Hai, Im wondering here.. If the client is a windows 10 pc connecting,> ../source3/smbd/negprot.c:419(reply_nt1) using SPNEGO > ../source3/smbd/negprot.c:761(reply_negprot) Selected protocol NT LM 0.12 > ../source3/smbd/process.c:554(receive_smb_talloc) > receive_smb_raw_talloc failed for client > ipv4:10.55.66.82:59271 read error = NT_STATUS_CONNECTION_RESET.And i see this.. Then why use these settings if its win10? Remove: ntlm auth and server max protocol = NT1 again. @Rowland your are mislead.. ;-)> > Ah, it is a PDCHm, no its a stand alone, the member references in my option.> >> security = user << stand alone ? > >> domain logons = yes << member ?> >> guest account = benparts > >> # Allow users to map to guest: > >> map to guest = baduserGuest definitions? . I think best here is first choose the setup type. Or member or stand alone and change the setting to it. Members? Add the guest to the share not global. Stand alone, guest in globals settings is fine. But what he want should be possible in both cases. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stephen Davies via samba > Verzonden: woensdag 24 april 2019 5:03 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] User mapping/login issue > > On 23/04/19 18:01, Rowland Penny wrote: > > On Tue, 23 Apr 2019 15:01:24 +0930 > > Stephen Davies via samba <samba at lists.samba.org> wrote: > > > > > >> There is no ntlm auth entry in smb.conf > > > > Just because you do not have an 'ntlm auth' line in your visible > > smb.conf, this does not mean you do not have one, it > defaults to 'ntlm > > auth = no' which turns off NTLMv1 > > > > > >> [global] > >> workgroup = BENPARTS > >> netbios name = server > >> server string = Samba Server %v > >> printcap name = cups > >> load printers = yes > >> printing = cups > >> log file = /var/log/samba/log.%m > >> max log size = 50 > >> log level = 4 > >> guest account = benparts > > > > Do you actually have a user called 'benparts' (which incidentally is > > the same as your workgroup) ? > > > >> # Allow users to map to guest: > >> map to guest = baduser > > > > It is 'Bad User' not 'baduser' > > > >> security = user > >> username level = 8 > >> preferred master = yes > >> name resolve order = host lmhosts wins bcast > >> wins support = yes > >> preserve case = yes > >> dos charset = 850 > >> unix charset = ISO8859-1 > >> domain master = yes > >> domain logons = yes > > > > Ah, it is a PDC > > > > You could try adding 'server max protocol = NT1' > > > > Rowland > > > > > The baduser entry was a recent change where I got confused > with my attempts to > reconfigure Sendmail to use baduser. Spotted "bad user" in > smb.conf and > thought it was the same thing. Now fixed. > > I have added ntlm auth and server max protocol entries as > suggested but now get: > > [2019/04/24 11:03:05.885593, 3] > ../source3/smbd/negprot.c:419(reply_nt1) > using SPNEGO > [2019/04/24 11:03:05.885624, 3] > ../source3/smbd/negprot.c:761(reply_negprot) > Selected protocol NT LM 0.12 > [2019/04/24 11:03:06.087417, 1] > ../source3/smbd/process.c:554(receive_smb_talloc) > receive_smb_raw_talloc failed for client > ipv4:10.55.66.82:59271 read error > = NT_STATUS_CONNECTION_RESET. > > where 10.55.66.82 is the VPN-assigned IP of the windows client. > The firewall accepts all protocols from the VPN. > > -- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Wed, 24 Apr 2019 11:38:58 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > > Im wondering here.. If the client is a windows 10 pc connecting, > > > ../source3/smbd/negprot.c:419(reply_nt1) using SPNEGO > > ../source3/smbd/negprot.c:761(reply_negprot) Selected protocol NT > > LM 0.12 ../source3/smbd/process.c:554(receive_smb_talloc) > > receive_smb_raw_talloc failed for client > > ipv4:10.55.66.82:59271 read error = NT_STATUS_CONNECTION_RESET. > And i see this.. > > Then why use these settings if its win10?I sort of wondered about that, but only way to be sure was to add it to the smb.conf for testing purposes. If it worked, then go one way, if it didn't then go another way ;-)> @Rowland your are mislead.. ;-) > > > > Ah, it is a PDC > Hm, no its a stand alone, the member references in my option. > > > >> security = user << stand alone ? > > >> domain logons = yes << member ?Nope, it is a PDC, from 'man smb.conf': domain master (G) ............ When domain logons = Yes the default setting for this parameter is Yes, with the result that Samba will be a PDC. The OP has: domain master = yes domain logons = yes Rowland
