Adi Nugraha
2004-Dec-09 08:17 UTC
[Samba] samba>=3.0.4 - no more smbpasswd ? no more local auth whenjoined to domain ?
how about redirecting the smbpasswd file to the older version (assuming you have one) using smbpasswd file = /file/path/smbpasswd , I replaced my copy of smbpasswd for 3.09 with a 2.216 and the smbpasswd command stopped working, (no new entry added to the smbpasswd file), but when i used that it worked again "Izo" <I@siol.net> wrote in message news:41B8004E.8050807@siol.net...> Not only nobody reads news://linux.samba, nobody obviously reads this > newsgroup also ! This is just the 5th time I am sending the same or > similar message in last 7 days with no response... > > I would like to point out that *I really need" help on this - either > appointment to prompter resource either an answer about what is going on > with my Samba installation > > Platform: SuSE-9.1, kernel-2.6.5, samba-3.0.4 > > I have recently upgraded from 3.0.2a to 3.0.4 and I have just noticed > that using the same smb.conf as with previous version, the system just > does not work anymore for me ! > Furthermore, smbpasswd utility appears to be dropped ! > > Afterwards, I have noticed that I had to join the domain once again > (security > DOMAIN). Yet, I still could not log in on to my machine. Before joining > again, every attempt to access shared resources on MYHOST failed with: > > session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE > > This behaviour was just the same even if I tried to used local samba > user. This indicates, that the smbpasswd file is either ignored (despite > passdb backend being set to smbpasswd) either changed the structure > either being displaced. Anyway, browsing the samba docs I could only > realize it was rather outdated (it refered to samba 3.0, obviously not > to samba-3.0.4 and later), wasn't it ? > > # smbclient -U me -L MYHOST -d3 > lp_load: refreshing parameters > Initialising global parameters > params.c:pm_process() - Processing configuration file"/etc/samba/smb.conf"> Processing section "[global]" > Unknown parameter encountered: "character set" > Ignoring unknown parameter "character set" > Unknown parameter encountered: "client code page" > Ignoring unknown parameter "client code page" > added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 > added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 > Client started (version 3.0.2a-SUSE). > Connecting to 172.22.110.137 at port 139 > Password: > Doing spnego session setup (blob length=58) > got OID=1 3 6 1 4 1 311 2 2 10 > got principal=NONE > Got challenge flags: > Got NTLMSSP neg_flags=0x60890215 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60080215 > SPENGO login failed: Trust relationship failure > session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE > > > > As I've already said, I realized that I should have joined domain again. > Why so if none of samba admin files changed during upgrade ? Anyway, net > join went smoothly - I got reported Joined to domain OURDOMAIN so I > supposed I was joined, wasn't I ? > > Now I could perform net user -L MYHOST with DOMAIN authentication, yet I > could > not map or browse any of served shares from MYHOST (see the smbclient > dump below) > > And more - where has support for local user/passwords gone ? I had > previously > configured few users which had not been configured within OURDOMAIN (using > smbpasswd -a FOOUSER) and authentication was performed locally even when > MYHOST was joined into OURDOMAIN. It seems that this functionality has > just been dropped, hasn't it ? > > > > Smbclient dump: smbclient notoriously reports as follows (see also > testparm dump after smbclient dump): > > # smbclient -d3 -L me -U MYHOST > lp_load: refreshing parameters > Initialising global parameters > params.c:pm_process() - Processing configuration file"/etc/samba/smb.conf"> Processing section "[global]" > added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 > added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 > Client started (version 3.0.2a-SUSE). > resolve_lmhosts: Attempting lmhosts lookup for name kiztok<0x20> > resolve_wins: Attempting wins lookup for name kiztok<0x20> > resolve_wins: using WINS server 172.22.0.8 and tag '*' > Got a positive name query response from 172.22.0.8 ( 192.168.74.1 > 172.22.110.137 ) > Connecting to 192.168.74.1 at port 139 > Password: > Doing spnego session setup (blob length=58) > got OID=1 3 6 1 4 1 311 2 2 10 > got principal=NONE > Got challenge flags: > Got NTLMSSP neg_flags=0x60890215 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60080215 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60080215 > SPENGO login failed: Logon failure > session setup failed: NT_STATUS_LOGON_FAILURE > > > > > > # testparm -v > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[printers]" > Processing section "[print$]" > Processing section "[movies]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > # Global parameters > [global] > dos charset = CP850 > unix charset = UTF-8 > display charset = ISO8859-15 > workgroup = OURDOMAIN > realm > netbios name = MYHOST > netbios aliases > netbios scope > server string = My Linux host > interfaces > bind interfaces only = No > security = DOMAIN > auth methods > encrypt passwords = Yes > update encrypted = No > client schannel = Auto > server schannel = Auto > allow trusted domains = Yes > hosts equiv > min passwd length = 5 > use cracklib = No > map to guest = Never > null passwords = No > obey pam restrictions = No > password server = ourpasswordserver > smb passwd file = /etc/samba/smbpasswd > private dir = /etc/samba > passdb backend = smbpasswd > algorithmic rid base = 1000 > root directory > guest account = nobody > pam password change = No > passwd program > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > passwd chat debug = No > passwd chat timeout = 2 > username map > password level = 0 > username level = 0 > unix password sync = No > restrict anonymous = 0 > lanman auth = Yes > ntlm auth = Yes > client NTLMv2 auth = No > client lanman auth = Yes > client plaintext auth = Yes > preload modules > log level = 0 > syslog = 1 > syslog only = No > log file > max log size = 5000 > timestamp logs = Yes > debug hires timestamp = No > debug pid = No > debug uid = No > smb ports = 445 139 > protocol = NT1 > large readwrite = Yes > max protocol = NT1 > min protocol = CORE > unicode = Yes > read bmpx = No > read raw = Yes > write raw = Yes > disable netbios = No > acl compatibility > nt pipe support = Yes > nt status support = Yes > announce version = 4.9 > announce as = NT > max mux = 50 > max xmit = 16644 > name resolve order = lmhosts wins host bcast > max ttl = 259200 > max wins ttl = 518400 > min wins ttl = 21600 > time server = No > unix extensions = Yes > use spnego = Yes > client signing = auto > server signing = No > client use spnego = Yes > change notify timeout = 60 > deadtime = 0 > getwd cache = Yes > keepalive = 300 > kernel change notify = Yes > lpq cache time = 10 > max smbd processes = 0 > paranoid server security = Yes > max disk size = 0 > max open files = 10000 > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY > use mmap = Yes > hostname lookups = No > name cache timeout = 660 > load printers = Yes > printcap name = cups > disable spoolss = No > enumports command > addprinter command > deleteprinter command > show add printer wizard = Yes > os2 driver map > mangling method = hash2 > mangle prefix = 1 > stat cache = Yes > machine password timeout = 604800 > add user script > delete user script > add group script > delete group script > add user to group script > delete user from group script > set primary group script > add machine script > shutdown script > abort shutdown script > logon script > logon path = \\%N\%U\profile > logon drive > logon home = \\%N\%U > domain logons = No > os level = 65 > lm announce = Auto > lm interval = 60 > preferred master = Auto > local master = No > domain master = Auto > browse list = Yes > enhanced browsing = Yes > dns proxy = Yes > wins proxy = No > wins server = 172.22.0.8 > wins support = No > wins hook > wins partners > kernel oplocks = Yes > lock spin count = 3 > lock spin time = 10 > oplock break wait time = 0 > ldap suffix > ldap machine suffix > ldap user suffix > ldap group suffix > ldap idmap suffix > ldap filter = (uid=%u) > ldap admin dn > ldap ssl > ldap passwd sync = no > ldap delete dn = No > ldap replication sleep = 1000 > add share command > change share command > delete share command > config file > preload > lock directory = /var/lib/samba > pid directory = /var/run/samba > utmp directory > wtmp directory > utmp = No > default service > message command > dfree command > get quota command > set quota command > remote announce > remote browse sync > socket address = 0.0.0.0 > homedir map = auto.home > afs username map > time offset = 0 > NIS homedir = No > panic action > host msdfs = No > enable rid algorithm = Yes > idmap backend > idmap uid > idmap gid > template primary group = nobody > template homedir = /home/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 300 > winbind enable local accounts = Yes > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = No > winbind trusted domains only = No > comment > path > username > invalid users > valid users > admin users > read list > write list > printer admin > force user > force group > read only = Yes > create mask = 0744 > force create mode = 00 > security mask = 0777 > force security mode = 00 > directory mask = 0755 > force directory mode = 00 > directory security mask = 0777 > force directory security mode = 00 > inherit permissions = No > inherit acls = No > guest only = No > guest ok = No > only user = No > hosts allow > hosts deny > nt acl support = Yes > profile acls = No > map acl inherit = No > afs share = No > block size = 1024 > max connections = 0 > min print space = 0 > strict allocate = No > strict sync = No > sync always = No > use sendfile = No > write cache size = 0 > max reported print jobs = 0 > max print jobs = 1000 > printable = No > printing = cups > printing cups options > print command > lpq command > lprm command > lppause command > lpresume command > queuepause command > queueresume command > printer name > use client driver = No > default devmode = No > default case = lower > case sensitive = No > preserve case = Yes > short preserve case = Yes > mangle case = No > mangling char = ~ > hide dot files = Yes > hide special files = No > hide unreadable = No > hide unwriteable files = No > delete veto files = No > veto files = /*.eml/*.nws/riched20.dll/*.{*}/ > hide files > veto oplock files > map system = No > map hidden = No > map archive = Yes > mangled names = Yes > mangled map > browseable = Yes > blocking locks = Yes > csc policy = manual > fake oplocks = No > locking = Yes > oplocks = Yes > level2 oplocks = Yes > oplock contention limit = 2 > posix locking = Yes > strict locking = Yes > share modes = Yes > copy > include > exec > preexec close = No > postexec > root preexec > root preexec close = No > root postexec > available = Yes > volume > fstype = NTFS > set directory = No > wide links = Yes > follow symlinks = Yes > dont descend > magic script > magic output > delete readonly = No > dos filemode = No > dos filetimes = No > dos filetime resolution = No > fake directory create times = No > vfs objects > msdfs root = No > msdfs proxy > > [homes] > comment = Home Directories > valid users = %S > read only = No > create mask = 0640 > directory mask = 0750 > browseable = No > > [printers] > comment = All Printers > path = /var/tmp > create mask = 0600 > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/drivers > write list = @ntadmin, root > force group = ntadmin > create mask = 0664 > directory mask = 0775 > > [movies] > comment = Movies > path = /srv/smbshare/movies > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Izo
2004-Dec-09 08:51 UTC
[Samba] samba>=3.0.4 - no more smbpasswd ? no more local auth whenjoined to domain ?
