[GELÖST] 12.8 Admin Netzwerk? Client Installation?

[Sherry1]

Hi,

dieser Fehler kommt vom client-agenten, eventuell im Bereich des Depotshare-Mounts. Der Fehler besagt normalerweise, dass der User keine Rechte auf die Resource hat. Kann man den ausser hwaudit überhaupt Produkte verteilen, oder funktioniert nur hwaudit nicht?

Ohne Blick in die log vom Client kann man da nicht viel zu sagen.

Dazu kann ich noch nicht viel sagen, denn hwaudit ist das erste Paket, dass ich ausprobiere...

Wie gesagt: Auf meinem Windows XP Testclient funktioniert hwaudit wunderbar. Soll ich die Log-Datei hier mal reinstellen? Ist aber mit 125kB aber nicht eben klein...

[ueluekmen]

Hi,

am besten direkt per mail mit referenz auf diesen thread an info(at)uib.de

Aber wie immer, ohne garantie, da ohne wir ohne support-vertrag nur aus reiner neugierde und auf der Suche nach Bugs uns die Log-Datei anschauen.

[Sherry1]

Hi,

dieser Fehler kommt vom client-agenten, eventuell im Bereich des Depotshare-Mounts. Der Fehler besagt normalerweise, dass der User keine Rechte auf die Resource hat. Kann man den ausser hwaudit überhaupt Produkte verteilen, oder funktioniert nur hwaudit nicht?

Ohne Blick in die log vom Client kann man da nicht viel zu sagen.

Ich habe gerade mal Irfanview 4.25. heruntergeladen und wollte das installieren. Kommt dieselbe Fehlermeldung. Da im clientlog nix steht, habe ich mir mal die samba logs der Clients angesehen:

Windows 7, log.192.168.100.15:

Code: Alles auswählen

[2012/11/07 13:55:35.242994,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 23846) conn 0x0
[2012/11/07 13:55:35.243082,  3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2012/11/07 13:55:35.243168,  2] smbd/sesssetup.c:1279(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/11/07 13:55:35.243242,  3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2012/11/07 13:55:35.243319,  3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/11/07 13:55:35.243425,  3] smbd/sesssetup.c:660(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 40
[2012/11/07 13:55:35.243999,  3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2012/11/07 13:55:35.245160,  3] smbd/process.c:1662(process_smb)
  Transaction 2 of length 564 (0 toread)
[2012/11/07 13:55:35.245240,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 23846) conn 0x0
[2012/11/07 13:55:35.245313,  3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2012/11/07 13:55:35.245379,  2] smbd/sesssetup.c:1279(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/11/07 13:55:35.245444,  3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2012/11/07 13:55:35.245512,  3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/11/07 13:55:35.245601,  3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth)
  Got user=[pcpatch] domain=[CLIENTNAME] workstation=[CLIENTNAME] len1=24 len2=278
[2012/11/07 13:55:53.690491,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.100.15 (192.168.100.15)

Windows 7, log.Clientname:

Code: Alles auswählen

[2012/11/08 14:29:22.027321,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [CLIENTNAME]\[pcpatch]@[CLIENTNAME] with the new password interface
[2012/11/08 14:29:22.027418,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [OPSIDEMO]\[pcpatch]@[CLIENTNAME]
[2012/11/08 14:29:22.028562,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: sam authentication for user [pcpatch] succeeded
[2012/11/08 14:29:22.028677,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [pcpatch] -> [pcpatch] -> [pcpatch] succeeded
[2012/11/08 14:29:22.029162,  3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init)
  NTLMSSP Sign/Seal - Initialising with flags:
[2012/11/08 14:29:22.029239,  3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088215
[2012/11/08 14:29:22.029324,  3] smbd/password.c:297(register_existing_vuid)
  register_existing_vuid: User name: pcpatch    Real name:
[2012/11/08 14:29:22.029397,  3] smbd/password.c:307(register_existing_vuid)
  register_existing_vuid: UNIX uid 992 is UNIX user pcpatch, and will be vuid 100
[2012/11/08 14:29:22.029566,  3] smbd/password.c:238(register_homes_share)
  Adding homes service for user 'pcpatch' using home directory: '/var/lib/opsi'
[2012/11/08 14:29:22.030527,  3] smbd/process.c:1662(process_smb)
  Transaction 3 of length 86 (0 toread)
[2012/11/08 14:29:22.030603,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 26864) conn 0x0
[2012/11/08 14:29:22.030719,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.100.15 (192.168.100.15)
[2012/11/08 14:29:22.030811,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID @BUILTIN\users is not in a valid format
[2012/11/08 14:29:22.031062,  2] smbd/service.c:627(create_connection_session_info)
  user 'pcpatch' (from session setup) not permitted to access this share (IPC$)
[2012/11/08 14:29:22.031135,  1] smbd/service.c:770(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2012/11/08 14:29:22.031211,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2012/11/08 14:29:22.031975,  3] smbd/process.c:1662(process_smb)
  Transaction 4 of length 43 (0 toread)
[2012/11/08 14:29:22.032047,  3] smbd/process.c:1467(switch_message)
  switch message SMBulogoffX (pid 26864) conn 0x0
[2012/11/08 14:29:22.032155,  3] smbd/reply.c:2096(reply_ulogoffX)
  ulogoffX vuid=100
[2012/11/08 14:29:37.335150,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.100.15 read error = NT_STATUS_CONNECTION_RESET.
[2012/11/08 14:29:37.335496,  3] smbd/server_exit.c:180(exit_server_common)
  Server exit (failed to receive smb request)

