Hi samba community.
I'm having a problem with the smb_auth authentication method. Everything
looks like normal, but everytime I try to use smb_auth it returns ERR.
I will show here some commands output to secure that all configuration is
correct, and if anyone can help me to investigate what's happend I'll
thanks.
I'm using: Debian lenny, updated.
ii samba 2:3.2.3-1
ii squid 2.7.STABLE3-1
XXXXXXXXXX its the correct password.
8<----------------------------------
sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
vinicius XXXXXXXXXXX
Domain name: SEKPLASTICOS
Pass-through authentication: no
Query address options: -U 127.0.0.1 -R
Domain controller IP address: 10.0.0.1
Domain controller NETBIOS name: SEK
Contents of //SEK/NETLOGON/proxyauth:
ERR
8<----------------------------------
But, look at the smbclient command.
vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get
proxyauth -"
Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
allow
getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
Running smb_auth with user "vinicius" don't work too.
8<----------------------------------
Some permission and configs:
8<----------------------------------
The smb_auth permissions
sek:/usr/lib/squid# ls -l /usr/lib/squid/
total 284
-rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth
-rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon
-rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth
-rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check
-rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth
-rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon
-rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth
-rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth
-rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth
-rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth
-rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth
-rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh
-rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth
-rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group
-rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session
-rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group
-rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd
-rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl
-rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth
8<----------------------------------
The SMB configuration
sek:/usr/lib/squid# cat /etc/samba/smb.conf
# Samba config file created using SWAT
# from 192.168.0.2 (192.168.0.2)
# Date: 2008/04/04 23:07:20
[global]
workgroup = sekplasticos
netbios name = sek
server string = sek
security = user
null passwords = No
encrypt passwords = true
unix password sync = No
unix charset = iso8859-1
display charset = cp850
log level = 3
log file = /var/log/samba_log.%u
keepalive = 20
socket options = IPTOS_LOWDELAY TCP_NODELAY
logon path = \\sek\sysvol\%U
logon drive = P
domain logons = Yes
os level = 100
preferred master = Yes
domain master = Yes
local master = Yes
wins support = Yes
ldap ssl = no
comment = Servidor Sek
admin users = vinicius
time server = Yes
hosts allow = 127., 192.168.0., 10.0.0.
[homes]
comment = Pastas dos Usuarios
browseable = No
writable = Yes
create mask = 0600
directory mask = 0700
valid users = %S
[netlogon]
comment = Compartilhamento de Scripts
path = /home/netlogon
public = Yes
browseable = Yes
writable = Yes
[sysvol]
comment = System Volume
path = /home/sysvol
writable = Yes
guest ok = Yes
share modes = No
browseable = No
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
[publico]
comment = publico
path = /home/publico
guest ok = No
writable = Yes
create mask = 0644
directory mask = 0777
public = Yes
[aplicativos]
comment = aplicativos
path = /home/aplicativos
guest ok = No
writable = Yes
browseable = Yes
create mask = 0600
directory mask = 0700
valid users = gilberto
sek:/usr/lib/squid#
8<----------------------------------
The NETLOGON permissions and proxyauth
sek:/home/netlogon# ls -l
total 4
-rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
sek:/home/netlogon# ls -ld
drwxrwxrwx 2 root root 22 Ago 31 17:35 .
sek:/home/netlogon# cat proxyauth
allow
8<----------------------------------
Really thanks if someone could help me.
