. Domain trusts > > are a still unsupported feature. > > I've joined my windows 2003 server into the samba 4 domain and the windows 2003 > server has not installed AD. It is not a trust scenario. >
Found this when running interactive. Starting GENSEC mechanism schannel Could not find session key for attempted schannel connection from TEST-93341044D0: NT_STATUS_OBJECT_NAME_NOT_FOUND GENSEC mech rejected the incoming authentication at bind_ack: NT_STATUS_OBJECT_NAME_NOT_FOUND Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
This bug now affects win2k3 as a DC also. The work around for this is to use user@domain when logging in. Tested in 4.0.0alpha15-GIT-b423d83
I have received information from Microsoft about this and what I need to do about it, and will work to sort this out shortly.
I believe this has been fixed in 5c12cb0556aeeaa8882c7b12a281728bf8d556f6