I have a Samba 3.4.7 server with ADS authentication. Windows clients
have no issues, but non-domain MFPs cannot access shares, even with
guest ok = yes.
The MFPs can scan to a Samba 3.2.7 server, configured with Openfiler.
This line is the same on both servers
Got user=[printers] domain=[] workstation=[RNPE96472] len1=24 len2=24
This is what comes next on the working, 3.2.7 server:
check_ntlm_password: Checking password for unmapped user
[WCNB]\[printers]@[RNPE96472] with the new password interface
This is what comes next from the failing server:
check_ntlm_password: Checking password for unmapped user
[]\[printers]@[RNPE96472] with the new password interface
I have turned on winbind use default domain = yes, as the working server
has.
I have tried various username permutations - WCNB\printers,
printers at WCNB. Those names remain whole in the logs, rather than being
split.
The printers account appears in getent passwd. The MFPs are Ricoh/Aficio
MP 5000.
Portion of log level 3 for the device on failing server:
2010/08/19 14:47:03, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2010/08/19 14:47:03, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
Got user=[printers] domain=[] workstation=[RNPE96472] len1=24 len2=24
[2010/08/19 14:47:03, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[]\[printers]@[RNPE96472] with the new password interface
[2010/08/19 14:47:03, 3] auth/auth.c:225(check_ntlm_password)
check_ntlm_password: mapped user is:
[DATASVR2]\[printers]@[RNPE96472]
[2010/08/19 14:47:03, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/08/19 14:47:03, 3] smbd/uid.c:428(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/08/19 14:47:03, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/08/19 14:47:03, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/08/19 14:47:03, 3] auth/auth_sam.c:282(check_sam_security)
check_sam_security: Couldn't find user 'printers' in passdb.
[2010/08/19 14:47:03, 3] auth/auth_winbind.c:54(check_winbind_security)
check_winbind_security: Not using winbind, requested domain [DATASVR2]
was for this SAM.
[2010/08/19 14:47:03, 2] auth/auth.c:320(check_ntlm_password)
check_ntlm_password: Authentication for user [printers] -> [printers]
FAILED with error NT_STATUS_NO_SUCH_USER
Globals from smb.conf on failing server:
# Samba config file created using SWAT
# from UNKNOWN (192.168.0.23)
# Date: 2010/08/19 14:37:44
[global]
workgroup = WCNB
realm = WCNB.LOCAL
server string = Data Server
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
password server = dc.wcnb.local, *
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
server signing = auto
load printers = No
local master = No
domain master = No
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 1000000-2000000
idmap gid = 1000000-2000000
template homedir = /mnt/users/homes/%U
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind refresh tickets = Yes
This e-mail and attachment(s) may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that any
dissemination, distribution, or copy of this message is strictly prohibited. If
received in error, please notify the sender immediately and delete/destroy the
message and any copies thereof.
