Integrating system's Samba on Linux host(s) running VAS

Hi,

I'm having some problems integrating the system's (EL5)Samba on a Linux host running VAS; I foundhttps://bugsrc.quest.com/show_bug.cgi?id=655 which reports a problemsimilar to what I'm seeing on the system, the i) SPNEGO login failedand ii) sh: /opt/quest/bin/vasidmap: Permission denied

Has anyone else experienced similar problems or has successfully integrated the system's Samba+VAS? I appreciate your comments.

Thanks in advance,


\\\\\\\\\ specs/info about the env \\\\\\\\\
Host:   <Linux i686>
VAS:    <3.3.2.139>
Domain: <ad.domain.com>
Result: <No tests failed> (06 seconds)

$ /opt/quest/bin/vastool klist  
Credentials cache: FILE:/tmp/krb5cc_1050607
        Principal: bip@AD.DOMAIN.COM

  Issued           Expires          Principal
Mar 24 11:17:18  Mar 24 21:17:18  GLUON$@AD.DOMAIN.COM
Mar 24 11:41:50  Mar 24 21:17:18  host/test.lan.domain.com@AD.DOMAIN.COM
Mar 24 11:37:36  Mar 24 21:17:18  cifs/sajama.lan.domain.com@AD.DOMAIN.COM
Mar 24 11:33:51  Mar 24 21:17:18  cifs/gluon.lan.domain.com@AD.DOMAIN.COM
Mar 24 11:17:18  Mar 24 21:17:18  krbtgt/AD.DOMAIN.COM@AD.DOMAIN.COM
Mar 24 12:17:37  Mar 24 21:17:18  host/gluon.lan.domain.com@AD.DOMAIN.COM

$ /opt/quest/bin/vasidmap 'ADS\bip'
bip

\\\\\\\\\\ smbclient in debug mode \\\\\\\\
$ smbclient -d5 -k //gluon.lan.domain.com/bip
INFO: Current debug levels:
  all: True/5
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
  locking: False/0
  msdfs: False/0
  dmapi: False/0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = ADS
doing parameter realm = ADS.DOMAIN.COM
doing parameter security = ads
doing parameter domain master = no
doing parameter domain logons = no
doing parameter use kerberos keytab = yes
doing parameter machine password timeout = 0
doing parameter obey pam restrictions = yes
doing parameter winbind nested groups = no
doing parameter ldap admin dn = CN=VasIdmapAdmin
doing parameter idmap backend = ldap:ldap://localhost
doing parameter idmap uid = 1-2147483647
doing parameter idmap gid = 1-2147483647
doing parameter idmap cache time = 300
doing parameter winbind use default domain = yes
doing parameter server string = Samba Server on GLUON
doing parameter log level = 3
doing parameter use spnego = yes
doing parameter encrypt passwords = yes
doing parameter preferred master = no
doing parameter local master = no
doing parameter username map script = /opt/quest/bin/vasidmap
doing parameter valid users = bip@ads.domain.com
doing parameter hosts allow = 192.168.3. 127.0.0.1
doing parameter load printers = No
doing parameter show add printer wizard = No
doing parameter disable spoolss = Yes
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
pm_process() returned Yes
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
added interface ip=192.168.3.3 bcast=192.168.3.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="GLUON"
Client started (version 3.0.33-3.7.el5).
Opening cache file at /var/cache/samba/gencache.tdb
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/gencache.tdb: Permission denied
gencache_init: Opening cache file /var/cache/samba/gencache.tdb read-only.
sitename_fetch: Returning sitename for ADS.DOMAIN.COM: "Downtown"
no entry for gluon.lan.domain.com#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name gluon.lan.domain.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_wins: Attempting wins lookup for name gluon.lan.domain.com<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name gluon.lan.domain.com<0x20>
namecache_store: storing 1 address for gluon.lan.domain.com#20: 192.168.3.3:0
Connecting to 192.168.3.3 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option TCP_KEEPCNT = 9
socket option TCP_KEEPIDLE = 7200
socket option TCP_KEEPINTVL = 75
socket option IPTOS_LOWDELAY = 16
socket option IPTOS_THROUGHPUT = 16
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
 session request ok
size=185
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=11264 (0x2C00)
smb_vwv[ 8]=   29 (0x1D)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=32896 (0x8080)
smb_vwv[12]=43120 (0xA870)
smb_vwv[13]=42143 (0xA49F)
smb_vwv[14]=51628 (0xC9AC)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]=    0 (0x0)
smb_bcc=116
size=185
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=11264 (0x2C00)
smb_vwv[ 8]=   29 (0x1D)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=32896 (0x8080)
smb_vwv[12]=43120 (0xA870)
smb_vwv[13]=42143 (0xA49F)
smb_vwv[14]=51628 (0xC9AC)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]=    0 (0x0)
smb_bcc=116
Doing spnego session setup (blob length=116)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=cifs/gluon.lan.domain.com@ADS.DOMAIN.COM
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_1050607] expiration Tue, 24 Mar 2009 21:17:18 EDT
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=100
smb_mid=2
smt_wct=0
smb_bcc=0
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=100
smb_mid=2
smt_wct=0
smb_bcc=0
cli_session_setup_blob: recieve failed (NT_STATUS_LOGON_FAILURE)
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE


