2015-11-04 17:11 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 04/11/15 06:24, Roger Wu wrote: > >> Hi, Rowland, >> >> Thanks for your advise. I've been updated the version to 4.2.5, the rpm >> query is as below, >> but it still didn't work. >> >> [root at testcad16 samba]# rpm -qa | grep samba >> sernet-samba-4.2.5-19.el6.x86_64 >> sernet-samba-libs-4.2.5-19.el6.x86_64 >> sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64 >> sernet-samba-client-4.2.5-19.el6.x86_64 >> sernet-samba-common-4.2.5-19.el6.x86_64 >> >> [root at testcad16 samba]# netstat -tulnp| grep mbd >> tcp 0 0 0.0.0.0:445 <http://0.0.0.0:445> 0.0.0.0:* >> LISTEN 27139/smbd >> tcp 0 0 0.0.0.0:139 <http://0.0.0.0:139> 0.0.0.0:* >> LISTEN 27139/smbd >> tcp 0 0 :::445 :::* >> LISTEN 27139/smbd >> tcp 0 0 :::139 :::* >> LISTEN 27139/smbd >> udp 0 0 172.26.87.255:137 <http://172.26.87.255:137> >> 0.0.0.0:* 27094/nmbd >> udp 0 0 172.26.85.211:137 <http://172.26.85.211:137> >> 0.0.0.0:* 27094/nmbd >> udp 0 0 0.0.0.0:137 <http://0.0.0.0:137> 0.0.0.0:* >> 27094/nmbd >> udp 0 0 172.26.87.255:138 <http://172.26.87.255:138> >> 0.0.0.0:* 27094/nmbd >> udp 0 0 172.26.85.211:138 <http://172.26.85.211:138> >> 0.0.0.0:* 27094/nmbd >> udp 0 0 0.0.0.0:138 <http://0.0.0.0:138> 0.0.0.0:* >> 27094/nmbd >> >> >> [root at testcad16 samba]# smbclient -d 3 -L //testcad16 >> lp_load_ex: refreshing parameters >> Initialising global parameters >> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >> Processing section "[global]" >> added interface eth0 ip=172.26.85.211 bcast=172.26.87.255 >> netmask=255.255.248.0 >> Client started (version 4.2.5-SerNet-RedHat-19.el6). >> Enter root's password: >> Connecting to 172.26.85.211 at port 445 >> session setup failed: NT_STATUS_LOGON_FAILURE >> My smb.conf setting is as followed, >> >> # Global parameters >> [global] >> workgroup = TESTSMB >> server string = Samba Server Version %v >> netbios name = testcad16 >> security = USER >> passdb backend = tdbsam >> encrypt passwords = No >> client NTLMv2 auth = No >> client lanman auth = Yes >> client plaintext auth = Yes >> dns proxy = No >> idmap config * : backend = tdb >> hosts allow = 127. 172.26. >> cups options = raw >> >> >> [homes] >> comment = Home Directories >> read only = No >> browseable = No >> >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> printable = Yes >> print ok = Yes >> browseable = No >> >> >> >> > OK, you seem to be trying to set up a standalone server, you do realise > that you will need to create your users on this as well as on the windows > machines. >yes, but I hope samba can use NIS authentication instead of using it's own database. Do I need to use smbpasswd to create user accounts again? It's against what I need...> > You might as well remove these lines, they are the defaults: > > security = USER > passdb backend = tdbsam >Don't I need to set the security level?> > You might as well remove this line, it isn't needed on a standalone server: > > idmap config * : backend = tdb >I didn't set these parameters. They are reported by testparm command. Where can I remove that?> > and you don't need to run the winbindd deamon. > > You really should remove these lines, you are trying to make windows do > something with passwords it really doesn't want to do: > > encrypt passwords = No > client NTLMv2 auth = No > client lanman auth = Yes > client plaintext auth = Yes > > Rowland >I searched some articles on the internet said I need to set above lines for the samba server and plaintextpasswords = 1 for windows due to different encrypted methods between windows and workstation. I added those lines and It seems worked for samba old version (3.6.23) . How come it wind up irrelevant for 4.2.5 version? Don't I need to set anything for this issue? I've been removed most of these lines you suggested, which means I nearly set nothing. but it still didn't work and I got the same message. [root at testcad16 samba]# smbclient -L //testcad16 Enter root's password: session setup failed: NT_STATUS_LOGON_FAILURE Here is my smb.conf setting. [root at testcad16 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] workgroup = SMBTEST server string = Samba Server Version %v idmap config * : backend = tdb hosts allow = 127. 