Hi, is time to get help. I have a DOMAIN with samba3.6.23-9.el5_11 Centos 5.11 x64 Windows XP/Win7/Win8.1 domain no issues.(x32/x64) I have even 2 Linux Centos 5.x in my domain x64 Now, I have add 1 Centos 6.x x64 updated. Samba 3.6.23-35.el6_8 I had setup LDAP client on this server to get users/groups and add to my domain with net rpc join, no issue. I can see the server on my domain no issue, the problem start went I setup my shares folders and some users. Public folders no problem, the problem are went I use usernames where have 'Uppercase' the firs letter. For some strange reason cannot talk very well with my ldap server. Case 1: upper and lower case. SERVER GOOD: [root at servera ~]# id Test uid=1062(test) gid=513(Domain Users) groups=513(Domain Users) [root at aervera ~]# id test uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw) [root at servera ~]# Test or test return info. Now let test the SERVER-BAD [root at mbx-server2 opt]# id test uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw) [root at mbx-server2 opt]# id Test id: Test: No such user [root at mbx-server2 opt]# test is diff than Test. Now, what happen on my domain? I have some users that appear like this on windows: Notadmin. I setup my share: [nasa] path = /opt/it writeable = Yes public = No guest ok = No valid users = test, Notadmin, dflores create mode = 0770 directory mode = 0770 force group = itmbx force create mode = 0770 force directory mode = 0770 admin users = root Notadmin The user Notadmin cannot access this share. I had check settings but I use the same us the other servers, some new flags but nothing that took my attention: [global] workgroup = MYDOMAIN netbios name = mbx-server2 hosts allow = 192.168.2., 192.168.1., 127., 192.168.20., 192.168.30., 192.168.40., 192.168.50. hosts deny = 0.0.0.0 smb ports = 139 445 lanman auth = Yes client lanman auth = Yes security = DOMAIN encrypt passwords = yes syslog = 1 log level = 1 log file = /var/log/samba/%m.%U.log max log size = 2048 socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 name resolve order = wins bcast hosts lmhost username map = /etc/samba/usermap domain logons = No domain master = No local master = No preferred master = No wins server = 192.168.2.24 idmap config * : backend = ldap idmap config * : range = 10000-20000 logon path logon home display charset = LOCALE unix charset = UTF-8 dos charset = CP850 client ipc signing = auto map to guest = Bad User load printers = No show add printer wizard = No use sendfile = Yes map readonly = no case sensitive = No dns proxy = No winbind separator = + What SAMBA-BAD say on logs: [2016/05/31 09:24:48.856147, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) Got user=[Notadmin] domain=[MYDOMAIN] workstation=[MBX-WIN8R1PM] len1=24 len2=288 [2016/05/31 09:24:48.856641, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [MYDOMAIN\[Notadmin]@[MBX-WIN8R1PM] with the new password interface [2016/05/31 09:24:48.856751, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [MYDOMAIN]\[Notadmin]@[MBX-WIN8R1PM] [2016/05/31 09:24:48.864733, 3] auth/auth_util.c:1087(check_account) Failed to find authenticated user MYDOMAIN\Notadmin via getpwnam(), denying access. [2016/05/31 09:24:48.864888, 2] auth/auth.c:330(check_ntlm_password) check_ntlm_password: Authentication for user [Notadmin] -> [Notadmin] FAILED with error NT_STATUS_NO_SUCH_USER [2016/05/31 09:24:48.864935, 3] smbd/sesssetup.c:63(do_map_to_guest) Any recomendation about I will appreciated, thanks!!! -- LIving the dream...
mathias dufresne
2016-Jun-06 12:31 UTC
[Samba] Cannot share folders access denid PDC+LDAP.
