Arjit Gupta
2016-Dec-21 11:48 UTC
[Samba] samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
Hi Rowland,
*After stopping **pwgr daemon* we are able to access the domain user as
expected.
Below is the smb.conf file used.
mach# ./testparm -s
Load smb config files from /etc/opt/samba/smb.conf
rlimit_max: increasing rlimit_max (2048) to minimum Windows limit (16384)
Processing section "[tmp]"
Loaded services file OK.
Processing comments in /etc/opt/samba/smb.conf
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
realm = CIFSDOM.COM
workgroup = CIFSDOM
allow dns updates = disabled
client ldap sasl wrapping = plain
log file = /var/log/samba/%m.log
security = ADS
username map = /etc/opt/samba/users.map
template homedir = /home/%U
template shell = /sbin/false
winbind enum groups = Yes
winbind enum users = Yes
winbind separator = /
idmap config CIFSDOM:range = 500-99999
idmap config CIFSDOM:backend = rid
idmap config *:range = 500-9999
idmap config * : backend = tdb
[tmp]
comment = Temporary file space
path = /tmp
read only = No
Please suggest pointers what might be causing the issue with pwgr daemon.
Arjit Kumar
On Tue, Dec 20, 2016 at 11:04 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 20 Dec 2016 22:33:56 +0530
> Arjit Gupta <arjitk.gupta at gmail.com> wrote:
>
> > Hi,
> >
> > I have added below lines in smb.conf
> >
> > idmap config CIFSDOM:backend = rid
> > idmap config CIFSDOM:range = 10000-999999
> >
> > But still i am getting same error.
> >
> > *I am also attaching logs *
> >
> > *winbind logs:-*
> >
> > userinfos: struct wbint_userinfo
> > acct_name : *
> > acct_name :
'gold'
> > full_name : *
> > full_name :
'gold'
> > homedir : *
> > homedir :
> > '/home/%U' shell : *
> > shell :
> > '/sbin/false' primary_gid : 0xffffffffffffffff
> > (-1)
> > user_sid :
> > S-1-5-21-3309633207-894445730-3307837412-1122
> > group_sid :
> > S-1-5-21-3309633207-894445730-3307837412-513
> > result : NT_STATUS_OK
> >
> > [ 6958]: pam auth crap domain: [CIFSDOM] user: gold
> > [2016/12/20 21:50:11.811213, 10, pid=6857, effective(0, 3), real(0,
> > 3), class=winbind] ../source3/winbindd/winbindd.c:800(wb_request_done)
> > wb_request_done[6958:PAM_AUTH_CRAP]: NT_STATUS_OK
> > [ 6959]: pam auth crap domain: [CIFSDOM] user: gold
> > [2016/12/20 21:50:14.166504, 10, pid=6857, effective(0, 3), real(0,
> > 3), class=winbind] ../source3/winbindd/winbindd.c:800(wb_request_done)
> > wb_request_done[6959:PAM_AUTH_CRAP]: NT_STATUS_OK
> >
> > *logs for client machine:-*
> >
> > DomainName : 'CIFSDOM'
> > UserNameLen : 0x0008 (8)
> > UserNameMaxLen : 0x0008 (8)
> > UserName : *
> > UserName : 'gold'
> > WorkstationLen : 0x0012 (18)
> > WorkstationMaxLen : 0x0012 (18)
> > Workstation : *
> > Workstation : 'windowsclient'
> > EncryptedRandomSessionKeyLen: 0x0010 (16)
> > EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
> > EncryptedRandomSessionKey: *
> > EncryptedRandomSessionKey: DATA_BLOB length=16
> >
> > Got user=[gold] domain=[CIFSDOM] workstation=[windowsclient] len1=24
> > len2=298
> > [2016/12/20 21:50:11.769896, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../auth/ntlmssp/ntlmssp_server.c:483(ntlmssp_server_preauth)
> > [2016/12/20 21:50:11.769939, 1, pid=6958, effective(0, 0), real(0,
> > 0)] ../librpc/ndr/ndr.c:413(ndr_print_debug)
> >
> > Scanning username map /etc/opt/samba/users.map
> > [2016/12/20 21:50:11.775246, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:219(user_in_list)
> > user_in_list: checking user gold in list
> > [2016/12/20 21:50:11.775297, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |gold| against |CDOM\Administrator|
> > [2016/12/20 21:50:11.775352, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |gold| against |CDOM\administrator|
> > [2016/12/20 21:50:11.775406, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |gold| against |CIFSDOM\Administrator|
> > [2016/12/20 21:50:11.775468, 8, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:464(map_username)
> > The user 'gold' has no mapping. Skip it next time.