Hai,> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: woensdag 24 april 2019 12:13 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] User mapping/login issue > > On Wed, 24 Apr 2019 11:38:58 +0200 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > Hai, > > > > > > Im wondering here.. If the client is a windows 10 pc connecting, > > > > > ../source3/smbd/negprot.c:419(reply_nt1) using SPNEGO > > > ../source3/smbd/negprot.c:761(reply_negprot) Selected protocol NT > > > LM 0.12 ../source3/smbd/process.c:554(receive_smb_talloc) > > > receive_smb_raw_talloc failed for client > > > ipv4:10.55.66.82:59271 read error = NT_STATUS_CONNECTION_RESET. > > And i see this.. > > > > Then why use these settings if its win10? > > I sort of wondered about that, but only way to be sure was to add it > to the smb.conf for testing purposes. If it worked, then go one way, > if it didn't then go another way ;-) > > > @Rowland your are mislead.. ;-) > > > > > > Ah, it is a PDC > > Hm, no its a stand alone, the member references in my option. > > > > > >> security = user << stand alone ? > > > >> domain logons = yes << member ? > > Nope, it is a PDC, from 'man smb.conf': > > domain master (G) > > ............ > > When domain logons = Yes the default setting for this > parameter is Yes, with the result that Samba will be a PDC. > > The OP has: > > domain master = yes > domain logons = yesOeps, your totaly right. I missed that. Its me that is mislead.. Arg... Thats probley because of my upcoming mail im typing, i was just in the part master brower.. Mixed that up.. Sorry,..> > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Greetz, Louis
On 24/04/19 19:51, L.P.H. van Belle wrote:> Hai, > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Rowland Penny via samba >> Verzonden: woensdag 24 april 2019 12:13 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] User mapping/login issue >> >> On Wed, 24 Apr 2019 11:38:58 +0200 >> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: >> >>> Hai, >>> >>> >>> Im wondering here.. If the client is a windows 10 pc connecting, >>> >>>> ../source3/smbd/negprot.c:419(reply_nt1) using SPNEGO >>>> ../source3/smbd/negprot.c:761(reply_negprot) Selected protocol NT >>>> LM 0.12 ../source3/smbd/process.c:554(receive_smb_talloc) >>>> receive_smb_raw_talloc failed for client >>>> ipv4:10.55.66.82:59271 read error = NT_STATUS_CONNECTION_RESET. >>> And i see this.. >>> >>> Then why use these settings if its win10? >> >> I sort of wondered about that, but only way to be sure was to add it >> to the smb.conf for testing purposes. If it worked, then go one way, >> if it didn't then go another way ;-) >> >>> @Rowland your are mislead.. ;-) >>> >>>>> Ah, it is a PDC >>> Hm, no its a stand alone, the member references in my option. >>> >>>>>> security = user << stand alone ? >>>>>> domain logons = yes << member ? >> >> Nope, it is a PDC, from 'man smb.conf': >> >> domain master (G) >> >> ............ >> >> When domain logons = Yes the default setting for this >> parameter is Yes, with the result that Samba will be a PDC. >> >> The OP has: >> >> domain master = yes >> domain logons = yes > > Oeps, your totaly right. I missed that. >It would appear that there may be more than one issue with my smb.conf. The scenario is a Centos 7 Linux server with a bunch of LAN connected windows 10 clients and several remote windows 10 clients which connect via VPN. The server firewall accepts everything from the VPN. The server and local clients are all in workgroup BENPARTS while the remote clients are either stand-alone or in different workgroups/domains. Local SMB access works as expected but remote access does not due to password failures (as described in earlier log excerpts). What should the domain-related entries in smb.conf be to support this scenario? Cheers and thanks, Stephen
Hai,> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stephen Davies via samba > Verzonden: donderdag 25 april 2019 8:34 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] User mapping/login issue > > > > It would appear that there may be more than one issue with my smb.conf. > The scenario is a Centos 7 Linux server with a bunch of LAN connected windows > 10 clients and several remote windows 10 clients which connect via VPN. > The server firewall accepts everything from the VPN. > The server and local clients are all in workgroup BENPARTS while the remote > clients are either stand-alone or in different workgroups/domains. > Local SMB access works as expected but remote access does not due to password > failures (as described in earlier log excerpts). > What should the domain-related entries in smb.conf be to support this scenario? > > Cheers and thanks, > Stephen >I can only think of these last 3 things. First try enable smb1 again in windows 10 again. I noticed ms changed things again. Thinking here that the "older samba" your using, with a latest windows is the problem. Enable smb1 again, think that will fix a lot. And your sure you vpn line is ok and you dont have packetloss? Think in test with mtr or smokeping, something like that. Are the MTU sizes are handled by the firewall? This is to prevent IP packet fragmentation, so IPTables is set to reduce the size of packets by adjusting the packets' maximum segment size. Something like this: iptables -A PREROUTING -i ethX -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 Greetz, Louis
Possibly Parallel Threads
- User mapping/login issue
- User mapping/login issue
- Windows clients require reboot once a day in order to access mapped drives
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"