Hi Alberto, No idea about your issue as I'm playing with Samba to build AD only, I can only tell you that I did tested on my Samba AD DC and I can use upper, lower or mixed case in user names: dc108:/opt/initial_setup# id mtest uid=3000017(AD\mtest) gid=3000018(AD\not_system_users) groupes=3000018(AD\not_system_users),3000017(AD\mtest) dc108:/opt/initial_setup# id mTest uid=3000017(AD\mtest) gid=3000018(AD\not_system_users) groupes=3000018(AD\not_system_users),3000017(AD\mtest) dc108:/opt/initial_setup# id MTEST uid=3000017(AD\mtest) gid=3000018(AD\not_system_users) groupes=3000018(AD\not_system_users),3000017(AD\mtest) dc108:/opt/initial_setup# I'm using recent version of Samba, the latest in fact. Perhaps you could try with more recent version of the product to see if you still get this error. There is also that option in smb.conf manpage: username level (G) This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the username with the first letter capitalized, and fails if the username is not found on the UNIX machine. If this parameter is set to non-zero the behavior changes. This parameter is a number that specifies the number of uppercase combinations to try while trying to determine the UNIX user name. The higher the number the more combinations will be tried, but the slower the discovery of usernames will be. Use this parameter when you have strange usernames on your UNIX machine, such as AstrangeUser . This parameter is needed only on UNIX systems that have case sensitive usernames. Default: username level = 0 Example: username level = 5 Some others tests I did after reading "This parameter is needed only on UNIX systems that have case sensitive usernames." dc108:/opt/initial_setup# id ROOT id: ROOT : utilisateur inexistant dc108:/opt/initial_setup# id rOOt id: rOOt : utilisateur inexistant dc108:/opt/initial_setup# id root uid=0(root) gid=0(root) groupes=0(root) dc108:/opt/initial_setup# So my UNIX system is case sensitive regarding user names but not when it comes to AD users. Using testparm -v and grep: testparm -v | grep "username level" Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions username level = 0 dc108:/opt/initial_setup# So "username level" is the default: 0 on the system which case sensitive for non-AD usernames and non-case-sensitive ofr AD users. Hoping this helps... mathias 2016-06-03 2:30 GMT+02:00 Alberto Moreno <portsbsd at gmail.com>:> Hi, is time to get help. > > I have a DOMAIN with samba3.6.23-9.el5_11 Centos 5.11 x64 > Windows XP/Win7/Win8.1 domain no issues.(x32/x64) > I have even 2 Linux Centos 5.x in my domain x64 > > Now, I have add 1 Centos 6.x x64 updated. > > Samba 3.6.23-35.el6_8 > > I had setup LDAP client on this server to get users/groups and add to my > domain with net rpc join, no issue. > > I can see the server on my domain no issue, the problem start went I setup > my shares folders and some users. > > Public folders no problem, the problem are went I use usernames where have > 'Uppercase' the firs letter. > > For some strange reason cannot talk very well with my ldap server. > > Case 1: upper and lower case. > > SERVER GOOD: > > [root at servera ~]# id Test > uid=1062(test) gid=513(Domain Users) groups=513(Domain Users) > [root at aervera ~]# id test > uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw) > [root at servera ~]# > > Test or test return info. > > Now let test the SERVER-BAD > [root at mbx-server2 opt]# id test > uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw) > [root at mbx-server2 opt]# id Test > id: Test: No such user > [root at mbx-server2 opt]# > > test is diff than Test. > > Now, what happen on my domain? > > I have some users that appear like this on windows: > > Notadmin. > > I setup my share: > > [nasa] > path = /opt/it > writeable = Yes > public = No > guest ok = No > valid users = test, Notadmin, dflores > create mode = 0770 > directory mode = 0770 > force group = itmbx > force create mode = 0770 > force directory mode = 0770 > admin users = root Notadmin > > The user Notadmin cannot access this share. > > I had check settings but I use the same us the other servers, some new > flags but nothing that took my attention: > > [global] > workgroup = MYDOMAIN > netbios name = mbx-server2 > hosts allow = 192.168.2., 192.168.1., 127., 192.168.20., > 192.168.30., 192.168.40., 192.168.50. > hosts deny = 0.0.0.0 > smb ports = 139 445 > lanman auth = Yes > client lanman auth = Yes > security = DOMAIN > encrypt passwords = yes > syslog = 1 > log level = 1 > log file = /var/log/samba/%m.