> > [2016/12/20 21:50:11.775519, 5, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_util.c:117(make_user_info_map)
> > Mapping user [CIFSDOM]\[gold] from workstation [windowsclient]
> > [2016/12/20 21:50:11.777640, 5, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:62(make_user_info)
> > attempting to make a user_info for gold (gold)
> > [2016/12/20 21:50:11.777709, 5, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:70(make_user_info)
> > making strings for gold's user_info struct
> > [2016/12/20 21:50:11.777788, 5, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:108(make_user_info)
> > making blobs for gold's user_info struct
> > [2016/12/20 21:50:11.777843, 10, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:159(make_user_info)
> > made a user_info for gold (gold)
> > [2016/12/20 21:50:11.777905, 3, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:178(auth_check_ntlm_password)
> > check_ntlm_password: Checking password for unmapped user
> > [CIFSDOM]\[gold]@[windowsclient] with the new password interface
> > [2016/12/20 21:50:11.777966, 3, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:181(auth_check_ntlm_password)
> > check_ntlm_password: mapped user is:
> > [CIFSDOM]\[gold]@[windowsclient] 2016/12/20 21:50:11.778026, 10,
> > pid=6958, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:190(auth_check_ntlm_password)
> > check_ntlm_password: auth_context challenge created by random
> > [2016/12/20 21:50:11.778078, 10, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:192(auth_check_ntlm_password)
> > challenge is: [2016/12/20 21:50:11.778132, 5, pid=6958, effective(0,
> > 0), real(0, 0)] ../lib/util/util.c:555(dump_data)
> > [0000] 39 C2 DB B9 7C B4 83 03 9...|...
> > [2016/12/20 21:50:11.778297, 10, pid=6958, effective(0, 0), real(0,
> > 0),
> > class=auth] ../source3/auth/auth_builtin.c:41(check_guest_security)
> > Check auth for: [gold] [2016/12/20 21:50:11.778351, 10, pid=6958,
> > effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:233(auth_check_ntlm_password)
> > check_ntlm_password: guest had nothing to say [2016/12/20
> > 21:50:11.778411, 10, pid=6958, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) Check
> > auth for: [gold] [2016/12/20 21:50:11.778485, 8, pid=6958,
> > effective(0, 0), real(0, 0)] ../source3/lib/util.c:1239(is_myname)
> > is_myname("CIFSDOM") returns 0
> > [2016/12/20 21:50:11.778548, 6, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_sam.c:88(auth_samstrict_auth)
> > check_samstrict_security: CIFSDOM is not one of my local names
> > (ROLE_DOMAIN_MEMBER)
> > [2016/12/20 21:50:11.778605, 10, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:233(auth_check_ntlm_password)
> > check_ntlm_password: sam had nothing to say
> > [2016/12/20 21:50:11.778666, 10, pid=6958, effective(0, 0), real(0,
> > 0),
> > class=auth] ../source3/auth/auth_winbind.c:50(check_winbind_security)
> > Check auth for: [gold] Scanning username map /etc/opt/samba/users.map
> > [2016/12/20 21:50:11.811948, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:219(user_in_list)
> > user_in_list: checking user CIFSDOM\gold in list
> > [2016/12/20 21:50:11.811999, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |CIFSDOM\gold| against
> > |CDOM\Administrator| [2016/12/20 21:50:11.812070, 10, pid=6958,
> > effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list) user_in_list:
> > checking user |CIFSDOM\gold| against |CDOM\administrator| [2016/12/20
> > 21:50:11.812125, 10, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list) user_in_list:
> > checking user |CIFSDOM\gold| against |CIFSDOM\Administrator|
> > [2016/12/20 21:50:11.812188, 8, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:464(map_username) The user
> > 'CIFSDOM\gold' has no mapping. Skip it next time. [2016/12/20
> > 21:50:11.812266, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user
> > CIFSDOM\gold [2016/12/20 21:50:11.812320, 5, pid=6958, effective(0,
> > 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is CIFSDOM\gold
> > [2016/12/20 21:50:11.812882, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:128(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as given is CIFSDOM\gold
> > [2016/12/20 21:50:11.813082, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is CIFSDOM\GOLD
> > [2016/12/20 21:50:11.813266, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in CIFSDOM\gold
> > [2016/12/20 21:50:11.813327, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [CIFSDOM\gold]!
