Just to follow up, here is the excerpt from the log.smbd when running 3.6.10 and
connecting to the share:
[2013/02/01 13:38:58.729913, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[10.33.72.67]\[root]@[10.33.75.164] with the new password interface
[2013/02/01 13:38:58.729995, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [SYSTST]\[root]@[10.33.75.164]
[2013/02/01 13:38:58.744799, 3] passdb/lookup_sid.c:1754(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for root
[2013/02/01 13:38:58.746405, 3] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: unix authentication for user [root] succeeded
[2013/02/01 13:38:58.746507, 2] auth/auth.c:309(check_ntlm_password)
check_ntlm_password: authentication for user [root] -> [root] -> [root]
succeeded
I notice there's nothing in there about SPNEGO. I also tried setting all
the SPNEGO options to off under Samba 4.0.2, but that didn't work either,
and the SPNEGO messages still appear in the log...
Is there a straightforward way to get Samba 4 to use the unencrypted passwords
and the local UNIX password, or is it hopeless?
Thanks!
-Ben
________________________________________
From: samba-bounces at lists.samba.org [samba-bounces at lists.samba.org] on
behalf of Benjamin Huntsman [BHuntsman at mail2.cu-portland.edu]
Sent: Friday, February 01, 2013 9:47 AM
To: samba at lists.samba.org
Subject: [Samba] Samba 4 vs Samba 3
So, I have "working" builds of Samba 3.6.10, and 4.0.2 using the
traditional build system on AIX, both built with XLC.
For historical reasons, we're needing to use 'encrypt passwords =
no', so that Samba uses the OS password.
The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't
allow connections. Here's the Samba config I'm using on both:
Samba 3:
[global]
encrypt passwords = No
log level = 3
os level = 8
local master = No
domain master = No
idmap config * : range idmap config * : backend = tdb
[testshare]
path = /testshare
read only = no
Samba 4:
[global]
encrypt passwords = No
log level = 3
client max protocol = SMB2
client min protocol = SMB2
os level = 8
local master = No
domain master = No
idmap config * : range idmap config * : backend = tdb
[testshare]
path = /testshare
read only = no
On both a test Windows XP and Windows 7 machine, I have the unencrypted
passwords policy enabled. When running Samba 3.6.10 using the config above, I
can map the share just fine. However, under 4.0.x (I've tried 4.0.0, 4.0.1,
and 4.0.2), when mapping the share on Windows, the password prompt comes back
immediately, and I get the following in the log:
[2013/02/01 09:34:56.256107, 3] auth/auth.c:177(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[10.33.72.67]\[root]@[SAMBATEST] with the new password interface
[2013/02/01 09:34:56.256176, 3] auth/auth.c:180(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [SYSTST]\[root]@[SAMBATEST]
[2013/02/01 09:34:56.256843, 2] auth/auth.c:288(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [root] -> [root] FAILED with
error NT_STATUS_LOGON_FAILURE
[2013/02/01 09:34:56.256951, 2]
../auth/gensec/spnego.c:745(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_LOGON_FAILURE
[2013/02/01 09:34:56.259280, 2]
smbd/smb2_server.c:3123(smbd_smb2_request_incoming)
smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET
I am absolutely 100% certain that I'm typing the password correctly. :)
Perhaps my build of Samba 4 is broken after all? Anyone know why I'd see
different behavior between 3.6.10 and 4.0.2, even though the config files are
basically identical (though both were generated by swat)?
I really want to move to Samba 4 if I can...
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba