Details:
Ubuntu 12.10
Samba version - Version 3.5.11-cdc-4.5.3-573
CentrifyDC version - CentrifyDC 5.0.2-396
Hi all,
I am using Centrify Express to connect to my work domain, and I am using
their version of Samba, hence the version listed above. I already posted
this query to them, and they directed me to here, stating that this may be
a Samba issue: Centrify forum
query<http://community.centrify.com/t5/Centrify-enabled-Samba/Special-characters-in-password-Cannot-log-in-Samba-share/td-p/6966>
When I try to connect to my share in Windows (XP/7/8) via Windows Explorer,
I get the user/password prompt. My password has a special character in it
(!), and it is not accepted; the prompt never goes away. For users that do
not have special characters in their passwords, the connection is instant.
I noticed that almost always, if I reboot my Windows machine and try to
connect to the share again, it is successful, and I never get the
user/password prompt. So it's as if the server finally accepts the password.
Below is my smb.conf, with company info removed:
#
# This file was generated by Centrify ADBindProxy Utility
#
[global]
security = ADS
realm = ***.**.**.***
workgroup = ****
netbios name = shockwave
auth methods = guest, sam, winbind, ntdomain
machine password timeout = 0
passdb backend = tdbsam:/etc/samba/private/passdb.tdb
log level = 2
#
# Samba versions 3.4.0 and newer have replaced "use kerberos
keytab"
# with "kerberos method". The directive "kerberos method =
system
keytab"
# enables Samba to honor service tickets that are still valid but were
# created before the Samba server's password was changed.
#
kerberos method = system keytab
#
# Setting "client use spnego principal" to true instructs SMB
client to
# trust the service principal name returned by the SMB server.
Otherwise,
# client cannot be authenticated via Kerberos by the server in a
different
# domain even though the two domains are mutually trusted.
#
client use spnego principal = true
#
# Setting send spnego principal to yes .
# Otherwise, it will not send this principal between Samba and Windows
2008
#
send spnego principal = Yes
# If your Samba server only serves to Windows systems, try server
signing = mandato$
server signing = auto
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
ignore syssetgroups error = No
idmap uid = 1000 - 200000000
idmap gid = 1000 - 200000000
enable core files = false
# Disable Logging to syslog, and only write log to Samba standard log
files.
syslog = 0
[samba-test]
path = /samba-test
public = yes
# if set public = No, we should set parameter valid users .
# and when the user or group is in AD , the setting syntaxes is:
# valid users = ****\username +****\group
writable = yes
[homes]
comment = Home directories
read only = No
browseable = No
root preexec = /home/driller/Scripts/mkhomedir.sh %U
[files]
comment = drilled files
path = /mnt/shares/files
# valid users = ****\hkashouli
create mask = 777
force create mode = 777
directory mask = 777
force directory mode = 777
writable = yes
I'm guessing it's a charset encoding issue somewhere? I will try to add
the
following options in smb.conf, but if anyone knows why passwords with
special characters are not accepted, it would be a great help:
display charset = UTF8> unix charset = UTF8
If you need more logs, please let me know.
Many thanks,
-Harry