> > [2016/12/20 21:50:11.813382, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
> > Finding user gold
> > [2016/12/20 21:50:11.813432, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is gold
> > [2016/12/20 21:50:11.813605, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is GOLD
> > [2016/12/20 21:50:11.813878, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in gold
> > [2016/12/20 21:50:11.813942, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [gold]!
> > [2016/12/20 21:50:11.814279, 3, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_util.c:1229(check_account)
> > Failed to find authenticated user CIFSDOM\gold via getpwnam(),
> > denying access.
> > [2016/12/20 21:50:11.814360, 5, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
> > check_ntlm_password: winbind authentication for user [gold] FAILED
> > with error NT_STATUS_NO_SUCH_USER
> > [2016/12/20 21:50:11.814442, 2, pid=6958, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
> > check_ntlm_password: Authentication for user [gold] -> [gold]
> > FAILED with error NT_STATUS_NO_SUCH_USER
> > [2016/12/20 21:50:11.814503, 5, pid=6958, effective(0, 0), real(0,
> > 0)] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
> > Checking NTLMSSP password for CIFSDOM\gold failed:
> > NT_STATUS_NO_SUCH_USER [2016/12/20 21:50:11.814571, 5, pid=6958,
> > effective(0, 0), real(0,
> > 0)]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
> ../auth/ntlmssp/ntlmssp_server.c:737:
> > Checking NTLMSSP password for CIFSDOM\gold failed:
> > NT_STATUS_NO_SUCH_USER [2016/12/20 21:50:11.814643, 2, pid=6958,
> > effective(0, 0), real(0,
> > 0)] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
> > SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> > DomainNameLen : 0x0010 (16) DomainNameMaxLen :
> > 0x0010 (16) DomainName : *
> > DomainName : 'CIFSDOM'
> > UserNameLen : 0x0008 (8)
> > UserNameMaxLen : 0x0008 (8)
> > UserName : *
> > UserName : 'gold'
> > WorkstationLen : 0x0012 (18)
> > WorkstationMaxLen : 0x0012 (18)
> > Workstation : *
> > Workstation : 'windowsclient'
> > [2016/12/20 21:50:14.125243, 3, pid=6959, effective(0, 0), real(0,
> > 0)] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
> > Got user=[gold] domain=[CIFSDOM] workstation=[windowsclient] len1=24
> > len2=298
> > Scanning username map /etc/opt/samba/users.map
> > [2016/12/20 21:50:14.130606, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:219(user_in_list)
> > user_in_list: checking user gold in list
> > [2016/12/20 21:50:14.130657, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |gold| against |CDOM\Administrator|
> > [2016/12/20 21:50:14.130711, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |gold| against |CDOM\administrator|
> > [2016/12/20 21:50:14.130766, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |gold| against |CIFSDOM\Administrator|
> > [2016/12/20 21:50:14.130828, 8, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:464(map_username)
> > The user 'gold' has no mapping. Skip it next time.