--
Vinicius Ruoso - vkr07@c3sl.ufpr.br
C3SL: http://www.c3sl.ufpr.br
Since upgrading to 3.2.x I had to enable lanman auth = yes in my smb.conf (thats from memory - you may want to check the man page) It fixed it for me. Jon 2008/8/31 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:> Hi samba community. > > I'm having a problem with the smb_auth authentication method. Everything > looks like normal, but everytime I try to use smb_auth it returns ERR. > > I will show here some commands output to secure that all configuration is > correct, and if anyone can help me to investigate what's happend I'll > thanks. > > > I'm using: Debian lenny, updated. > > ii samba 2:3.2.3-1 > ii squid 2.7.STABLE3-1 > > XXXXXXXXXX its the correct password. > > 8<---------------------------------- > sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d > vinicius XXXXXXXXXXX > Domain name: SEKPLASTICOS > Pass-through authentication: no > Query address options: -U 127.0.0.1 -R > Domain controller IP address: 10.0.0.1 > Domain controller NETBIOS name: SEK > Contents of //SEK/NETLOGON/proxyauth: > ERR > 8<---------------------------------- > > But, look at the smbclient command. > > vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth -" > Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3] > allow > getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s) > > Running smb_auth with user "vinicius" don't work too. > 8<---------------------------------- > > Some permission and configs: > > 8<---------------------------------- > The smb_auth permissions > > sek:/usr/lib/squid# ls -l /usr/lib/squid/ > total 284 > -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth > -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon > -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth > -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check > -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth > -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon > -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth > -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth > -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth > -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth > -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth > -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh > -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth > -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group > -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session > -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group > -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd > -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl > -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth > > > 8<---------------------------------- > The SMB configuration > > sek:/usr/lib/squid# cat /etc/samba/smb.conf > # Samba config file created using SWAT > # from 192.168.0.2 (192.168.0.2) > # Date: 2008/04/04 23:07:20 > > [global] > workgroup = sekplasticos > netbios name = sek > server string = sek > security = user > null passwords = No > encrypt passwords = true > unix password sync = No > unix charset = iso8859-1 > display charset = cp850 > log level = 3 > log file = /var/log/samba_log.%u > keepalive = 20 > socket options = IPTOS_LOWDELAY TCP_NODELAY > logon path = \\sek\sysvol\%U > logon drive = P > domain logons = Yes > os level = 100 > preferred master = Yes > domain master = Yes > local master = Yes > wins support = Yes > ldap ssl = no > comment = Servidor Sek > admin users = vinicius > time server = Yes > hosts allow = 127., 192.168.0., 10.0.0. > > [homes] > comment = Pastas dos Usuarios > browseable = No > writable = Yes > create mask = 0600 > directory mask = 0700 > valid users = %S > > [netlogon] > comment = Compartilhamento de Scripts > path = /home/netlogon > public = Yes > browseable = Yes > writable = Yes > > [sysvol] > comment = System Volume > path = /home/sysvol > writable = Yes > guest ok = Yes > share modes = No > browseable = No > hide files = /desktop.ini/ntuser.ini/NTUSER.*/ > > [publico] > comment = publico > path = /home/publico > guest ok = No > writable = Yes > create mask = 0644 > directory mask = 0777 > public = Yes > > [aplicativos] > comment = aplicativos > path = /home/aplicativos > guest ok = No > writable = Yes > browseable = Yes > create mask = 0600 > directory mask = 0700 > valid users = gilberto > sek:/usr/lib/squid# > > 8<---------------------------------- > The NETLOGON permissions and proxyauth > > sek:/home/netlogon# ls -l > total 4 > -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth > sek:/home/netlogon# ls -ld > drwxrwxrwx 2 root root 22 Ago 31 17:35 . > sek:/home/netlogon# cat proxyauth > allow > 8<---------------------------------- > > > Really thanks if someone could help me. > > -- > Vinicius Ruoso - vkr07@c3sl.ufpr.br > C3SL: http://www.c3sl.ufpr.br > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Sorry for the misleading information. I use censornet and that stopped authenticating to the domain when I did the upgrade to 3.2.x - I thought you might be suffering the same issue. Jon 2008/9/1 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:> Hi Jon Wilson, > > Really thanks for your fast response. But the "lanman auth = yes" added > to global directive of my smb.conf don't make any effect on smb_auth > authentication process. The response still the same. :( > > Do you have any other idea of what can be done to fix it? > Any hope is very welcome. I'm trying to get this work a long time. > > 8<------------------------------------------------------------------- > The following are the man entry to lanman auth: > It looks like that this option don't affect smbclient requests. > > lanman auth (G) > > This parameter determines whether or not smbd(8) will attempt to > authenticate users or permit password changes using the LANMAN > password hash. If disabled, only clients which support NT password > hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows > 95/98 or the MS DOS network client) will be able to