Vincent.Badier@alcatel.fr
2003-Sep-08 13:52 UTC
[Samba] Simple configuration and not working.
First, i'm sorry to be so silly that i don't even to success a basic samba configuration simply working. Compilation of the rc2 had no errors. testparm against my smb.conf said ok, and i can start nmbd and smbd. I also add a new unix user, said toto, and added it in samba. The problem is that i can't connect to any share, via Windows or via GNU/Linux. The result from Windows is a new windows requiring a valid username/password and from linux, a deny message. However, share seems to be well exported. I read as many doc as i could and know that auth is made before all attempt to connect to any share. So i think this is not any bad right on share, but an account problem. Please help since there is a couple of week i'm searching. Thank's in advance. Here are my smb.conf file and my entries Here is my smb.conf : [global] workgroup = MYGROUP netbios name = DATA preferred master = No local master = No domain master = No [homes] read only = No [myshare] path = /mnt/mypath valid users = toto read only = No on the server : data:/usr/local/samba# ./bin/smbpasswd -a toto New SMB password: Retype new SMB password: Added user toto. data:/usr/local/samba# On the client ~# /usr/bin/smbclient //172.26.123.9/myshare -U toto added interface ip=139.54.25.234 bcast=139.54.27.255 nmask=255.255.252.0 Password:**** session setup failed: NT_STATUS_LOGON_FAILURE
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 8 Sep 2003 Vincent.Badier@alcatel.fr wrote:> First, i'm sorry to be so silly that i don't even to success a basic samba > configuration simply working. > Compilation of the rc2 had no errors....> Here is my smb.conf : > [global] > workgroup = MYGROUP > netbios name = DATA > preferred master = No > local master = No > domain master = No > > [homes] > read only = No > > [myshare] > path = /mnt/mypath > valid users = toto > read only = No > > on the server : > data:/usr/local/samba# ./bin/smbpasswd -a toto > New SMB password: > Retype new SMB password: > Added user toto. > data:/usr/local/samba# > > On the client > ~# /usr/bin/smbclient //172.26.123.9/myshare -U toto > added interface ip=139.54.25.234 bcast=139.54.27.255 nmask=255.255.252.0 > Password:**** > session setup failed: NT_STATUS_LOGON_FAILURECan you retest against RC3. There was a change in the NTLMv2 behavior that might help. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/XhEfIR7qMdg1EfYRAhHwAKCE5YRxtCDj8U+AvLq9aSKI7Kk2IACeMiBw 4fGKb96h8RMH1MzJ9oiSUdU=7nSz -----END PGP SIGNATURE-----
Vincent.Badier@alcatel.fr
2003-Sep-10 15:08 UTC
[Samba] Simple configuration and not working.
>Can you retest against RC3. There was a change in the NTLMv2 behavior >that might help.Thank you for your response!! I checked with rc3, and now this work with such a smb.conf. I tried to join AD domain, as this will our final use, with a modified smb.conf. Somme error occured when attempting to join, but it succeded. I can list domain users and groups. Then i can't connect with my domain account. With a windows client, it ask me to enter a username and password again and again. I increase the log verbose and saw that auth suceeded, and just after, a new auth attemp with empty domain/username so i don't understand why this happen. I noticed that this didn't occured when i was with 2.2.x. I can provide the log connection attemp if needed Thank for your help and for your excellent work!! Vincent smb.conf [global] workgroup = MYAD realm = MYAD.AD.MYDOMAIN.COM netbios name = FRMASSMEP03 server string = %h server (Samba %v) security = DOMAIN update encrypted = Yes password server = ip.of.my.dc passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client lanman auth = No client plaintext auth = No log level = 3 passdb:5 auth:10 winbind:2 syslog = 0 log file = /var/log/samba/log.%m max log size = 8000 preferred master = No local master = No domain master = No dns proxy = No wins server = ip.of.my.dc ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind separator = + invalid users = root [myshare] path = /mnt/alcanet/mastw2k valid users = MYAD+mylogon admin users = MYAD+mylogon read only = No Somes lines of the log : [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[mylogon] domain=[MYAD] workstation=[MYHOSTNAME] len1=24 len2=24 [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [MYAD]\[mylogon] from workstation [MYHOSTNAME] .... [2003/09/10 16:18:26, 3] auth/auth.c:check_ntlm_password(265) check_ntlm_password: winbind authentication for user [mylogon] succeeded .... [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[] domain=[] workstation=[MYHOSTNAME] len1=1 len2=0 [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user []\[] from workstation [MYHOSTNAME] [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for ()
Vincent.Badier@alcatel.fr
2003-Sep-11 10:18 UTC
[Samba] Simple configuration and not working.