> > [2016/12/20 21:50:14.130880, 5, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_util.c:117(make_user_info_map)
> > Mapping user [CIFSDOM]\[gold] from workstation [windowsclient]
> > [2016/12/20 21:50:14.133060, 5, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:62(make_user_info)
> > attempting to make a user_info for gold (gold)
> > [2016/12/20 21:50:14.133126, 5, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:70(make_user_info)
> > making strings for gold's user_info struct
> > [2016/12/20 21:50:14.133197, 5, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:108(make_user_info)
> > making blobs for gold's user_info struct
> > [2016/12/20 21:50:14.133251, 10, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/user_info.c:159(make_user_info)
> > made a user_info for gold (gold)
> > [2016/12/20 21:50:14.133313, 3, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:178(auth_check_ntlm_password)
> > check_ntlm_password: Checking password for unmapped user
> > [CIFSDOM]\[gold]@[windowsclient] with the new password interface
> > [2016/12/20 21:50:14.133374, 3, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:181(auth_check_ntlm_password)
> > check_ntlm_password: mapped user is:
> > [CIFSDOM]\[gold]@[windowsclient] 2016/12/20 21:50:14.133799, 10,
> > pid=6959, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth_builtin.c:41(check_guest_security)
> > Check auth for: [gold] [2016/12/20 21:50:14.133852, 10, pid=6959,
> > effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth.c:233(auth_check_ntlm_password)
> > check_ntlm_password: guest had nothing to say [2016/12/20
> > 21:50:14.133911, 10, pid=6959, effective(0, 0), real(0, 0),
> > class=auth] ../source3/auth/auth_sam.c:75(auth_samstrict_auth) Check
> > auth for: [gold] [2016/12/20 21:50:14.134002, 8, pid=6959,
> > effective(0, 0), real(0, 0)] ../source3/lib/util.c:1239(is_myname)
> > is_myname("CIFSDOM") returns 0
> > [2016/12/20 21:50:14.134068, 6, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_sam.c:88(auth_samstrict_auth)
> > check_samstrict_security: CIFSDOM is not one of my local names
> > (ROLE_DOMAIN_MEMBER)
> > [2016/12/20 21:50:14.134125, 10, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:233(auth_check_ntlm_password)
> > check_ntlm_password: sam had nothing to say
> > [2016/12/20 21:50:14.134189, 10, pid=6959, effective(0, 0), real(0,
> > 0),
> > class=auth] ../source3/auth/auth_winbind.c:50(check_winbind_security)
> > Check auth for: [gold] Scanning username map /etc/opt/samba/users.map
> > [2016/12/20 21:50:14.167189, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:219(user_in_list)
> > user_in_list: checking user CIFSDOM\gold in list
> > [2016/12/20 21:50:14.167240, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |CIFSDOM\gold| against
> > |CDOM\Administrator| [2016/12/20 21:50:14.167295, 10, pid=6959,
> > effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list) user_in_list:
> > checking user |CIFSDOM\gold| against |CDOM\administrator| [2016/12/20
> > 21:50:14.167351, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list) user_in_list:
> > checking user |CIFSDOM\gold| against |CIFSDOM\Administrator|
> > [2016/12/20 21:50:14.167413, 8, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:464(map_username) The user
> > 'CIFSDOM\gold' has no mapping. Skip it next time. [2016/12/20
> > 21:50:14.167488, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user
> > CIFSDOM\gold [2016/12/20 21:50:14.167542, 5, pid=6959, effective(0,
> > 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is CIFSDOM\gold
> > [2016/12/20 21:50:14.167991, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:128(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as given is CIFSDOM\gold
> > [2016/12/20 21:50:14.168158, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is CIFSDOM\GOLD
> > [2016/12/20 21:50:14.168312, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in CIFSDOM\gold
> > [2016/12/20 21:50:14.168371, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [CIFSDOM\gold]!
> > [2016/12/20 21:50:14.168432, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
> > Finding user gold
> > [2016/12/20 21:50:14.168482, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is gold
> > [2016/12/20 21:50:14.168648, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is GOLD
> > [2016/12/20 21:50:14.168800, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in gold
> > [2016/12/20 21:50:14.168858, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [gold]!
> > [2016/12/20 21:50:14.169184, 3, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_util.c:1229(check_account)
> > Failed to find authenticated user CIFSDOM\gold via getpwnam(),
> > denying access.
