In samba source code, the file "source\include\msdfs.h" defines a
struct named referral.In this struct, there is a field named ttl which is used
to decide how long should client cache referral, and this field uses constant
REFERRAL_TTL(#define REFERRAL_TTL 600) as default.My problem is when i set
REFERRAL_TTL to be 10, it doesn't work.
_________________________________________________________________
ÓÃÊÖ»úMSNÁÄÌìдÓʼþ¿´¿Õ¼ä£¬ÎÞÏÞ¹µÍ¨£¬·ÖÏí¾«²Ê£¡
http://mobile.msn.com.cn/From vkr07 at c3sl.ufpr.br Mon Sep 1 01:21:59 2008
From: vkr07 at c3sl.ufpr.br (Vinicius Ruoso)
Date: Mon Sep 1 01:22:29 2008
Subject: [Samba] smb_auth problem
In-Reply-To: <17d469250808311450p57d7bd76x56a8de607458bb3d@mail.gmail.com>
References: <1343.189.58.5.170.1220218018.squirrel@webmail.inf.ufpr.br>
<17d469250808311450p57d7bd76x56a8de607458bb3d@mail.gmail.com>
Message-ID: <49233.189.58.4.240.1220232119.squirrel@webmail.inf.ufpr.br>
Hi Jon Wilson,
Really thanks for your fast response. But the "lanman auth = yes"
added
to global directive of my smb.conf don't make any effect on smb_auth
authentication process. The response still the same. :(
Do you have any other idea of what can be done to fix it?
Any hope is very welcome. I'm trying to get this work a long time.
8<-------------------------------------------------------------------
The following are the man entry to lanman auth:
It looks like that this option don't affect smbclient requests.
lanman auth (G)
This parameter determines whether or not smbd(8) will attempt to
authenticate users or permit password changes using the LANMAN
password hash. If disabled, only clients which support NT password
hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows
95/98 or the MS DOS network client) will be able to connect to the
Samba host.
The LANMAN encrypted response is easily broken, due to it?s
case-insensitive nature, and the choice of algorithm. Servers
without Windows 95/98/ME or MS DOS clients are advised to disable
this option.
Unlike the encrypt passwords option, this parameter cannot alter
client behaviour, and the LANMAN response will still be sent over
the network. See the client lanman auth to disable this for
Samba?s
clients (such as smbclient)
If this option, and ntlm auth are both disabled, then only NTLMv2
logins will be permited. Not all clients support NTLMv2, and most
will require special configuration to use it.
Default: lanman auth = no
8<-------------------------------------------------------------------
> Since upgrading to 3.2.x I had to enable
>
> lanman auth = yes
>
> in my smb.conf
>
> (thats from memory - you may want to check the man page)
>
> It fixed it for me.
>
> Jon
>
>
> 2008/8/31 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:
>> Hi samba community.
>>
>> I'm having a problem with the smb_auth authentication method.
Everything
>> looks like normal, but everytime I try to use smb_auth it returns ERR.
>>
>> I will show here some commands output to secure that all configuration
>> is
>> correct, and if anyone can help me to investigate what's happend
I'll
>> thanks.
>>
>>
>> I'm using: Debian lenny, updated.
>>
>> ii samba 2:3.2.3-1
>> ii squid 2.7.STABLE3-1
>>
>> XXXXXXXXXX its the correct password.
>>
>> 8<----------------------------------
>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
>> vinicius XXXXXXXXXXX
>> Domain name: SEKPLASTICOS
>> Pass-through authentication: no
>> Query address options: -U 127.0.0.1 -R
>> Domain controller IP address: 10.0.0.1
>> Domain controller NETBIOS name: SEK
>> Contents of //SEK/NETLOGON/proxyauth:
>> ERR
>> 8<----------------------------------
>>
>> But, look at the smbclient command.
>>
>> vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c
"get proxyauth
>> -"
>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
>> allow
>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
>>
>> Running smb_auth with user "vinicius" don't work too.
>> 8<----------------------------------
>>
>> Some permission and configs:
>>
>> 8<----------------------------------
>> The smb_auth permissions
>>
>> sek:/usr/lib/squid# ls -l /usr/lib/squid/
>> total 284
>> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth
>> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon
>> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth
>> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check
>> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth
>> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon
>> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth
>> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth
>> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth
>> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth
>> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth
>> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh
>> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth
>> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group
>> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session
>> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group
>> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd
>> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl
>> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth
>>
>>
>> 8<----------------------------------
>> The SMB configuration
>>
>> sek:/usr/lib/squid# cat /etc/samba/smb.conf
>> # Samba config file created using SWAT
>> # from 192.168.0.2 (192.168.0.2)
>> # Date: 2008/04/04 23:07:20
>>
>> [global]
>> workgroup = sekplasticos
>> netbios name = sek
>> server string = sek
>> security = user
>> null passwords = No
>> encrypt passwords = true
>> unix password sync = No
>> unix charset = iso8859-1
>> display charset = cp850
>> log level = 3
>> log file = /var/log/samba_log.%u
>> keepalive = 20
>> socket options = IPTOS_LOWDELAY TCP_NODELAY
>> logon path = \\sek\sysvol\%U
>> logon drive = P
>> domain logons = Yes
>> os level = 100
>> preferred master = Yes
>> domain master = Yes
>> local master = Yes
>> wins support = Yes
>> ldap ssl = no
>> comment = Servidor Sek
>> admin users = vinicius
>> time server = Yes
>> hosts allow = 127., 192.168.0., 10.0.0.
>>
>> [homes]
>> comment = Pastas dos Usuarios
>> browseable = No
>> writable = Yes
>> create mask = 0600
>> directory mask = 0700
>> valid users = %S
>>
>> [netlogon]
>> comment = Compartilhamento de Scripts
>> path = /home/netlogon
>> public = Yes
>> browseable = Yes
>> writable = Yes
>>
>> [sysvol]
>> comment = System Volume
>> path = /home/sysvol
>> writable = Yes
>> guest ok = Yes
>> share modes = No
>> browseable = No
>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>>
>> [publico]
>> comment = publico
>> path = /home/publico
>> guest ok = No
>> writable = Yes
>> create mask = 0644
>> directory mask = 0777
>> public = Yes
>>
>> [aplicativos]
>> comment = aplicativos
>> path = /home/aplicativos
>> guest ok = No
>> writable = Yes
>> browseable = Yes
>> create mask = 0600
>> directory mask = 0700
>> valid users = gilberto
>> sek:/usr/lib/squid#
>>
>> 8<----------------------------------
>> The NETLOGON permissions and proxyauth
>>
>> sek:/home/netlogon# ls -l
>> total 4
>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
>> sek:/home/netlogon# ls -ld
>> drwxrwxrwx 2 root root 22 Ago 31 17:35 .
>> sek:/home/netlogon# cat proxyauth
>> allow
>> 8<----------------------------------
>>
>>
>> Really thanks if someone could help me.
>>
>> --
>> Vinicius Ruoso - vkr07@c3sl.ufpr.br
>> C3SL: http://www.c3sl.ufpr.br
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>
--
Vinicius Ruoso - vkr07@c3sl.ufpr.br
C3SL: http://www.c3sl.ufpr.br