172.26. cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No Regards, Roger>> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 04/11/15 10:28, Roger Wu wrote:> > > > OK, you seem to be trying to set up a standalone server, you do > realise that you will need to create your users on this as well as > on the windows machines. > > > yes, but I hope samba can use NIS authentication instead of using it's > own database. > Do I need to use smbpasswd to create user accounts again? It's against > what I need...Well, as I don't know what you what, I can only advise on what I see, and I see you trying to setup a standalone server.> > You might as well remove these lines, they are the defaults: > > security = USER > passdb backend = tdbsam > > > Don't I need to set the security level?You don't need them because they are the *default* settings.> > You might as well remove this line, it isn't needed on a > standalone server: > > idmap config * : backend = tdb > > I didn't set these parameters. They are reported by testparm command.Don't post a smb.conf from testparm without saying so, this is probably why you are getting the other two lines above, testparm shows *all* lines in smb.conf, the ones you added *and* the default ones.> Where can I remove that? > > > and you don't need to run the winbindd deamon. > > You really should remove these lines, you are trying to make > windows do something with passwords it really doesn't want to do: > > encrypt passwords = No > client NTLMv2 auth = No > client lanman auth = Yes > client plaintext auth = Yes > > Rowland > > I searched some articles on the internet said I need to set above > lines for the samba server and > plaintextpasswords = 1 for windows due to different encrypted methods > between windows and workstation. > I added those lines and It seems worked for samba old version (3.6.23) > . How come it wind up irrelevant for 4.2.5 version? > Don't I need to set anything for this issue? > I've been removed most of these lines you suggested, which means I > nearly set nothing. > but it still didn't work and I got the same message. > > [root at testcad16 samba]# smbclient -L //testcad16 > Enter root's password: > session setup failed: NT_STATUS_LOGON_FAILURE > > > Here is my smb.conf setting. > > [root at testcad16 samba]# testparm > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[homes]" > Processing section "[printers]" > Loaded services file OK. > Server role: ROLE_STANDALONE > > Press enter to see a dump of your service definitions > > # Global parameters > [global] > workgroup = SMBTEST > server string = Samba Server Version %v > idmap config * : backend = tdb > hosts allow = 127. 172.26. > cups options = raw > > > [homes] > comment = Home Directories > read only = No > browseable = No > > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > print ok = Yes > browseable = No > > > Regards, > Roger >I think you are going to have to tell us just what you are trying to achieve. Also if your windows machines are part of a domain. Rowland
mathias dufresne
2015-Nov-04 10:44 UTC
[Samba] session setup failed: NT_STATUS_LOGON_FAILURE
Once again: Samba always comes with its own users database. You have Samba so you have Samba users in addition of systems users. You have to use smbpasswd -a username. And telling that, I'm not asking you anything, I'm telling you what you have to do to solve your issue. 2015-11-04 11:28 GMT+01:00 Roger Wu <wu1004 at gmail.com>:> 2015-11-04 17:11 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > > > On 04/11/15 06:24, Roger Wu wrote: > > > >> Hi, Rowland, > >> > >> Thanks for your advise. I've been updated the version to 4.2.5, the rpm > >> query is as below, > >> but it still didn't work. > >> > >> [root at testcad16 samba]# rpm -qa | grep samba > >> sernet-samba-4.2.5-19.el6.x86_64 > >> sernet-samba-libs-4.2.5-19.el6.x86_64 > >> sernet-samba-libsmbclient0-4.2.5-19.el6.x86_64 > >> sernet-samba-client-4.2.5-19.el6.x86_64 > >> sernet-samba-common-4.2.5-19.el6.x86_64 > >> > >> [root at testcad16 samba]# netstat -tulnp| grep mbd > >> tcp 0 0 0.0.0.0:445 <http://0.0.0.0:445> 0.0.0.0:* > >> LISTEN 27139/smbd > >> tcp 0 0 0.0.0.0:139 <http://0.0.0.0:139> 0.0.0.0:* > >> LISTEN 27139/smbd > >> tcp 0 0 :::445 :::* > >> LISTEN 27139/smbd > >> tcp 0 0 :::139 :::* > >> LISTEN 27139/smbd > >> udp 0 0 172.26.87.255:137 <http://172.26.87.255:137> > >> 0.0.0.0:* 27094/nmbd > >> udp 0 0 172.26.85.211:137 <http://172.26.85.211:137> > >> 0.0.0.0:* 27094/nmbd > >> udp 0 0 0.0.0.0:137 <http://0.0.0.0:137> 0.0.0.0:* > >> 27094/nmbd > >> udp 0 0 172.26.87.255:138 <http://172.26.87.255:138> > >> 0.0.0.0:* 27094/nmbd > >> udp 0 0 172.26.85.211:138 <http://172.26.85.211:138> > >> 0.0.0.0:* 27094/nmbd > >> udp 0 0 0.0.0.0:138 <http://0.0.0.0:138> 0.0.0.0:* > >> 27094/nmbd > >> > >> > >> [root at testcad16 samba]# smbclient -d 3 -L //testcad16 > >> lp_load_ex: refreshing parameters > >> Initialising global parameters > >> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) > >> Processing section "[global]" > >> added interface eth0 ip=172.26.85.211 bcast=172.26.87.255 > >> netmask=255.255.248.0 > >> Client started (version 4.2.5-SerNet-RedHat-19.el6). > >> Enter root's password: > >> Connecting to 172.26.85.211 at port 445 > >> session setup failed: NT_STATUS_LOGON_FAILURE > >> My smb.conf setting is as followed, > >> > >> # Global parameters > >> [global] > >> workgroup = TESTSMB > >> server string = Samba Server Version %v > >> netbios name = testcad16 > >> security = USER > >> passdb backend = tdbsam > >> encrypt passwords = No > >> client NTLMv2 auth = No > >> client lanman auth = Yes > >> client plaintext auth = Yes > >> dns proxy = No > >> idmap config * : backend = tdb > >> hosts allow = 127. 172.26. > >> cups options = raw > >> > >> > >> [homes] > >> comment = Home Directories > >> read only = No > >> browseable = No > >> > >> > >> [printers] > >> comment = All Printers > >> path = /var/spool/samba > >> printable = Yes > >> print ok = Yes > >> browseable = No > >> > >> > >> > >> > > OK, you seem to be trying to set up a standalone server, you do realise > > that you will need to create your users on this as well as on the windows > > machines. > > > > yes, but I hope samba can use NIS authentication instead of using it's own > database. > Do I need to use smbpasswd to create user accounts again? It's against what > I need... > > > > > > You might as well remove these lines, they are the defaults: > > > > security = USER > > passdb backend = tdbsam > > > > Don't I need to set the security level? > > > > > You might as well remove this line, it isn't needed on a standalone > server: > > > > idmap config * : backend = tdb > > > > I didn't set these parameters. They are reported by testparm command. > Where can I remove that? > > > > > and you don't need to run the winbindd deamon. > > > > You really should remove these lines, you are trying to make windows do > > something with passwords it really doesn't want to do: > > > > encrypt passwords = No > > client NTLMv2 auth = No > > client lanman auth = Yes > > client plaintext auth = Yes > > > > Rowland > > > > I searched some articles on the internet said I need to set above lines for > the samba server and > plaintextpasswords = 1 for windows due to different encrypted methods > between windows and workstation. > I added those lines and It seems worked for samba old version (3.6.23) . > How come it wind up irrelevant for 4.2.5 version? > Don't I need to set anything for this issue? > > I've been removed most of these lines you suggested, which means I nearly > set nothing. > but it still didn't work and I got the same message. > > [root at testcad16 samba]# smbclient -L //testcad16 > Enter root's password: > session setup failed: NT_STATUS_LOGON_FAILURE > > > Here is my smb.conf setting. > > [root at testcad16 samba]# testparm > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[homes]" > Processing section "[printers]" > Loaded services file OK. > Server role: ROLE_STANDALONE > > Press enter to see a dump of your service definitions > > # Global parameters > [global] > workgroup = SMBTEST > server string = Samba Server Version %v > idmap config * : backend = tdb > hosts allow = 127. 172.26. > cups options = raw > > > [homes] > comment = Home Directories > read only = No > browseable = No > > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > print ok = Yes > browseable = No > > > Regards, > Roger > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