> > [2016/12/20 21:50:14.169262, 5, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
> > check_ntlm_password: winbind authentication for user [gold] FAILED
> > with error NT_STATUS_NO_SUCH_USER
> > [2016/12/20 21:50:14.169348, 2, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
> > check_ntlm_password: Authentication for user [gold] -> [gold]
> > FAILED with error NT_STATUS_NO_SUCH_USER
> > [2016/12/20 21:50:14.169410, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
> > Checking NTLMSSP password for CIFSDOM\gold failed:
> > NT_STATUS_NO_SUCH_USER [2016/12/20 21:50:14.169479, 5, pid=6959,
> > effective(0, 0), real(0,
> > 0)]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
> ../auth/ntlmssp/ntlmssp_server.c:737:
> > Checking NTLMSSP password for CIFSDOM\gold failed:
> > NT_STATUS_NO_SUCH_USER Scanning username map /etc/opt/samba/users.map
> > [2016/12/20 21:50:14.167189, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:219(user_in_list)
> > user_in_list: checking user CIFSDOM\gold in list
> > [2016/12/20 21:50:14.167240, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list)
> > user_in_list: checking user |CIFSDOM\gold| against
> > |CDOM\Administrator| [2016/12/20 21:50:14.167295, 10, pid=6959,
> > effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list) user_in_list:
> > checking user |CIFSDOM\gold| against |CDOM\administrator| [2016/12/20
> > 21:50:14.167351, 10, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:224(user_in_list) user_in_list:
> > checking user |CIFSDOM\gold| against |CIFSDOM\Administrator|
> > [2016/12/20 21:50:14.167413, 8, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/user_util.c:464(map_username) The user
> > 'CIFSDOM\gold' has no mapping. Skip it next time. [2016/12/20
> > 21:50:14.167488, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc) Finding user
> > CIFSDOM\gold [2016/12/20 21:50:14.167542, 5, pid=6959, effective(0,
> > 0), real(0, 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is CIFSDOM\gold
> > [2016/12/20 21:50:14.167991, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:128(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as given is CIFSDOM\gold
> > [2016/12/20 21:50:14.168158, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is CIFSDOM\GOLD
> > [2016/12/20 21:50:14.168312, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in CIFSDOM\gold
> > [2016/12/20 21:50:14.168371, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [CIFSDOM\gold]!
> > [2016/12/20 21:50:14.168432, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
> > Finding user gold
> > [2016/12/20 21:50:14.168482, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as lowercase is gold
> > [2016/12/20 21:50:14.168648, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:141(Get_Pwnam_internals)
> > Trying _Get_Pwnam(), username as uppercase is GOLD
> > [2016/12/20 21:50:14.168800, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:153(Get_Pwnam_internals)
> > Checking combinations of 0 uppercase letters in gold
> > [2016/12/20 21:50:14.168858, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
> > Get_Pwnam_internals didn't find user [gold]!
> > [2016/12/20 21:50:14.169184, 3, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth_util.c:1229(check_account)
> > Failed to find authenticated user CIFSDOM\gold via getpwnam(),
> > denying access.
> > [2016/12/20 21:50:14.169262, 5, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
> > check_ntlm_password: winbind authentication for user [gold] FAILED
> > with error NT_STATUS_NO_SUCH_USER
> > [2016/12/20 21:50:14.169348, 2, pid=6959, effective(0, 0), real(0,
> > 0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
> > check_ntlm_password: Authentication for user [gold] -> [gold]
> > FAILED with error NT_STATUS_NO_SUCH_USER
> > [2016/12/20 21:50:14.169410, 5, pid=6959, effective(0, 0), real(0,
> > 0)] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
> > Checking NTLMSSP password for CIFSDOM\gold failed:
> > NT_STATUS_NO_SUCH_USER [2016/12/20 21:50:14.169479, 5, pid=6959,
> > effective(0, 0), real(0,
> > 0)]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
> ../auth/ntlmssp/ntlmssp_server.c:737:
> > Checking NTLMSSP password for CIFSDOM\gold failed:
> > NT_STATUS_NO_SUCH_USER
> >
> >
> >
> >
>
> If you run 'getent passwd gold' or 'getent passwd
CIFSDOM\\gold' do you
> get any output ?