connect to the > Samba host. > > The LANMAN encrypted response is easily broken, due to it?s > case-insensitive nature, and the choice of algorithm. Servers > without Windows 95/98/ME or MS DOS clients are advised to disable > this option. > > Unlike the encrypt passwords option, this parameter cannot alter > client behaviour, and the LANMAN response will still be sent over > the network. See the client lanman auth to disable this for > Samba?s > clients (such as smbclient) > > If this option, and ntlm auth are both disabled, then only NTLMv2 > logins will be permited. Not all clients support NTLMv2, and most > will require special configuration to use it. > > Default: lanman auth = no > > 8<------------------------------------------------------------------- > > > >> Since upgrading to 3.2.x I had to enable >> >> lanman auth = yes >> >> in my smb.conf >> >> (thats from memory - you may want to check the man page) >> >> It fixed it for me. >> >> Jon >> >> >> 2008/8/31 Vinicius Ruoso <vkr07@c3sl.ufpr.br>: >>> Hi samba community. >>> >>> I'm having a problem with the smb_auth authentication method. Everything >>> looks like normal, but everytime I try to use smb_auth it returns ERR. >>> >>> I will show here some commands output to secure that all configuration >>> is >>> correct, and if anyone can help me to investigate what's happend I'll >>> thanks. >>> >>> >>> I'm using: Debian lenny, updated. >>> >>> ii samba 2:3.2.3-1 >>> ii squid 2.7.STABLE3-1 >>> >>> XXXXXXXXXX its the correct password. >>> >>> 8<---------------------------------- >>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d >>> vinicius XXXXXXXXXXX >>> Domain name: SEKPLASTICOS >>> Pass-through authentication: no >>> Query address options: -U 127.0.0.1 -R >>> Domain controller IP address: 10.0.0.1 >>> Domain controller NETBIOS name: SEK >>> Contents of //SEK/NETLOGON/proxyauth: >>> ERR >>> 8<---------------------------------- >>> >>> But, look at the smbclient command. >>> >>> vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth >>> -" >>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3] >>> allow >>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s) >>> >>> Running smb_auth with user "vinicius" don't work too. >>> 8<---------------------------------- >>> >>> Some permission and configs: >>> >>> 8<---------------------------------- >>> The smb_auth permissions >>> >>> sek:/usr/lib/squid# ls -l /usr/lib/squid/ >>> total 284 >>> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth >>> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon >>> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth >>> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check >>> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth >>> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon >>> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth >>> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth >>> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth >>> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth >>> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth >>> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh >>> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth >>> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group >>> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session >>> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group >>> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd >>> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl >>> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth >>> >>> >>> 8<---------------------------------- >>> The SMB configuration >>> >>> sek:/usr/lib/squid# cat /etc/samba/smb.conf >>> # Samba config file created using SWAT >>> # from 192.168.0.2 (192.168.0.2) >>> # Date: 2008/04/04 23:07:20 >>> >>> [global] >>> workgroup = sekplasticos >>> netbios name = sek >>> server string = sek >>> security = user >>> null passwords = No >>> encrypt passwords = true >>> unix password sync = No >>> unix charset = iso8859-1 >>> display charset = cp850 >>> log level = 3 >>> log file = /var/log/samba_log.%u >>> keepalive = 20 >>> socket options = IPTOS_LOWDELAY TCP_NODELAY >>> logon path = \\sek\sysvol\%U >>> logon drive = P >>> domain logons = Yes >>> os level = 100 >>> preferred master = Yes >>> domain master = Yes >>> local master = Yes >>> wins support = Yes >>> ldap ssl = no >>> comment = Servidor Sek >>> admin users = vinicius >>> time server = Yes >>> hosts allow = 127., 192.168.0., 10.0.0. >>> >>> [homes] >>> comment = Pastas dos Usuarios >>> browseable = No >>> writable = Yes >>> create mask = 0600 >>> directory mask = 0700 >>> valid users = %S >>> >>> [netlogon] >>> comment = Compartilhamento de Scripts >>> path = /home/netlogon >>> public = Yes >>> browseable = Yes >>> writable = Yes >>> >>> [sysvol] >>> comment = System Volume >>> path = /home/sysvol >>> writable = Yes >>> guest ok = Yes >>> share modes = No >>> browseable = No >>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/ >>> >>> [publico] >>> comment = publico >>> path = /home/publico >>> guest ok = No >>> writable = Yes >>> create mask = 0644 >>> directory mask = 0777 >>> public = Yes >>> >>> [aplicativos] >>> comment = aplicativos >>> path = /home/aplicativos >>> guest ok = No >>> writable = Yes >>> browseable = Yes >>> create mask = 0600 >>> directory mask = 0700 >>> valid users = gilberto >>> sek:/usr/lib/squid# >>> >>> 8<---------------------------------- >>> The NETLOGON permissions and proxyauth >>> >>> sek:/home/netlogon# ls -l >>> total 4 >>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth >>> sek:/home/netlogon# ls -ld >>> drwxrwxrwx 2 root root 22 Ago 31 17:35 . >>> sek:/home/netlogon# cat proxyauth >>> allow >>> 8<---------------------------------- >>> >>> >>> Really thanks if someone could help me. >>> >>> -- >>> Vinicius Ruoso - vkr07@c3sl.ufpr.br >>> C3SL: http://www.c3sl.ufpr.br >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/listinfo/samba >>> >> > > > -- > Vinicius Ruoso - vkr07@c3sl.ufpr.br > C3SL: http://www.c3sl.ufpr.br > >