Hi
A new setup Windows client fails to authenticate to my Samba server
(3.0.24-SerNet-RedHat).
What I see in log at level 10 is:
Got user=[SA-MC-SMSNS@corproot.net] domain=[] workstation=[MSISMSSRV01P]
len1=24 len2=122
The empty domain seams to be origin of the problem, for other systems
working OK this field is not empty.
The Windows client is:
NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 R2 5.2]
Security settings on this system enforce NTLMv2, those ones working OK are set
to use
NTLM (I was told by the Windows admin).
I guess the problem is on the Windows side but I cannot think about better place
to ask than
this list.
Log and configs below.
I would be very thankful for any help.
Thanks for your time.
Chris
Got user=[SA-MC-SMSNS@corproot.net] domain=[] workstation=[MSISMSSRV01P]
len1=24 len2=122
[2008/08/20 09:41:57, 6] param/loadparm.c:lp_file_list_changed(2998)
lp_file_list_changed()
file /etc/samba/smb.conf.nfsv2 -> /etc/samba/smb.conf.nfsv2 last mod_time:
Mon Aug 18 16:58:49 2008
[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user []\[SA-MC-SMSNS@corproot.net] from
workstation [MSISMSSRV01P]
[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for SA-MC-SMSNS@corproot.net
(SA-MC-SMSNS@corproot.net)
[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info(85)
making strings for SA-MC-SMSNS@corproot.net's user_info struct
[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info(117)
making blobs for SA-MC-SMSNS@corproot.net's user_info struct
[2008/08/20 09:41:57, 10] auth/auth_util.c:make_user_info(135)
made an encrypted user_info for SA-MC-SMSNS@corproot.net
(SA-MC-SMSNS@corproot.net)
[2008/08/20 09:41:57, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[]\[SA-MC-SMSNS@corproot.net]@[MSISMSSRV01P] with the new password interfac
e
[2008/08/20 09:41:57, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is:
[MCRESDOM]\[SA-MC-SMSNS@corproot.net]@[MSISMSSRV01P]
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(233)
check_ntlm_password: auth_context challenge created by random
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(235)
challenge is:
[2008/08/20 09:41:57, 5] lib/util.c:dump_data(2222)
[000] 29 67 C6 A2 2C EF D6 92
)g<C6><A2>,<EF><D6>.
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(261)
check_ntlm_password: guest had nothing to say
[2008/08/20 09:41:57, 8] lib/util.c:is_myname(2043)
is_myname("MCRESDOM") returns 0
[2008/08/20 09:41:57, 6] auth/auth_sam.c:check_samstrict_security(414)
check_samstrict_security: MCRESDOM is not one of my local names
(ROLE_DOMAIN_MEMBER)
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(261)
check_ntlm_password: sam had nothing to say
[2008/08/20 09:41:57, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/08/20 09:41:57, 3] smbd/uid.c:push_conn_ctx(345)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/08/20 09:41:57, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/08/20 09:41:57, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/08/20 09:41:57, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/08/20 09:41:57, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/08/20 09:41:57, 5] auth/auth.c:check_ntlm_password(273)
check_ntlm_password: winbind authentication for user
[SA-MC-SMSNS@corproot.net] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/08/20 09:41:57, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [SA-MC-SMSNS@corproot.net] ->
[SA-MC-SMSNS@corproot.net] FAILED with error NT_STATUS_LO
GON_FAILURE
[2008/08/20 09:41:57, 5] auth/auth_util.c:free_user_info(1867)
attempting to free (and zero) a user_info structure
[2008/08/20 09:41:57, 10] auth/auth_util.c:free_user_info(1871)
structure was created for SA-MC-SMSNS@corproot.net
[2008/08/20 09:41:57, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2008/08/20 09:41:57, 5] lib/util.c:show_msg(485)
[2008/08/20 09:41:57, 5] lib/util.c:show_msg(495)
smb.conf
[global]
workgroup = mcresdom
security = domain
client lanman auth = No
client NTLMv2 auth = Yes
password server = sg1562z.mcresdom.net sg1561p.mcresdom.net
name resolve order = host
winbind uid = 1000-120000
winbind gid = 1000-120000
winbind enum users = no
winbind enum groups = no
# Using ldap server as winbindd backend
idmap backend = ldap:ldap://msunldap1.swissptt.ch
ldap:ldap://msunldap2.swissptt.ch
ldap admin dn = uid=idmapadm,ou=idmap,dc=mobile,dc=ch
ldap idmap suffix = ou=idmap
ldap suffix = dc=mobile,dc=ch
And smb.conf.nfsv2 (config for this Samba instance)
[global]
workgroup = MCRESDOM
security = domain
netbios name = MSILYNFSV2
log level = 0
preferred master = no
dns proxy = no
server string = %L SYI-UNS Samba Server on %h (%v)
log file = /var/log/samba.nfsv2/%m.log
pid directory = /var/run/samba.nfsv2
private dir = /etc/samba.nfsv2
lock directory = /var/lib/samba.nfsv2
bind interfaces only = yes
interfaces = msilynfsv2