mathias dufresne
2015-Nov-04 10:46 UTC
[Samba] session setup failed: NT_STATUS_LOGON_FAILURE
NIS users are system users. The fact they come from NIS, AD, /etc/passwd or the moon don't change anything. They are system users. He needs Samba users now... 2015-11-04 11:41 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 04/11/15 10:28, Roger Wu wrote: > >> >> >> >> OK, you seem to be trying to set up a standalone server, you do >> realise that you will need to create your users on this as well as >> on the windows machines. >> >> >> yes, but I hope samba can use NIS authentication instead of using it's >> own database. >> Do I need to use smbpasswd to create user accounts again? It's against >> what I need... >> > > Well, as I don't know what you what, I can only advise on what I see, and > I see you trying to setup a standalone server. > > >> You might as well remove these lines, they are the defaults: >> >> security = USER >> passdb backend = tdbsam >> >> >> Don't I need to set the security level? >> > > You don't need them because they are the *default* settings. > > >> You might as well remove this line, it isn't needed on a >> standalone server: >> >> idmap config * : backend = tdb >> >> I didn't set these parameters. They are reported by testparm command. >> > > Don't post a smb.conf from testparm without saying so, this is probably > why you are getting the other two lines above, testparm shows *all* lines > in smb.conf, the ones you added *and* the default ones. > > > Where can I remove that? >> >> >> and you don't need to run the winbindd deamon. >> >> You really should remove these lines, you are trying to make >> windows do something with passwords it really doesn't want to do: >> >> encrypt passwords = No >> client NTLMv2 auth = No >> client lanman auth = Yes >> client plaintext auth = Yes >> >> Rowland >> >> I searched some articles on the internet said I need to set above lines >> for the samba server and >> plaintextpasswords = 1 for windows due to different encrypted methods >> between windows and workstation. >> I added those lines and It seems worked for samba old version (3.6.23) . >> How come it wind up irrelevant for 4.2.5 version? >> Don't I need to set anything for this issue? >> I've been removed most of these lines you suggested, which means I nearly >> set nothing. >> but it still didn't work and I got the same message. >> >> [root at testcad16 samba]# smbclient -L //testcad16 >> Enter root's password: >> session setup failed: NT_STATUS_LOGON_FAILURE >> >> >> Here is my smb.conf setting. >> >> [root at testcad16 samba]# testparm >> Load smb config files from /etc/samba/smb.conf >> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >> Processing section "[homes]" >> Processing section "[printers]" >> Loaded services file OK. >> Server role: ROLE_STANDALONE >> >> Press enter to see a dump of your service definitions >> >> # Global parameters >> [global] >> workgroup = SMBTEST >> server string = Samba Server Version %v >> idmap config * : backend = tdb >> hosts allow = 127. 172.26. >> cups options = raw >> >> >> [homes] >> comment = Home Directories >> read only = No >> browseable = No >> >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> printable = Yes >> print ok = Yes >> browseable = No >> >> >> Regards, >> Roger >> >> > I think you are going to have to tell us just what you are trying to > achieve. Also if your windows machines are part of a domain. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 04/11/15 10:44, mathias dufresne wrote:> Once again: Samba always comes with its own users database.Not always, if you are running Samba as a domain member, then the main user database is stored on a DC, although they will be cached locally. If however as the OP seems to be doing, you are running samba as a Standalone server, you need to have a local database that is totally separate from any other user database, this is known as running as a WORKGROUP and it gets terribly messy after about 10 users. The OP needs to explain just what his requirements are.>> > You have Samba so you have Samba users in addition of systems users. > You have to use smbpasswd -a username. And telling that, I'm not > asking you anything, I'm telling you what you have to do to solve > your issue. > > Yes, in a workgroup, you have to have system users and Samba users. Rowland
