Carlyle Sutphen
2009-Oct-09 09:42 UTC
[Samba] Just a simple smbpasswd authentication won't work
Hello List.
We have a number of working ADS servers. One of out clients is not in the
Kerberized domain so there users log in via NIS. Having looked at the options
for enabling NIS authentication I have decided to use the smbpasswd. Now I
can't get that to work.
After using smbpasswd to create two users, one created locally, in the
/etc/passwd, and one that exists already in NIS. Not only can I not map the
share to my XP workstation, as either user, I am unable to change the password.
I will include the failed password change and the server configuration followed
by a log excerpt from the session.
Here is the location of the smbpasswd file:
# l /export/samba/var/private
total 40
drwxr-x--- 2 root system 512 Oct 09 10:17 .
drwxr-x--- 5 root system 512 Oct 07 18:13 ..
-rw------- 1 root system 8192 Oct 09 11:37 secrets.tdb
-rw------- 1 root system 325 Oct 09 09:44 smbpasswd
And:
# cat /export/samba/var/private/smbpasswd
nobody:4294967294:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU
]:LCT-00000000:
test:200:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U
]:LCT-4ACEE647:
zgunchr:2289386:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U
]:LCT-4ACEE9EC:
Now the failed smbpasswd session:
smbpasswd -r fracosmad3
Old SMB password:
New SMB password:
Retype new SMB password:
Could not connect to machine fracosmad3: NT_STATUS_LOGON_FAILURE
Failed to change password for test
The configuration:
[global]
security = USER
workgroup = GWG
wins server = fraeswwnp1.de.db.com,mhgeswwnp1.de.db.com
server string = GWG
dns proxy = no
encrypt passwords = yes
client ntlmv2 auth = yes
lanman auth = no
ntlm auth = no
deadtime = 5
hide dot files = yes
bind interfaces only = yes
max log size = 4096
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192
SO_SNDBUF=8192
username map = /export/samba/etc/username.map
pid directory = /export/samba/var/locks
private dir = /export/samba/var/private
interfaces = 10.216.5.45
netbios name = fracosmad3
netbios aliases = GWG
log level = 3
log file = /export/samba/var/log/log.samba
nis homedir = no
[gwgro]
comment = GWG Read Only User
path = /home/gwgro
valid users = gwgro,test
read only = No
writable = yes
Log excerpt:
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822)
wct=12 flg2=0xc801
[2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633)
Doing spnego session setup
[2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2009/10/09 10:54:43, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
Got user=[test] domain=[] workstation=[FRACOSMAD3] len1=24 len2=24
[2009/10/09 10:54:43, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[]\[test]@[FRACOSMAD3] with the new password interface
[2009/10/09 10:54:43, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [FRACOSMAD3]\[test]@[FRACOSMAD3]
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 2] libsmb/ntlm_check.c:ntlm_password_check(349)
ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user test
[2009/10/09 10:54:43, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
ntlm_password_check: NEITHER LanMan nor NT password supplied for user test
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [test] -> [test] FAILED with
error NT_STATUS_WRONG_PASSWORD
[2009/10/09 10:54:43, 3] smbd/process.c:timeout_processing(1447)
timeout_processing: End of file from client (client has disconnected).
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 2] smbd/server.c:exit_server(614)
Closing connections
[2009/10/09 10:54:43, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2009/10/09 10:54:43, 3] smbd/server.c:exit_server(655)
Server exit (normal exit)
--
Informationen (einschlie?lich Pflichtangaben) zu einzelnen, innerhalb der EU
t?tigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank
finden Sie unter http://www.db.com/de/content/pflichtangaben.htm. Diese E-Mail
enth?lt vertrauliche und/ oder rechtlich gesch?tzte Informationen. Wenn Sie
nicht der richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das
unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht
gestattet.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for information
(including mandatory corporate particulars) on selected Deutsche Bank branches
and group companies registered or incorporated in the European Union. This
e-mail may contain confidential and/or privileged information. If you are not
the intended recipient (or have received this e-mail in error) please notify the
sender immediately and delete this e-mail. Any unauthorized copying, disclosure
or distribution of the material in this e-mail is strictly forbidden.
Apparently Analagous Threads
- samba bad password count reset between logins (not loaded from login_cache.tdb)
- samba bad password count reset between logins (not loaded from login_cache.tdb)
- samba bad password count reset between logins (not loaded from login_cache.tdb)
- Problems with smbpasswd: any local changes are discarted after connection request
- samba bad password count reset between logins (not loaded from login_cache.tdb)
Wisdom of the Ancients