>I would expect this to be 'security = ads' >since you've specified a realm.Yes you're right, i did it now.>Does this apply to you? (From WHATSNEW): > >Changes in Behavior >- ------------------- > >The following issues are known changes in behavior between Samba 2.2 and >Samba 3.0 that may affect certain installations of Samba. > >1) When operating as a member of a Windows domain, Samba 2.2 would >map any users authenticated by the remote DC to the 'guest account' >if a uid could not be obtained via the getpwnam() call. Samba 3.0 >rejects the connection as NT_STATUS_LOGON_FAILURE. There is no >current work around to re-establish the 2.2 behavior.I don't think so since i tried 2 remote connection attempts and auth seems to success: one from a remote linux client, and a log part : # /usr/bin/smbclient //172.26.123.121/myshare -U mylogon -W MYAD Password: tree connect failed: NT_STATUS_ACCESS_DENIED [2003/09/11 11:09:38, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [mylogon] -> [mylogon] -> ] succeeded [2003/09/11 11:09:38, 5] auth/auth_util.c:free_user_info(1185) attempting to free (and zero) a user_info structure [2003/09/11 11:09:38, 10] auth/auth_util.c:free_user_info(1188) structure was created for mylogon [2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(207) User name: Real name: [2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(225) UNIX uid 0 is UNIX user, and will be vuid 100 [2003/09/11 11:09:38, 3] smbd/process.c:process_smb(890) Transaction 3 of length 104 [2003/09/11 11:09:38, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 9247) [2003/09/11 11:09:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/11 11:09:38, 2] smbd/service.c:make_connection_snum(384) user ' (from session setup) not permitted to access this share (myshare) [2003/09/11 11:09:38, 3] smbd/error.c:error_packet(113) error packet at smbd/reply.c(274) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Well, what i understand is that authentication succeeded, a free structure was created, but it seems to be not populate (user name and real name empty), so this is normal that user ' is not allowed to access to the share. Am I wrong in my reasoning? Another attempt, from a windows client now. thing are quite weird to me : First, there is Ticket name is [MYWORKSTATION$@MYAD.AD.MYDOMAIN.COM] and after another Ticket with the username. While i don't see any authentifiaction success nor deny, i see that it attempt to see if the username is in the group. Does the failure related to the bad username entry in the struct? [2003/09/11 11:45:40, 3] smbd/password.c:register_vuid(207) User name:^IReal name: ... [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+SEC_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+SEC_ANOTHER_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+THIRD_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 2] smbd/service.c:make_connection_snum(384) user ' (from session setup) not permitted to access this share (secondshare) I obviously checked that permissions are set on the filesystem as well as the user account membership to global groups. Doing thoses test seem to tell me that auth is working, but there is still a small thing that don't work in my case. If needed, i can provide complete log for each of theses test. Thank's again for your help Vincent
Vincent.Badier@alcatel.fr
2003-Sep-11 10:27 UTC
[Samba] Simple configuration and not working.
>I expect that getpwnam() failed for the user. does > >getent passwd MYAD+mylogon > >succeed?Sorry, i didn't answer to this question : no this command didn't show anything to me : #getent passwd MYAD+mylogon # Regard's vincent
can anyone pls tell me how to start Cups b4 starting samba? Thanks in anticipation. Iyke __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
On Thu, 11 Sep 2003, emma emma wrote:> can anyone pls tell me how to start Cups b4 starting > samba? > > Thanks in anticipation.That is CUPS implementation dependant. If SuSE Linux use YaST2 to configure it. If Red Hat Linux use chkconfig to configure it. - John T. -- John H Terpstra Email: jht@samba.org
good day all, pls anyone have a clue how i can resolve: the issue of Installing initscripts thru YAST2, # rpm --verify initscripts tells me initscripts is not installed. am using SUSE 8.0 with Samba 2.2.3a. #smbclient -U% -L localhost tells me error connecting to 127.0.0.1:139 (Connection refused) Thanks iyke __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com