Adi Nugraha wrote:> how about redirecting the smbpasswd file to the older version (assuming you > have one) using smbpasswd file = /file/path/smbpasswd , I replaced my copy > of smbpasswd for 3.09 with a 2.216 and the smbpasswd command stopped > working, (no new entry added to the smbpasswd file), but when i used that it > worked againDoes this mean that the Samba is not reliable anymore ? The smbpasswd is only part of my question. Of course I could install it from the previous RPM, yet it would not solve my problem at all. I want to know what is going on, really, with my Samba-3.0.4 (packaged by SuSE) installation. I assume that changes should have some purpose but they are clearly not well described. Or Samba just happens to be too buggy to be used nowadays ? My problem in short is, I have successfully (re-)joined my computer into domain, yet it ceased to authenticate either domain either local user. Izo
Izo
2004-Dec-10 11:11 UTC
[Samba] samba>=3.0.4 - no more smbpasswd ? no more local auth whenjoined to domain ?
Gerald (Jerry) Carter wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Izo wrote: > | > | Does this mean that the Samba is not reliable anymore ? > | The smbpasswd is only part of my question. Of course > | I could install it from the previous RPM, yet it would not > | solve my problem at all. > > I have no idea what you are talking about.smbpasswd utility is missing in newest SuSE samba-3.0.4 patch for SuSE-9.1 distro (via online update) so I've just thought that this was for good. Adi (see previous posts from this thread) proposed to install it from wherever I could get it which, of course, I refused since it does not solve my main problem.> > | I have recently upgraded from 3.0.2a to 3.0.4 and I have > | just noticed that using the same smb.conf as with > | previous version, the system just does not work anymore > | for me ! Furthermore, smbpasswd utility appears to be dropped ! > > The smbpasswd utility has not changed its feature set in the 3.0.x > releases. It's still there. Trust me. :-)Well, shame on SuSE then ! If they've sc..wed up It is the second time after their last year's bogus cvs patch for SuSE-8.1 ...> > | Anyway, browsing the samba docs I could only realize it > | was rather outdated (it refered to samba 3.0, obviously not > | to samba-3.0.4 and later), wasn't it ? > > The docs apply to all 3.0.x releases. Thus they are written > for the Samba 3.0 . Not a specific patch release. > > PS: You need to look at the Samba server logs to > figure out why the authentication is failing, not the > smbclient output. > > ># smbclient -d3 -U me -L MYHOST (using username from domain the samba is joined into) # tail -f /var/log/samba/log.smbd (default log level) [2004/12/10 11:47:48, 0] auth/auth_util.c:make_server_info_info3(1120) make_server_info_info3: pdb_init_sam failed! # tail -f /var/log/samba/log.nmbd (default log level) (nothing to be logged) (smbclient response, just for convenience) lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" added interface ip=172.22.110.137 bcast=172.22.255.255 nmask=255.255.0.0 added interface ip=192.168.74.1 bcast=192.168.74.255 nmask=255.255.255.0 Client started (version 3.0.2a-SUSE). resolve_lmhosts: Attempting lmhosts lookup for name MYHOST<0x20> resolve_wins: Attempting wins lookup for name MYHOST<0x20> resolve_wins: using WINS server 172.22.0.8 and tag '*' Got a positive name query response from 172.22.0.8 ( 192.168.74.1 172.22.110.137 ) Connecting to 172.22.110.137 at port 139 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPENGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE I succedeed to log-on to MYHOST using local password using extended user description: MYHOST/me_local I succeeded to log-on to MYHOST using the pasword from the domain that my samba is not joined into but is replicating the authentication to/from the domain my samba isjoined into. Let me point out again that the same smb.conf and passwd files worked just fine with the 3.0.2a samba version. Izo
Izo
2004-Dec-10 14:23 UTC
[Samba] samba>=3.0.4 - no more smbpasswd ? no more local auth whenjoined to domain ?
K.Watanabe wrote:> Hi. > > I am using same SuSE9.1 and Samba3.0.4.(updated automatically by YaST) > smbpasswd is still existing and samba is fine. > How about re-install RPMs with YaST? > > Kei(kei@fox.dti2.ne.jp) >Yes. I have found it now. They have removed it from samba.rpm and packaged it to samba-client.rpm. Later one unfortunately did not show as update-able during online update .... So - smbpasswd problem has been solved. Izo