%U.log > max log size = 2048 > socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 > name resolve order = wins bcast hosts lmhost > username map = /etc/samba/usermap > domain logons = No > domain master = No > local master = No > preferred master = No > wins server = 192.168.2.24 > idmap config * : backend = ldap > idmap config * : range = 10000-20000 > logon path > logon home > display charset = LOCALE > unix charset = UTF-8 > dos charset = CP850 > client ipc signing = auto > map to guest = Bad User > load printers = No > show add printer wizard = No > use sendfile = Yes > map readonly = no > case sensitive = No > dns proxy = No > winbind separator = + > > > What SAMBA-BAD say on logs: > > [2016/05/31 09:24:48.856147, 3] > ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) > Got user=[Notadmin] domain=[MYDOMAIN] workstation=[MBX-WIN8R1PM] len1=24 > len2=288 > [2016/05/31 09:24:48.856641, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user > [MYDOMAIN\[Notadmin]@[MBX-WIN8R1PM] with the new password interface > [2016/05/31 09:24:48.856751, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: > [MYDOMAIN]\[Notadmin]@[MBX-WIN8R1PM] > [2016/05/31 09:24:48.864733, 3] auth/auth_util.c:1087(check_account) > Failed to find authenticated user MYDOMAIN\Notadmin via getpwnam(), > denying access. > [2016/05/31 09:24:48.864888, 2] auth/auth.c:330(check_ntlm_password) > check_ntlm_password: Authentication for user [Notadmin] -> [Notadmin] > FAILED with error NT_STATUS_NO_SUCH_USER > [2016/05/31 09:24:48.864935, 3] smbd/sesssetup.c:63(do_map_to_guest) > > Any recomendation about I will appreciated, thanks!!! > -- > LIving the dream... > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi mathias, thanks for taking time to see this issue. In my case is not a AD, is still a NT4 style. I will try the option, thanks. On Mon, Jun 6, 2016 at 5:31 AM, mathias dufresne <infractory at gmail.com> wrote:> Hi Alberto, > > No idea about your issue as I'm playing with Samba to build AD only, I can > only tell you that I did tested on my Samba AD DC and I can use upper, > lower or mixed case in user names: > > dc108:/opt/initial_setup# id mtest > uid=3000017(AD\mtest) gid=3000018(AD\not_system_users) > groupes=3000018(AD\not_system_users),3000017(AD\mtest) > dc108:/opt/initial_setup# id mTest > uid=3000017(AD\mtest) gid=3000018(AD\not_system_users) > groupes=3000018(AD\not_system_users),3000017(AD\mtest) > dc108:/opt/initial_setup# id MTEST > uid=3000017(AD\mtest) gid=3000018(AD\not_system_users) > groupes=3000018(AD\not_system_users),3000017(AD\mtest) > dc108:/opt/initial_setup# > > I'm using recent version of Samba, the latest in fact. Perhaps you could > try with more recent version of the product to see if you still get this > error. > > There is also that option in smb.conf manpage: > username level (G) > > This option helps Samba to try and 'guess' at the real UNIX > username, as many DOS clients send an all-uppercase username. > By default Samba tries all lowercase, followed by the username > with the first letter capitalized, and fails if the username is not found > on the UNIX machine. > > If this parameter is set to non-zero the behavior changes. This > parameter is a number that specifies the number of uppercase combinations > to try while trying to determine the UNIX user name. The higher the number > the more combinations will be tried, but the slower the discovery of > usernames will be. Use this parameter when you have strange usernames on > your UNIX machine, such as AstrangeUser . > > This parameter is needed only on UNIX systems that have case > sensitive usernames. > > Default: username level = 0 > > Example: username level = 5 > > Some others tests I did after reading "This parameter is needed only on > UNIX systems that have case sensitive usernames." > dc108:/opt/initial_setup# id ROOT > id: ROOT : utilisateur inexistant > dc108:/opt/initial_setup# id rOOt > id: rOOt : utilisateur inexistant > dc108:/opt/initial_setup# id root > uid=0(root) gid=0(root) groupes=0(root) > dc108:/opt/initial_setup# > > So my UNIX system is case sensitive regarding user names but not when it > comes to AD users. > > Using testparm -v and grep: > testparm -v | grep "username level" > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[netlogon]" > Processing section "[sysvol]" > Loaded services file OK. > Server role: ROLE_ACTIVE_DIRECTORY_DC > > Press enter to see a dump of your service definitions > > username level = 0 > dc108:/opt/initial_setup# > > So "username level" is the default: 0 on the system which case sensitive > for non-AD usernames and non-case-sensitive ofr AD users. > > Hoping this helps... > > mathias > > > 2016-06-03 2:30 GMT+02:00 Alberto Moreno <portsbsd at gmail.com>: > >> Hi, is time to get help. >> >> I have a DOMAIN with samba3.6.23-9.el5_11 Centos 5.11 x64 >> Windows XP/Win7/Win8.1 domain no issues.