>
> From the above log output, it looks like your user cannot be found.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Rowland Penny
2016-Dec-21 12:03 UTC
[Samba] samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
On Wed, 21 Dec 2016 17:18:11 +0530 Arjit Gupta <arjitk.gupta at gmail.com> wrote:> Hi Rowland, > > *After stopping **pwgr daemon* we are able to access the domain user > as expected. > > Below is the smb.conf file used. > > mach# ./testparm -s > Load smb config files from /etc/opt/samba/smb.conf > rlimit_max: increasing rlimit_max (2048) to minimum Windows limit > (16384) Processing section "[tmp]" > Loaded services file OK. > Processing comments in /etc/opt/samba/smb.conf > Server role: ROLE_DOMAIN_MEMBER > > # Global parameters > [global] > realm = CIFSDOM.COM > workgroup = CIFSDOM > allow dns updates = disabled > client ldap sasl wrapping = plain > log file = /var/log/samba/%m.log > security = ADS > username map = /etc/opt/samba/users.map > template homedir = /home/%U > template shell = /sbin/false > winbind enum groups = Yes > winbind enum users = Yes > winbind separator = / > idmap config CIFSDOM:range = 500-99999 > idmap config CIFSDOM:backend = rid > idmap config *:range = 500-9999 > idmap config * : backend = tdb > > > [tmp] > comment = Temporary file space > path = /tmp > read only = No > > Please suggest pointers what might be causing the issue with pwgr > daemon. >OK, I am not a hpux user, so have no idea what the 'pwgr daemon' is or does ;-) What I can tell you is: 'allow dns updates = disabled' should only be used in an AD DC smb.conf The 'winbind enum' lines should only be set to yes for testing purposes The most important 'wrong' thing is, the 'idmap config' ranges MUST not overlap. I would also change the '*' domain range from '500-9999', with this setting you are not allowing anywhere for local Unix users, the same goes for the 'CIFSDOM' range. Can I suggest you follow the Samba wiki examples and use '2000-9999' for the '*' domain and '10000-99999' for the 'CIFSDOM' range.
Arjit Gupta
2016-Dec-21 13:25 UTC
[Samba] samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
Hi Rowland, Below is the man page for pwgrd deamon. http://nixdoc.net/man-pages/HP-UX/pwgrd.1m.html Thanks for suggesting the changes in smb..conf as of now we are using above for testing purpose only. I have corrected your suggestion still i am having the same issue. Arjit Kumar On Wed, Dec 21, 2016 at 5:33 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Wed, 21 Dec 2016 17:18:11 +0530 > Arjit Gupta <arjitk.gupta at gmail.com> wrote: > > > Hi Rowland, > > > > *After stopping **pwgr daemon* we are able to access the domain user > > as expected. > > > > Below is the smb.conf file used. > > > > mach# ./testparm -s > > Load smb config files from /etc/opt/samba/smb.conf > > rlimit_max: increasing rlimit_max (2048) to minimum Windows limit > > (16384) Processing section "[tmp]" > > Loaded services file OK. > > Processing comments in /etc/opt/samba/smb.conf > > Server role: ROLE_DOMAIN_MEMBER > > > > # Global parameters > > [global] > > realm = CIFSDOM.COM > > workgroup = CIFSDOM > > allow dns updates = disabled > > client ldap sasl wrapping = plain > > log file = /var/log/samba/%m.log > > security = ADS > > username map = /etc/opt/samba/users.map > > template homedir = /home/%U > > template shell = /sbin/false > > winbind enum groups = Yes > > winbind enum users = Yes > > winbind separator = / > > idmap config CIFSDOM:range = 500-99999 > > idmap config CIFSDOM:backend = rid > > idmap config *:range = 500-9999 > > idmap config * : backend = tdb > > > > > > [tmp] > > comment = Temporary file space > > path = /tmp > > read only = No > > > > Please suggest pointers what might be causing the issue with pwgr > > daemon. > > > > OK, I am not a hpux user, so have no idea what the 'pwgr daemon' is or > does ;-) > > What I can tell you is: > > 'allow dns updates = disabled' should only be used in an AD DC smb.conf > > The 'winbind enum' lines should only be set to yes for testing purposes > > The most important 'wrong' thing is, the 'idmap config' ranges MUST not > overlap. > I would also change the '*' domain range from '500-9999', with this > setting you are not allowing anywhere for local Unix users, the same > goes for the 'CIFSDOM' range. Can I suggest you follow the Samba wiki > examples and use '2000-9999' for the '*' domain and '10000-99999' for > the 'CIFSDOM' range. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Possibly Parallel Threads
- samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
- samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
- samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
- samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing
- samba 4.5.0 on hpux ia64: smbd not able to use domain users for file sharing