Soweit der Windows 7 64bit client.

Beim Win XP Client sieht das aber so aus:

Windows XP, log.192.168.100.16:

Code: Alles auswählen

[2012/11/08 15:06:00.260047,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.100.16 (192.168.100.16)
[2012/11/08 15:06:00.260404,  3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2012/11/08 15:06:00.260526,  3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks)
  Linux kernel oplocks enabled
[2012/11/08 15:06:00.260770,  3] smbd/process.c:1662(process_smb)
  Transaction 0 of length 137 (0 toread)
[2012/11/08 15:06:00.260864,  3] smbd/process.c:1467(switch_message)
  switch message SMBnegprot (pid 27842) conn 0x0
[2012/11/08 15:06:00.262151,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2012/11/08 15:06:00.262236,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN1.0]
[2012/11/08 15:06:00.262304,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2012/11/08 15:06:00.262402,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LM1.2X002]
[2012/11/08 15:06:00.262471,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN2.1]
[2012/11/08 15:06:00.262538,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [NT LM 0.12]
[2012/11/08 15:06:00.262781,  3] smbd/negprot.c:419(reply_nt1)
  using SPNEGO
[2012/11/08 15:06:00.262903,  3] smbd/negprot.c:704(reply_negprot)
  Selected protocol NT LM 0.12
[2012/11/08 15:06:00.267055,  3] smbd/process.c:1662(process_smb)
  Transaction 1 of length 1612 (0 toread)
[2012/11/08 15:06:00.267130,  3] smbd/process.c:1467(switch_message)
  switch message SMBsesssetupX (pid 27842) conn 0x0
[2012/11/08 15:06:00.267217,  3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2012/11/08 15:06:00.267306,  2] smbd/sesssetup.c:1279(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/11/08 15:06:00.267380,  3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2012/11/08 15:06:00.267458,  3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego)
  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2012/11/08 15:06:00.267574,  3] smbd/sesssetup.c:660(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 1381
[2012/11/08 15:06:00.280454,  3] libads/authdata.c:332(decode_pac_data)
  Found account name from PAC: CLIENTNAME2$ [CLIENTNAME2$]
[2012/11/08 15:06:00.280585,  3] auth/user_krb5.c:50(get_user_from_kerberos_info)
  Kerberos ticket principal name is [CLIENTNAME2$@DOMAIN.NET]
[2012/11/08 15:06:00.286496,  3] passdb/lookup_sid.c:1737(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for DOMAIN\CLIENTNAME2$
[2012/11/08 15:06:00.287676,  3] smbd/password.c:297(register_existing_vuid)
  register_existing_vuid: User name: DOMAIN\CLIENTNAME2$    Real name: CLIENTNAME2$
[2012/11/08 15:06:00.287753,  3] smbd/password.c:307(register_existing_vuid)
  register_existing_vuid: UNIX uid 17416 is UNIX user DOMAIN\CLIENTNAME2$, and will be vuid 101
[2012/11/08 15:06:00.287923,  3] smbd/password.c:238(register_homes_share)

WinXP, log.clientname2:

Code: Alles auswählen

[2012/11/08 15:06:00.295450,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [CLIENTNAME2]\[pcpatch]@[CLIENTNAME2] with the new password interface
[2012/11/08 15:06:00.295536,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [OPSIDEMO]\[pcpatch]@[CLIENTNAME2]
[2012/11/08 15:06:00.296304,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: sam authentication for user [pcpatch] succeeded
[2012/11/08 15:06:00.296390,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [pcpatch] -> [pcpatch] -> [pcpatch] succeeded
[2012/11/08 15:06:00.296720,  3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init)
  NTLMSSP Sign/Seal - Initialising with flags:
[2012/11/08 15:06:00.296797,  3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xa2088205
[2012/11/08 15:06:00.296879,  3] smbd/password.c:297(register_existing_vuid)
  register_existing_vuid: User name: pcpatch    Real name:
[2012/11/08 15:06:00.296946,  3] smbd/password.c:307(register_existing_vuid)
  register_existing_vuid: UNIX uid 992 is UNIX user pcpatch, and will be vuid 102
[2012/11/08 15:06:00.297090,  3] smbd/password.c:238(register_homes_share)
  Adding homes service for user 'pcpatch' using home directory: '/var/lib/opsi'
[2012/11/08 15:06:00.297781,  3] smbd/process.c:1662(process_smb)
  Transaction 6 of length 98 (0 toread)
[2012/11/08 15:06:00.297855,  3] smbd/process.c:1467(switch_message)
  switch message SMBtconX (pid 27842) conn 0x0
[2012/11/08 15:06:00.297939,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.100.16 (192.168.100.16)
[2012/11/08 15:06:00.298011,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID root is not in a valid format
[2012/11/08 15:06:00.299539,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID @BUILTIN\users is not in a valid format
[2012/11/08 15:06:00.299621,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID pcpatch is not in a valid format
[2012/11/08 15:06:00.302835,  3] smbd/service.c:703(set_conn_force_user_group)
  Forced user opsiconfd
[2012/11/08 15:06:00.304837,  3] smbd/service.c:581(find_forced_group)
  Forced group pcpatch
[2012/11/08 15:06:00.304913,  3] smbd/service.c:837(make_connection_snum)
  Connect path is '/var/lib/opsi/depot' for service [opsi_depot]
[2012/11/08 15:06:00.304994,  3] smbd/vfs.c:102(vfs_init_default)
  Initialising default vfs hooks
[2012/11/08 15:06:00.305060,  3] smbd/vfs.c:128(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2012/11/08 15:06:00.305228,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID root is not in a valid format
[2012/11/08 15:06:00.312679,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID @BUILTIN\users is not in a valid format
[2012/11/08 15:06:00.312760,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID pcpatch is not in a valid format
[2012/11/08 15:06:00.313054,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID pcpatch is not in a valid format
[2012/11/08 15:06:00.313330,  1] smbd/service.c:1081(make_connection_snum)
  CLIENTNAME2 (192.168.100.16) connect to service opsi_depot initially as user opsiconfd (uid=993, gid=992) (pid 27842)
[2012/11/08 15:06:00.313411,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=OPSI_DEPOT
[2012/11/08 15:06:00.318583,  3] smbd/process.c:1662(process_smb)
  Transaction 7 of length 160 (0 toread)
[2012/11/08 15:06:00.318657,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 27842) conn 0x216a5880
[2012/11/08 15:06:00.318764,  3] smbd/trans2.c:5117(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2012/11/08 15:06:00.366074,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [opsi-winst/files/opsi-winst/winst32.exe] [/opt/pcbin/install]
[2012/11/08 15:06:00.366225,  3] smbd/vfs.c:1039(check_reduced_name)
  check_reduced_name: opsi-winst/files/opsi-winst/winst32.exe reduced to /opt/pcbin/install/opsi-winst/files/opsi-winst/winst32.exe
[2012/11/08 15:06:00.366412,  3] smbd/trans2.c:5261(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo opsi-winst/files/opsi-winst/winst32.exe (fnum = -1) level=1004 call=5 total_data=0
[2012/11/08 15:06:00.367132,  3] smbd/process.c:1662(process_smb)
  Transaction 8 of length 160 (0 toread)
[2012/11/08 15:06:00.367204,  3] smbd/process.c:1467(switch_message)
  switch message SMBtrans2 (pid 27842) conn 0x216a5880
[2012/11/08 15:06:00.367291,  3] smbd/trans2.c:5117(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1034
[2012/11/08 15:06:00.367367,  3] smbd/vfs.c:905(check_reduced_name)
  check_reduced_name [opsi-winst/files/opsi-winst/winst32.exe] [/opt/pcbin/install]
[...]

ungeachtet der Probleme mit dem Parsen der SID funktioniert auf einem Windows XP die Installation prächtig. Wie es scheint, habe ich was beim Konfigurieren von Samba falsch gemacht, so richtig klappt's nicht mit der Domäne, wenn es um Windows 7 geht. Die Sicherheitsaspekte lassen wir mal außen vor, um die kümmern wir uns dann, wenn wir zu den 4 Tagen Vor Ort kommen...

[Sherry1]

Kann zum Samba-Problem mit Win7 jemand was sagen?

[Sherry1]

Hi,

ich konnte das Problem selbst lösen. Es fehlte dem user pcpatch das Recht auf IPC$.
Zwar kann ich mir immer noch nicht erklären, warum der Zugriff mit XP funktionierte und mit Win7 nicht, aber zum Testen reicht mir das erstmal. Ich kann jetzt weiter forschen, möchte unbedingt Windows 7 mit opsi installieren können.

Dann kan ich's präsentieren, eine Termin bei einem Eurer Kunden hier vor Ort machen und mir die Geschichte mal live und in Farbe ansehen, die Zufriedenheit mit der Lösung erfragen, mir die Genehmigung für die die 4 Tage holen und dann geht's los.

Hoffentlich klappt alles so!