(x32/x64) >> I have even 2 Linux Centos 5.x in my domain x64 >> >> Now, I have add 1 Centos 6.x x64 updated. >> >> Samba 3.6.23-35.el6_8 >> >> I had setup LDAP client on this server to get users/groups and add to my >> domain with net rpc join, no issue. >> >> I can see the server on my domain no issue, the problem start went I setup >> my shares folders and some users. >> >> Public folders no problem, the problem are went I use usernames where >> have >> 'Uppercase' the firs letter. >> >> For some strange reason cannot talk very well with my ldap server. >> >> Case 1: upper and lower case. >> >> SERVER GOOD: >> >> [root at servera ~]# id Test >> uid=1062(test) gid=513(Domain Users) groups=513(Domain Users) >> [root at aervera ~]# id test >> uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw) >> [root at servera ~]# >> >> Test or test return info. >> >> Now let test the SERVER-BAD >> [root at mbx-server2 opt]# id test >> uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw) >> [root at mbx-server2 opt]# id Test >> id: Test: No such user >> [root at mbx-server2 opt]# >> >> test is diff than Test. >> >> Now, what happen on my domain? >> >> I have some users that appear like this on windows: >> >> Notadmin. >> >> I setup my share: >> >> [nasa] >> path = /opt/it >> writeable = Yes >> public = No >> guest ok = No >> valid users = test, Notadmin, dflores >> create mode = 0770 >> directory mode = 0770 >> force group = itmbx >> force create mode = 0770 >> force directory mode = 0770 >> admin users = root Notadmin >> >> The user Notadmin cannot access this share. >> >> I had check settings but I use the same us the other servers, some new >> flags but nothing that took my attention: >> >> [global] >> workgroup = MYDOMAIN >> netbios name = mbx-server2 >> hosts allow = 192.168.2., 192.168.1., 127., 192.168.20., >> 192.168.30., 192.168.40., 192.168.50. >> hosts deny = 0.0.0.0 >> smb ports = 139 445 >> lanman auth = Yes >> client lanman auth = Yes >> security = DOMAIN >> encrypt passwords = yes >> syslog = 1 >> log level = 1 >> log file = /var/log/samba/%m.%U.log >> max log size = 2048 >> socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 >> name resolve order = wins bcast hosts lmhost >> username map = /etc/samba/usermap >> domain logons = No >> domain master = No >> local master = No >> preferred master = No >> wins server = 192.168.2.24 >> idmap config * : backend = ldap >> idmap config * : range = 10000-20000 >> logon path >> logon home >> display charset = LOCALE >> unix charset = UTF-8 >> dos charset = CP850 >> client ipc signing = auto >> map to guest = Bad User >> load printers = No >> show add printer wizard = No >> use sendfile = Yes >> map readonly = no >> case sensitive = No >> dns proxy = No >> winbind separator = + >> >> >> What SAMBA-BAD say on logs: >> >> [2016/05/31 09:24:48.856147, 3] >> ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth) >> Got user=[Notadmin] domain=[MYDOMAIN] workstation=[MBX-WIN8R1PM] len1=24 >> len2=288 >> [2016/05/31 09:24:48.856641, 3] auth/auth.c:219(check_ntlm_password) >> check_ntlm_password: Checking password for unmapped user >> [MYDOMAIN\[Notadmin]@[MBX-WIN8R1PM] with the new password interface >> [2016/05/31 09:24:48.856751, 3] auth/auth.c:222(check_ntlm_password) >> check_ntlm_password: mapped user is: >> [MYDOMAIN]\[Notadmin]@[MBX-WIN8R1PM] >> [2016/05/31 09:24:48.864733, 3] auth/auth_util.c:1087(check_account) >> Failed to find authenticated user MYDOMAIN\Notadmin via getpwnam(), >> denying access. >> [2016/05/31 09:24:48.864888, 2] auth/auth.c:330(check_ntlm_password) >> check_ntlm_password: Authentication for user [Notadmin] -> [Notadmin] >> FAILED with error NT_STATUS_NO_SUCH_USER >> [2016/05/31 09:24:48.864935, 3] smbd/sesssetup.c:63(do_map_to_guest) >> >> Any recomendation about I will appreciated, thanks!!! >> -- >> LIving the dream... >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >-- LIving the dream...
Reasonably Related Threads
- Cannot share folders access denid PDC+LDAP.
- Cannot share folders access denid PDC+LDAP.
- Cannot share folders access denid PDC+LDAP.
- [PATCH 1/2] Modify autoconf tests for intrinsics to stop clang from optimizing them away.
- DsGetNCChanges 2nd replication on different