gpalmer@lganet.com
2004-Jun-23 16:16 UTC
[Samba] Samba processes domain authenticated user as nobody during logon. bat execution
Beating head on desk again! I have a samba server is running winbind which can access domain. It is working fine and is using domain credentials. I access the samba shares after the user has authenticated against a novell server during the novell logon script. The shares are authenticated with user domain credentials and verified with smbstatus. This works great! If I alternatively use windows networking domain authentication, I have problems. The Win95 station correctly authenticates against NT4 PDC and runs logon.bat from that server. As LOGON.BAT accesses samba shares, samba appears to get user credentials without the Domain Name. Since there are no users on the samba server, this gets morphed into nobody. All services which can be accessed as nobody are attached as nobody, all other services are denied. As a result important tools such as "net use X: /home" do not work when file and directory permissions prohibit access to nobody. During the LOGON.BAT, I issued a net config Computer name \\LGA00D0B724628B User name GPALMER Workgroup LGANET Workstation root directory C:\WINDOWS Software version 4.00.950 Redirector version 4.00 Client for NetWare version 3.26 Registry setting require authentication.. It appears that "net" thinks it is part of the domain; but as stated above, samba attaches as nobody. Samba logs indicate that it is receive user gpalmer and not lganet\gpalmer.>From a DOS window, after logon.bat finishes , I can successfully execute"net use X: /home". Samba gets and processes the full domain credentials. Samba interperets user as nobody without regard to setting in "Log on to windows nt domain" in the "client for microsoft networks" dialog. If the home directory is moved to nt server it will successfully attach during logon.bat. I have exhausted all options I know about. Thanks in advance for any insight you might give. Excerpts from Failure log: At log level 5 [2004/06/22 16:19:12, 3] smbd/reply.c:reply_sesssetup_and_X(1070) No such user gpalmer [] - using guest account . . . [2004/06/22 16:19:13, 3] smbd/service.c:find_service(140) checking for home directory gpalmer gave (NULL) [2004/06/22 16:19:13, 3] smbd/service.c:find_service(209) find_service() failed to find service gpalmer [2004/06/22 16:19:13, 0] smbd/service.c:make_connection(251) lga009027a6e884 (192.168.12.178) couldn't find service gpalmer at loglevel 0 [2004/06/23 08:59:49, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user nobody [2004/06/23 09:04:10, 0] smbd/service.c:make_connection(251) lga009027a6e884 (192.168.12.178) couldn't find service gpalmer Samba version 2.2.8a SMB.CONF #********************************************************************* #server naming server string = LGACHI01 - Chicago Main Server workgroup = LGANET netbios name = LGACHI01 netbios aliases = LGAGLE04 #********************************************************************* #authentication #PDC password server = LGAGLE02 LGAGLE03 logon script = logon.bat encrypt passwords = yes password level = 8 username level = 8 #username map = /usr/local/samba/lbin/map.user smb passwd file = /usr/local/samba/lbin/smbpasswd security = domain domain master = no domain admin group = @root domain logons = no #******************************************************************** * #WINS Browsing and naming #wins server wins support = no lm announce = yes lm interval = 120 preferred master = no remote browse sync = 192.168.201.0 192.168.201.255 192.168.201.1 remote announce = 192.168.201.255/LGANET 192.168.12.255/LGANET 192.168.3 1.255/LGANET 192.168.51.255/LGANET local master = no os level = 0 #wins client name resolve order = wins bcast lmhosts host wins server = 192.168.12.28 192.168.201.1 wins proxy = yes dns proxy = no browse list = yes #********************************************************************* #IP Networking time server = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=819 2 allow hosts = 192.168. 127. interfaces = 192.168.10.2/24 192.168.11.2/24 192.168.12.2/24 192.168.12. 101/24 192.168.12.104/24 oplock break wait time = 100 #********************************************************************* #printing print command = lpr -l -P'%p' %s printing = lprng printcap name = /etc/printcap load printers = yes #********************************************************************* #log files log file = /var/log/samba/log.%m max log size = 50 log level = 0 #********************************************************************* #winbind #winbind separator = - winbind uid =10000-15000 winbind gid =10000-15000 winbind enum users = yes winbind enum groups = yes template homedir = /home/samba/data.user/%U template shell = /bin/bash #********************************************************************* #global share declarations browseable=yes writeable=yes public=yes printable=no map archive = yes map system = yes map hidden = yes force create mode = 0660 force directory mode = 0770 force group="LGANET\Domain Users" #********************************************************************* #Printer Shares [printers] path = /var/spool/samba writeable = yes browseable = no comment = All Printers printable = yes public = no print command=lpr -l -P'%p' %s #********************************************************************* # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /home/samba/data.user/%U/windows.profile browseable = no write list ="LGANET\"%U valid users="LGANET\"%U [homes] comment = Home Directory for \\%D\%U (H:) path = /home/samba/data.user/%U #browseable = no write list ="LGANET\"%U read list="LGANET\"%U valid users="LGANET\"%U
Apparently Analagous Threads
Wisdom of the Ancients
