Vinz Focker
2009-Nov-13 00:38 UTC
[Samba] Connect to share (ads security) from non-domain computer
Environment: Samba 3.0.28a on Ubuntu 8.04.3 LTS joined to 2008 R2 Security: ads Now sometimes there is the need to connect to a share from a Computer that is not joined to the domain (by entering some valid domain account after opening the share of course) If one opens the samba server in the network browser (or start->run \\SMBSRV) the following error popup message is immediately is displayed and credentials get never asked: --------------------- \\SMBSRV no process is on the other end of the pipe --------------------- and on the samba side the following errors get logged: auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [xxxxx] -> [xxxxx] FAILED with error NT_STATUS_PIPE_DISCONNECTED rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine ADS.xxxxxx.com pipe \NETLOGON fnum 0x4005 returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED However, everything works perfectly on computers joined to the domain. In addition if one logs on locally on a computer joined to the domain the same error occurs. Any hints how to allow resp. enable connections to samba shares in ads mode from within non-domain accounts ? Thanks, Vinz
Vinz Focker
2009-Nov-16 11:40 UTC
[Samba] Connect to share (ads security) from non-domain computer
Replying to my own message in case someone runs into the same issue: The samba 2008R2 ADS support in Ubuntu Hardy (8.04.3 LTS) is obviously incomplete although joining the 2008R2 AD works fine. We were able to solve the described problem simply by upgrading to Samba 3.4.0 using the source package from Ubuntu Karmic (9.10) : [ https://launchpad.net/ubuntu/karmic/+source/samba/2:3.4.0-3ubuntu5.1 ] If you want to build this karmic source package on ubuntu hardy you also need to build the following 2 source packackes from karmic first: libcap2: [ https://launchpad.net/ubuntu/+source/libcap2/1:2.16-5ubuntu1 ] talloc: [ https://launchpad.net/ubuntu/+source/talloc/1.4.0~git20090718-1 ] Regards, Vinz On Fri, Nov 13, 2009 at 1:38 AM, Vinz Focker <vinz.focker at gmail.com> wrote:> Environment: Samba 3.0.28a on Ubuntu 8.04.3 LTS joined to 2008 R2 > Security: ads > > Now sometimes there is the need to connect to a share from a Computer > that is not joined to the domain (by entering some valid domain > account after opening the share of course) > > If one opens the samba server in the network browser (or start->run > \\SMBSRV) the following error popup message is immediately is > displayed and credentials get never asked: > > --------------------- > ?\\SMBSRV > ?no process is on the other end of the pipe > --------------------- > and on the samba side the following errors get logged: > > auth/auth.c:check_ntlm_password(319) > check_ntlm_password: ?Authentication for user [xxxxx] -> [xxxxx] > FAILED with error NT_STATUS_PIPE_DISCONNECTED > > rpc_client/cli_pipe.c:rpc_api_pipe(790) > rpc_api_pipe: Remote machine ADS.xxxxxx.com pipe \NETLOGON fnum 0x4005 > returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED > > > However, everything works perfectly on computers joined to the domain. > In addition if one logs on locally on a computer joined to the domain > the same error occurs. > > Any hints how to allow resp. enable connections to samba shares in ads > mode from within non-domain accounts ? > > Thanks, > Vinz >