On Wed, 2013-05-29 at 22:28 +0200, steve wrote:> 4.0.6 with 3.6.12 file server
> Hi
> Ordinary users can connect fine:
>
> smbclient //oliva/users -Usteve2
> Enter steve2's password:
> Domain=[HH3] OS=[Unix] Server=[Samba 3.6.9]
> smb: \>
>
> log:
> schannel_fetch_session_key_tdb: restored schannel info key
> SECRETS/SCHANNEL/OLIVA
> schannel_store_session_key_tdb: stored schannel info with key
> SECRETS/SCHANNEL/OLIVA
> auth_check_password_send: Checking password for unmapped user
> [HH3]\[steve2]@[\\HH16]
> auth_check_password_send: mapped user is: [HH3]\[steve2]@[\\HH16]
>
> getent passwd steve2
> steve2:*:3000023:20513:steve2:/home/users/steve2:/bin/bash
> --------------------------
>
> But Administrator (with rfc2307 attributes) can't:
> smbclient //oliva/users -UAdministrator
> Enter Administrator's password:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> log:
> schannel_fetch_session_key_tdb: restored schannel info key
> SECRETS/SCHANNEL/OLIVA
> schannel_store_session_key_tdb: stored schannel info with key
> SECRETS/SCHANNEL/OLIVA
> auth_check_password_send: Checking password for unmapped user
> [HH3]\[Administrator]@[\\HH16]
> auth_check_password_send: mapped user is: [HH3]\[Administrator]@[\\HH16]
> -------------------------------------
> getent passwd Administrator
> Administrator:*:3000099:20513:Administrator:/:
>
> getent group Domain\ Users
> Domain Users:*:20513:
> -------------------------------------
> smb.conf on the Samba3 file server:
> [global]
> workgroup = HH3
> realm = HH3.SITE
> kerberos method = system keytab
> security = ADS
> #username map = /home/steve/smbusers
>
> [users]
> path = /home/users
> read only = No
>
> [profiles]
> path = /home/profiles
> read only = No
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
> browseable = No
> guest ok = No
> printable = No
> profile acls = Yes
> csc policy = disable
>
> [shared]
> path = /home/shared
> read only = No
> -------------------------------------------
>
> Question: Why can ordinary users connect, but not the domain admin?
> Thanks, Steve
>
Hi again
The fileserver is looking for: HH3\Administrator (i.e. with the
workgroup attached)???
> [2013/05/29 23:58:24.560712, 3]
libsmb/cliconnect.c:3170(cli_start_connection)
Connecting to host=HH16.HH3.SITE
[2013/05/29 23:58:24.561068, 3]
lib/util_sock.c:766(open_socket_out_send)
Connecting to 192.168.1.16 at port 445
[2013/05/29 23:58:25.699013, 3] auth/auth_util.c:1121(check_account)
Failed to find authenticated user HH3\administrator via getpwnam(),
denying access.
[2013/05/29 23:58:25.703519, 2] auth/auth.c:319(check_ntlm_password)
check_ntlm_password: Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/05/29 23:58:25.703924, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2013/05/29 23:58:25.708454, 3]
smbd/server_exit.c:181(exit_server_common)
Server exit (failed to receive smb request)
>
>