All,
I've recently upgraded my Samba server from 2.2.8 to 3.0.1. I also changed
the
security option to "security=Domain" and added it to the AD domain.
The issue
that I am having is that some users cannot access a share that is accessible to
group members only, even though they are in the group. It appears that certain
users on certain machines have a hard time mapping the correct username, and
instead use the guest name "nobody." However, the same user can go to
a
different machine and work correctly. When users are made to use the
"nobody"
account, they cannot access shares that are locked down to group members only.
Does anyone have any insight? The log is below:
Thanks!!!
2004/01/21 16:54:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(502)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
[2004/01/21 16:54:05, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(609)
Got user=[] domain=[] workstation=[Machine] len1=1 len2=0
[2004/01/21 16:54:05, 5] auth/auth_util.c:make_user_info_map(216)
make_user_info_map: Mapping user []\[] from workstation [Machine]
[2004/01/21 16:54:05, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172)
no entry for trusted domain DOM found.
[2004/01/21 16:54:05, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for ()
[2004/01/21 16:54:05, 5] auth/auth_util.c:make_user_info(142)
making strings for 's user_info struct
[2004/01/21 16:54:05, 5] auth/auth_util.c:make_user_info(184)
making blobs for 's user_info struct
[2004/01/21 16:54:05, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user []\[]@[Machine] with
the new password interface
[2004/01/21 16:54:05, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [DOM]\[]@[Machine]
[2004/01/21 16:54:05, 5] lib/util.c:dump_data(1830)
[000] D1 53 E0 36 B2 53 5C 09 .S.6.S\.
[2004/01/21 16:54:05, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/01/21 16:54:05, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/01/21 16:54:05, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/01/21 16:54:05, 5] auth/auth_util.c:debug_nt_user_token(486)
[2004/01/21 16:54:06, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 60001
Primary group is 60001 and contains 2 supplementary groups
Group[ 0]: 60001
Group[ 1]: 60001
[2004/01/21 16:54:06, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)
fetch sid from gid cache 60001 ->
S-1-5-21-1968233026-2803270070-2135394632-121003
[2004/01/21 16:54:06, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235)
fetch sid from gid cache 60001 ->
S-1-5-21-1968233026-2803270070-2135394632-121003
[2004/01/21 16:54:06, 5] auth/auth_util.c:make_server_info_sam(841)
make_server_info_sam: made server info for user nobody -> nobody
[2004/01/21 16:54:06, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: guest authentication for user [] succeeded
[2004/01/21 16:54:06, 5] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: guest authentication for user [] -> [] -> [nobody]
succeeded
[2004/01/21 16:54:06, 5] auth/auth_util.c:free_user_info(1258)
attempting to free (and zero) a user_info structure
[2004/01/21 16:54:06, 5] libsmb/ntlmssp.c:ntlmssp_server_auth(689)
server session key is invalid (len == 0), cannot do KEY_EXCH!
[2004/01/21 16:54:06, 3] smbd/password.c:register_vuid(221)
User name: nobody Real name: nobody
[2004/01/21 16:54:06, 3] smbd/password.c:register_vuid(240)
UNIX uid 60001 is UNIX user nobody, and will be vuid 115