\\\\\\\\\\\\\\\\\\\  /var/log/samba/smbd.log  \\\\\\\\\\\\\\\\\\\\\\\

[2009/03/24 13:19:00, 3] smbd/oplock.c:init_oplocks(863)
  init_oplocks: initializing messages.
[2009/03/24 13:19:00, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(234)
  Linux kernel oplocks enabled
[2009/03/24 13:19:01, 3] lib/access.c:check_access(312)
  check_access: no hostnames in host allow/deny list.
[2009/03/24 13:19:01, 2] lib/access.c:check_access(323)
  Allowed connection from  (132.206.35.172)
[2009/03/24 13:19:01, 3] smbd/process.c:process_smb(1069)
  Transaction 0 of length 194
[2009/03/24 13:19:01, 3] smbd/process.c:switch_message(927)
  switch message SMBnegprot (pid 7468) conn 0x0
[2009/03/24 13:19:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [MICROSOFT NETWORKS 1.03]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [MICROSOFT NETWORKS 3.0]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LANMAN1.0]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LM1.2X002]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [DOS LANMAN2.1]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [LANMAN2.1]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
  Requested protocol [Samba]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_nt1(364)
  using SPNEGO
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(606)
  Selected protocol NT LANMAN 1.0
[2009/03/24 13:19:01, 3] smbd/process.c:process_smb(1069)
  Transaction 1 of length 2070
[2009/03/24 13:19:01, 3] smbd/process.c:switch_message(927)
  switch message SMBsesssetupX (pid 7468) conn 0x0
[2009/03/24 13:19:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1256)
  wct=12 flg2=0xc801
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
  Doing spnego session setup
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
  reply_spnego_negotiate: Got secblob of size 1930
[2009/03/24 13:19:01, 1] libads/kerberos_verify.c:ads_keytab_verify_ticket(96)
  ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (No such file or directory)
[2009/03/24 13:19:01, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(169)
  ads_keytab_verify_ticket: no keytab principals matched expected file service name.
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_spnego_kerberos(321)
  Ticket name is [bip@ADS.DOMAIN.COM]
sh: /opt/quest/bin/vasidmap: Permission denied
[2009/03/24 13:19:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
  Username ADS\bip is invalid on this system
[2009/03/24 13:19:01, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2009/03/24 13:19:01, 3] smbd/process.c:timeout_processing(1329)
  timeout_processing: End of file from client (client has disconnected).
[2009/03/24 13:19:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/24 13:19:01, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2009/03/24 13:19:01, 3] smbd/server.c:exit_server_common(768)
  Server exit (normal exit)