Chunduru, Krishnachaithanya
2017-Jun-30 07:11 UTC
[Samba] Authentication issues with Samba 4.3.8
Hi All, Can someone kindly help on my issue. I'm almost stuck and couldn't proceed further on my samba migration project. Thanks, Krishna Sent from my BlackBerry 10 smartphone. From: Chunduru, Krishnachaithanya Sent: Tuesday 27 June 2017 18:20 To: Rowland Penny; samba at lists.samba.org Subject: RE: [Samba] Authentication issues with Samba 4.3.8 Hi Rowland/All, I have tried upgrading our Samba from 3.0.28 to 4.3.8. I didn't wanted to remove my old working version, so I just stopped my samba service and installed new version. I have overwritten the new smb.conf with our existing smb.conf and tried restarting with the new startup scripts. 4.3.8 is having three startup scripts smbd, nmbd, winbindd and I tried restarting all of them. Here comes the issue, when tried to connect it was giving me the login prompt but it's not accepting the valid credentials. Below are the logs for the steps I followed. check_ntlm_password: Authentication for user [ChunduruK] -> [ChunduruK] FAILED with error NT_STATUS_LOGON_FAILURE [2017/05/20 05:20:49, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2017/05/20 05:20:49, 2] auth/auth.c:check_ntlm_password(319) [2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(941) create_local_nt_token: Failed to create BUILTIN\Users group! [2017/06/06 09:12:16, 2] lib/access.c:check_access(323) Then I stopped the 4.3.8 samba and then uninstalled it and started samba with the old startup's scripts and same config file. This time it works like a champ. [2017/06/23 06:12:22, 2] lib/access.c:check_access(323) Allowed connection from (X.X.X.X) [2017/06/23 06:12:22, 2] lib/access.c:check_access(323) Allowed connection from (X.X.X.X) [2017/06/23 06:12:22, 1] smbd/service.c:make_connection_snum(1033) X.X.X.X (X.X.X.X) connect to service tmp initially as user chundurk (uid=222, gid=1) (pid 22544550) I'm not sure if I need to install or change any of the settings. Regards, Krishna -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Wednesday, June 07, 2017 9:14 PM To: samba at lists.samba.org Subject: Re: [Samba] CVE-2017-7494 patches On Wed, 7 Jun 2017 20:58:18 +0530 "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chunduru at broadridge.com<mailto:Krishnachaithanya.Chunduru at broadridge.com>> wrote:> Thanks Rowland. > > I got one of the latest version from IBM 4.3.8, but they don't have > the patches for CVE 2017-7494. ☺ > > IBM told be to contact samba for getting the patches, do you or anyone > have the patches link so that I can test all together.As far as I am aware, there isn't a patch for the 4.3.x versions. The only supported versions of Samba are 4.4.x, 4.5.x and 4.6.x and there are patches available for these, see here: https://www.samba.org/samba/history/ Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
On Fri, 30 Jun 2017 12:41:13 +0530 "Chunduru, Krishnachaithanya" <Krishnachaithanya.Chunduru at broadridge.com> wrote:> Hi All, > > Can someone kindly help on my issue. I'm almost stuck and couldn't > proceed further on my samba migration project. >OK, way back when you started posting about this issue, you posted his as your smb.conf: [global] workgroup = XXXX server string = XXXXXXX encrypt passwords = no passdb backend = tdbsam log file = /var/log/samba/%m.log log level = 2 max log size = 1000 preferred master = no local master = no domain master = no domain logons = no dns proxy = no wins server = X.X.X.X, X.X.X.X hosts allow = 10., 149.83., 127. Andrew advised you to remove 'encrypt passwords = no' Before we go any further, can you tell us if this Samba machine is a domain member, if so, what sort of domain, NT4-style or AD If it isn't a domain member, is LDAP involved in any way, or are your users/groups just stored in /etc/passwd and /etc/group. Please reply to the mailing list, not directly to me. Rowland
Chunduru, Krishnachaithanya
2017-Jul-02 14:19 UTC
[Samba] Authentication issues with Samba 4.3.8
Hi Rowland,
Sorry I missed your previous mail.
Our servers are not having any ldap or AD for authentication. It is using tdbsam
option as password database, and yes all the users and groups are stored locally
in the /etc/passwd and /etc/group.
I will try removing the "encrypt password = no".
Below is the whole old smb.conf file.
bash-4.2$ cat /usr/local/samba/lib/smb.conf
[global]
server string = Samba on AIX
encrypt passwords = No
passdb backend = tdbsam
log file = /var/log/samba/%m.log
log level = 2
max log size = 1000
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = XXXXXX
hosts allow = XXXXXX
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
Thank you for the help !!
Regards,
Krishna
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
via samba
Sent: Friday, June 30, 2017 1:52 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Authentication issues with Samba 4.3.8
On Fri, 30 Jun 2017 12:41:13 +0530
"Chunduru, Krishnachaithanya"
<Krishnachaithanya.Chunduru at broadridge.com> wrote:
> Hi All,
>
> Can someone kindly help on my issue. I'm almost stuck and couldn't
> proceed further on my samba migration project.
>
OK, way back when you started posting about this issue, you posted his as your
smb.conf:
[global]
workgroup = XXXX
server string = XXXXXXX
encrypt passwords = no
passdb backend = tdbsam
log file = /var/log/samba/%m.log
log level = 2
max log size = 1000
preferred master = no
local master = no
domain master = no
domain logons = no
dns proxy = no
wins server = X.X.X.X, X.X.X.X
hosts allow = 10., 149.83., 127.
Andrew advised you to remove 'encrypt passwords = no'
Before we go any further, can you tell us if this Samba machine is a domain
member, if so, what sort of domain, NT4-style or AD
If it isn't a domain member, is LDAP involved in any way, or are your
users/groups just stored in /etc/passwd and /etc/group.
Please reply to the mailing list, not directly to me.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
This message and any attachments are intended only for the use of the addressee
and may contain information that is privileged and confidential. If the reader
of the message is not the intended recipient or an authorized representative of
the intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.