2015-11-04 18:41 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 04/11/15 10:28, Roger Wu wrote: > >> >> >> >> OK, you seem to be trying to set up a standalone server, you do >> realise that you will need to create your users on this as well as >> on the windows machines. >> >> >> yes, but I hope samba can use NIS authentication instead of using it's >> own database. >> Do I need to use smbpasswd to create user accounts again? It's against >> what I need... >> > > Well, as I don't know what you what, I can only advise on what I see, and > I see you trying to setup a standalone server. > > >> You might as well remove these lines, they are the defaults: >> >> security = USER >> passdb backend = tdbsam >> >> >> Don't I need to set the security level? >> > > You don't need them because they are the *default* settings. > > >> You might as well remove this line, it isn't needed on a >> standalone server: >> >> idmap config * : backend = tdb >> >> I didn't set these parameters. They are reported by testparm command. >> > > Don't post a smb.conf from testparm without saying so, this is probably > why you are getting the other two lines above, testparm shows *all* lines > in smb.conf, the ones you added *and* the default ones. > >> >> > I think you are going to have to tell us just what you are trying to > achieve. Also if your windows machines are part of a domain. > > Rowland > > Please pardon me for poor English. I tried to describe what I want asclear as I can. My goal is to make our users can access their own workstation account and personal files from windows XP/7. So, it seems to me that if I can setup a samba server and let users login from windows using NIS authentication, that would be perfect, then I don't need to create smb accounts again. The only thing a user needs to do is to explore the link such as \\testcad16\<user_account>, then one can access his own workstation account and files. In such case, how should I do to achieve my goal? I've been tried many samba versions, and each version seems to have mild difference while setting smb.conf. some parameters work and some don't for one version, but maybe stands in opposite for another. I am kind of confused which parameters are what I need. Here is my smb.conf (not from testparm), I removed comments and disabled lines. I did remove those lines you suggested, [global] workgroup = SMBTEST server string = Samba Server Version %v netbios name = testcad16 hosts allow = 127. 172.26. dns proxy = no load printers = yes cups options = raw [homes] comment = Home Directories browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes and I tried some test as below [root at testcad16 samba]# /etc/init.d/sernet-samba-smbd start Starting SAMBA smbd : [ OK ] [root at testcad16 samba]# /etc/init.d/sernet-samba-nmbd start Starting SAMBA nmbd : [ OK ] [root at testcad16 samba]# service sernet-samba-smbd status Checking for SAMBA smbd : [ OK ] [root at testcad16 samba]# service sernet-samba-nmbd status Checking for SAMBA nmbd : [ OK ] [root at testcad16 samba]# smbclient -L //testcad16 Enter root's password: session setup failed: NT_STATUS_LOGON_FAILURE [root at testcad16 samba]# smbclient -d3 -L //testcad16 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface eth0 ip=172.26.85.211 bcast=172.26.87.255 netmask=255.255.248.0 Client started (version 4.2.5-SerNet-RedHat-19.el6). Enter root's password: Connecting to 172.26.85.211 at port 445 Doing spnego session setup (blob length=74) got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x608a8215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE Regards, Roger> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >