Allen Bolderoff
2005-Oct-20 02:55 UTC
[Samba] Can auth with smbclient, but not workstation.
We have a setup (that has worked since samba 3 was released), where we have a windows 2000 ADC, and a debian sarge based (running all current patches and only Debian packages (nothing related to samba/winbind is compiled by us) samba 3.0.xx server set up with winbind/pam to act as a domain member serving files, whilst authenticating from our Windows ADC. - so what happens is... Ctrl-alt-del, login credentials are supplied, client goes to ADC, authenticates, gets given logon script, which then attaches drives and pulls profile from the samba server to the client- not rocket science - it just works, or at least it used to. Things have been working fine for the last 2 years or so. We are very happy - so thanks for all of you guys' hard work - you know who you are.... Now, what has happened is that recently we have experienced a situation where Windows XP Laptops (desktops are fine) are effectively failing to authenticate to the Samba server. So, what happens is we connect to the ADC as per normal, scripts get run, and all of a sudden we are getting error messages pop up about roaming profile not being available due to Username or Password not being valid. We get system error 1326 whilst trying to reconnect to shared drives from the Samba server. What we know: - The user can log on from a workstation no problems. - Password is up to date on all users. - User can access the ADC once logged in with no problems and is authenticated without probs. (profile is stored on samba file server) - If we run smbclient -Uusername%pass //sambaserver/datashare we connect fine. - wbinfo -a username%pass authenticates fine. - *if* we try to connect directly to the samba server using "net use" from the client, we get "user no known or wrong password" style errors. - If we try to connect via explorer - username and password is rejected. Does anyone have any ideas? What are the appropriate logs and files you want to see in order to help us with this problem? I have quite a large range of log files, including winbindd logs, samba logs in %m.%U format... Thanks Allen Bolderoff
Allen Bolderoff
2005-Oct-20 02:56 UTC
[Samba] RE: Can auth with smbclient, but not workstation.
> -----Original Message----- > From: Allen Bolderoff > Sent: Thursday, 20 October 2005 12:22 PM > To: samba@lists.samba.org > Subject: Can auth with smbclient, but not workstation. >Extract of samba log file. [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/10/20 09:20:17, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/20 09:20:17, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [lallan] -> [lallan] FAILED with error NT_STATUS_WRONG_PA SSWORD [2005/10/20 09:20:17, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/20 09:20:17, 2] smbd/server.c:exit_server(609) Closing connections [2005/10/20 09:20:17, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/10/20 09:20:17, 3] smbd/server.c:exit_server(652) Server exit (normal exit) [2005/10/20 09:20:18, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [LOCALDOM]\[lallan]@[DELLLAT01] with the new password interface [2005/10/20 09:20:18, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [LOCALDOM]\[lallan]@[DELLLAT01] [2005/10/20 09:20:18, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/10/20 09:20:18, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/10/20 09:20:18, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/10/20 09:20:18, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/20 09:20:18, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [lallan] -> [lallan] FAILED with error NT_STATUS_WRONG_PA SSWORD [2005/10/20 09:20:18, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected).
Try Open up regedit, by hitting windowskey-R (or click Start, Run...) then type in regedit and hit enter. Click on the little box with a cross next to: HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, Netlogon, and click Parameters. Then find the key which says requiresignorseal, double-click on it and enter Value data 0, hit ok. Or google find samba requiresignorseal "Allen Bolderoff" <allen@gist.net.au> napísal v správe news:EC70EFBFB6977A478BEB386684E8A7420CE948@pwfsbs01.pwf.local...> -----Original Message----- > From: Allen Bolderoff > Sent: Thursday, 20 October 2005 12:22 PM > To: samba@lists.samba.org > Subject: Can auth with smbclient, but not workstation. >Extract of samba log file. [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/10/20 09:20:17, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/20 09:20:17, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [lallan] -> [lallan] FAILED with error NT_STATUS_WRONG_PA SSWORD [2005/10/20 09:20:17, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/10/20 09:20:17, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/20 09:20:17, 2] smbd/server.c:exit_server(609) Closing connections [2005/10/20 09:20:17, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/10/20 09:20:17, 3] smbd/server.c:exit_server(652) Server exit (normal exit) [2005/10/20 09:20:18, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [LOCALDOM]\[lallan]@[DELLLAT01] with the new password interface [2005/10/20 09:20:18, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [LOCALDOM]\[lallan]@[DELLLAT01] [2005/10/20 09:20:18, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/10/20 09:20:18, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/10/20 09:20:18, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/10/20 09:20:18, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/10/20 09:20:18, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [lallan] -> [lallan] FAILED with error NT_STATUS_WRONG_PA SSWORD [2005/10/20 09:20:18, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
John T Benedetto
2005-Oct-20 16:22 UTC
[Samba] Re: Can auth with smbclient, but not workstation.
On Thu, 20 Oct 2005 14:41:41 +0200 "Marian" <mm@tsmp.sk> wrote:> Try > Open up regedit, by hitting windowskey-R (or click >Start, Run...) then type > in regedit and hit enter. > Click on the little box with a cross next to: >HKEY_LOCAL_MACHINE, SYSTEM, > CurrentControlSet, Services, Netlogon, and click >Parameters. Then find the > key which says requiresignorseal, double-click on it and >enter Value data 0, > hit ok. > > Or google find samba requiresignorseal >I thought this was no longer necessary with Samba 3.x? - jb