Latrell Wang 王獻綱
2006-Dec-13 10:50 UTC
[Samba] Null session problem when mounting share using domainuseraccount
My global session of smb.conf is as follows:
[global]
dos charset =3D UTF8
display charset =3D UTF8
unix charset =3D UTF8
server schannel=3Dauto
netbios name =3D NSA1129
write ok =3D yes
guest account =3D smbguest
map to guest =3D bad user
encrypt passwords =3D yes
map archive =3D no
client use spnego =3D no
auth methods =3D guest sam_ignoredomain winbind:ntdomain
host msdfs =3D yes
winbind use default domain =3D yes
workgroup =3D NAS
security =3D ads
password server =3D 172.23.26.204 *
realm =3D NAS.LOCAL
idmap uid =3D 100000-500000
idmap gid =3D 100000-500000
winbind cache time =3D 15
template homedir =3D /tmp/users/home/%D/%U
template shell =3D /bin/bash
-----Original Message-----
From: samba-bounces+latrell.wang=3Dzyxel.com.tw@lists.samba.org
[mailto:samba-bounces+latrell.wang=3Dzyxel.com.tw@lists.samba.org] On Behalf Of
Latrell Wang =A4=FD=C4m=BA=F5
Sent: Wednesday, December 13, 2006 1:56 PM
To: samba@lists.samba.org
Subject: RE: [Samba] Null session problem when mounting share using
domainuseraccount
In samba 3.0.14a, I noticed one item:
* Disable schannel on the LSA and SAMR pipes in winbindd client 1190 code to
deal with Windows 2003 SP1 and Windows 2000 SP4 SR1.
Does the fix related directly to my problem. The detailed debug message of
smbmount is as follows:
root@NSA1129:~# smbmount //localhost/dd /mnt -o
username=3Dlatrell1,password=3D1234qwer,debug=3D9
mount.smbfs started (version 3.0.21c)
added interface ip=3D172.23.26.67 bcast=3D172.23.26.255 nmask=3D255.255.255.0
Opening cache file at /etc/zyxel/samba/gencache.tdb
name localhost#20 found.
Connecting to 127.0.0.1 at port 445
socket option SO_KEEPALIVE =3D 0
socket option SO_REUSEADDR =3D 0
socket option SO_BROADCAST =3D 0
socket option TCP_NODELAY =3D 1
socket option TCP_KEEPCNT =3D 9
socket option TCP_KEEPIDLE =3D 7200
socket option TCP_KEEPINTVL =3D 75
socket option IPTOS_LOWDELAY =3D 0
socket option IPTOS_THROUGHPUT =3D 0
socket option SO_SNDBUF =3D 50160
socket option SO_RCVBUF =3D 87378
socket option SO_SNDLOWAT =3D 1
socket option SO_RCVLOWAT =3D 1
socket option SO_SNDTIMEO =3D 0
socket option SO_RCVTIMEO =3D 0
24240: session request ok
write_socket(4,183)
write_socket(4,183) wrote 183
size=3D85
smb_com=3D0x72
smb_rcls=3D0
smb_reh=3D0
smb_err=3D0
smb_flg=3D136
smb_flg2=3D49153
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D0
smb_mid=3D1
smt_wct=3D17
smb_vwv[ 0]=3D 7 (0x7)
smb_vwv[ 1]=3D12803 (0x3203)
smb_vwv[ 2]=3D 256 (0x100)
smb_vwv[ 3]=3D 1024 (0x400)
smb_vwv[ 4]=3D 65 (0x41)
smb_vwv[ 5]=3D 0 (0x0)
smb_vwv[ 6]=3D 256 (0x100)
smb_vwv[ 7]=3D45312 (0xB100)
smb_vwv[ 8]=3D 94 (0x5E)
smb_vwv[ 9]=3D64768 (0xFD00)
smb_vwv[10]=3D33011 (0x80F3)
smb_vwv[11]=3D32768 (0x8000)
smb_vwv[12]=3D17990 (0x4646)
smb_vwv[13]=3D31267 (0x7A23)
smb_vwv[14]=3D50974 (0xC71E)
smb_vwv[15]=3D 1 (0x1)
smb_vwv[16]=3D 2048 (0x800)
smb_bcc=3D16
size=3D85
smb_com=3D0x72
smb_rcls=3D0
smb_reh=3D0
smb_err=3D0
smb_flg=3D136
smb_flg2=3D49153
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D0
smb_mid=3D1
smt_wct=3D17
smb_vwv[ 0]=3D 7 (0x7)
smb_vwv[ 1]=3D12803 (0x3203)
smb_vwv[ 2]=3D 256 (0x100)
smb_vwv[ 3]=3D 1024 (0x400)
smb_vwv[ 4]=3D 65 (0x41)
smb_vwv[ 5]=3D 0 (0x0)
smb_vwv[ 6]=3D 256 (0x100)
smb_vwv[ 7]=3D45312 (0xB100)
smb_vwv[ 8]=3D 94 (0x5E)
smb_vwv[ 9]=3D64768 (0xFD00)
smb_vwv[10]=3D33011 (0x80F3)
smb_vwv[11]=3D32768 (0x8000)
smb_vwv[12]=3D17990 (0x4646)
smb_vwv[13]=3D31267 (0x7A23)
smb_vwv[14]=3D50974 (0xC71E)
smb_vwv[15]=3D 1 (0x1)
smb_vwv[16]=3D 2048 (0x800)
smb_bcc=3D16
write_socket(4,137)
write_socket(4,137) wrote 137
size=3D64
smb_com=3D0x73
smb_rcls=3D0
smb_reh=3D0
smb_err=3D0
smb_flg=3D136
smb_flg2=3D16385
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D100
smb_mid=3D2
smt_wct=3D3
smb_vwv[ 0]=3D 255 (0xFF)
smb_vwv[ 1]=3D 0 (0x0)
smb_vwv[ 2]=3D 1 (0x1)
smb_bcc=3D23
24240: session setup ok
write_socket(4,69)
write_socket(4,69) wrote 69
size=3D35
smb_com=3D0x75
smb_rcls=3D1
smb_reh=3D0
smb_err=3D5
smb_flg=3D136
smb_flg2=3D1
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D100
smb_mid=3D3
smt_wct=3D0
smb_bcc=3D0
24240: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed
Latrell.
-----Original Message-----
From: samba-bounces+latrell.wang=3Dzyxel.com.tw@lists.samba.org
[mailto:samba-bounces+latrell.wang=3Dzyxel.com.tw@lists.samba.org] On Behalf Of
Latrell Wang =A4=FD=C4m=BA=F5
Sent: Tuesday, December 12, 2006 7:12 PM
To: samba@lists.samba.org
Subject: [Samba] Null session problem when mounting share using domain
useraccount
Hi all:
=20
As far as I know, windows 2003 sp1 restricts anonymous access to samr and
lsarpc. On windows 2003, everyone group does not include anonymous logon, thus
anonymous enumeration can=A1=A6t be achieved unless anonymous logon is a member
of pre-windows 2000 compatible group. I think this is the reason why smbmount
using domain user account failed. The error message is as follows:
=20
26520: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed
=20
The packets showed that =A1=A7STATUS_ACCESS_DENIED=A1=A8 in SamrConnect2 request
and reply. If anonymous logon belongs to pre-windows 2000 compatible group,
smbmount ran successfully.
=20
Will samba work around this issue?
=20
Thanks for the replies.
=20
Latrell.
--=20
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--=20
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Reasonably Related Threads
Wisdom of the Ancients
