On 05.09.19 16:14, Rowland penny via samba wrote:> try adding 'null passwords = yes' to your smb.conf.
I have try. but can't connect (NT_STATUS_CONNECTION_RESET).
Log append.
Config:
[global]
workgroup = workgroup
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 5000
log level = 3 passdb:5 auth:5
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
printcap name = none
preferred master = No
local master = No
domain master = No
# shares
# all shares has "guest ok = yes"
...
-------------- next part --------------
check_ntlm_password: mapped user is: [user33]\[user35]@[user35]
[2019/09/06 09:26:48.752739, 3]
../source3/passdb/lookup_sid.c:1645(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for user35
[2019/09/06 09:26:48.752882, 3]
../source3/auth/check_samsec.c:56(sam_password_ok)
Account for user 'user35' has no password and null passwords are
allowed.
[2019/09/06 09:26:48.752908, 4]
../source3/auth/check_samsec.c:183(sam_account_ok)
sam_account_ok: Checking SMB password for user user35
[2019/09/06 09:26:48.752928, 5]
../source3/auth/check_samsec.c:165(logon_hours_ok)
logon_hours_ok: user user35 allowed to logon at this time (Fri Sep 6 07:26:48
2019
)
[2019/09/06 09:26:48.753405, 5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
make_server_info_sam: made server info for user user35 -> user35
[2019/09/06 09:26:48.753436, 3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [user35] succeeded
[2019/09/06 09:26:48.753473, 5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
check_ntlm_password: PAM Account for user [user35] succeeded
[2019/09/06 09:26:48.753488, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [user35] -> [user35] ->
[user35] succeeded
[2019/09/06 09:26:48.753665, 3]
../source3/auth/token_util.c:547(finalize_local_nt_token)
Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.753728, 3]
../source3/auth/token_util.c:579(finalize_local_nt_token)
Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.754004, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.754117, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.754164, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.754183, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.754228, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.754268, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.754315, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.754335, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.754504, 1]
../auth/ntlmssp/ntlmssp_server.c:950(ntlmssp_server_postauth)
ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[user35] domain=[user35]
workstation=[user35]
[2019/09/06 09:26:48.754527, 1] ../lib/util/util.c:555(dump_data)
[0000] 6E CF AD 45 3C FD 80 2D 17 56 40 BB 37 65 51 19 n..E<..- .V at
.7eQ.
[2019/09/06 09:26:48.754557, 1] ../lib/util/util.c:555(dump_data)
[0000] 76 87 42 99 FF 79 CA 4B C1 E4 97 C0 30 BB 00 84 v.B..y.K ....0...
[2019/09/06 09:26:48.754586, 2]
../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_INVALID_PARAMETER
[2019/09/06 09:26:48.754666, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_INVALID_PARAMETER] || at ../source3/smbd/smb2_sesssetup.c:134
[2019/09/06 09:26:48.755622, 3]
../source3/smbd/server_exit.c:246(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
[2019/09/06 09:26:48.763465, 3] ../source3/smbd/oplock.c:1328(init_oplocks)
init_oplocks: initializing messages.
[2019/09/06 09:26:48.763531, 3] ../source3/smbd/process.c:1958(process_smb)
Transaction 0 of length 236 (0 toread)
[2019/09/06 09:26:48.763717, 3]
../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2019/09/06 09:26:48.763755, 5]
../source3/auth/auth.c:491(make_auth_context_subsystem)
Making default auth method list for server role = 'standalone server',
encrypt passwords = yes
[2019/09/06 09:26:48.763776, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend trustdomain
[2019/09/06 09:26:48.763800, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'trustdomain'
[2019/09/06 09:26:48.763817, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend ntdomain
[2019/09/06 09:26:48.763835, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'ntdomain'
[2019/09/06 09:26:48.763851, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend guest
[2019/09/06 09:26:48.763868, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'guest'
[2019/09/06 09:26:48.763884, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam
[2019/09/06 09:26:48.763901, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam'
[2019/09/06 09:26:48.763918, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam_ignoredomain
[2019/09/06 09:26:48.763935, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam_ignoredomain'
[2019/09/06 09:26:48.763952, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend winbind
[2019/09/06 09:26:48.763969, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'winbind'
[2019/09/06 09:26:48.763985, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend unix
[2019/09/06 09:26:48.764002, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'unix'
[2019/09/06 09:26:48.764019, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend wbc
[2019/09/06 09:26:48.764035, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'wbc'
[2019/09/06 09:26:48.764052, 5] ../source3/auth/auth.c:378(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2019/09/06 09:26:48.764077, 5] ../source3/auth/auth.c:403(load_auth_module)
load_auth_module: auth method guest has a valid init
[2019/09/06 09:26:48.764095, 5] ../source3/auth/auth.c:378(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam
[2019/09/06 09:26:48.764113, 5] ../source3/auth/auth.c:403(load_auth_module)
load_auth_module: auth method sam has a valid init
[2019/09/06 09:26:48.767687, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2019/09/06 09:26:48.767722, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2019/09/06 09:26:48.767742, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2019/09/06 09:26:48.767761, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'spnego' registered
[2019/09/06 09:26:48.767780, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'schannel' registered
[2019/09/06 09:26:48.767798, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2019/09/06 09:26:48.767817, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2019/09/06 09:26:48.767835, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'ntlmssp' registered
[2019/09/06 09:26:48.767854, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2019/09/06 09:26:48.767873, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'http_basic' registered
[2019/09/06 09:26:48.767891, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'http_ntlm' registered
[2019/09/06 09:26:48.767910, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'krb5' registered
[2019/09/06 09:26:48.767928, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2019/09/06 09:26:48.769724, 5]
../source3/auth/auth.c:491(make_auth_context_subsystem)
Making default auth method list for server role = 'standalone server',
encrypt passwords = yes
[2019/09/06 09:26:48.769760, 5] ../source3/auth/auth.c:378(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2019/09/06 09:26:48.769781, 5] ../source3/auth/auth.c:403(load_auth_module)
load_auth_module: auth method guest has a valid init
[2019/09/06 09:26:48.769798, 5] ../source3/auth/auth.c:378(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam
[2019/09/06 09:26:48.769816, 5] ../source3/auth/auth.c:403(load_auth_module)
load_auth_module: auth method sam has a valid init
[2019/09/06 09:26:48.769951, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
[2019/09/06 09:26:48.772576, 3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
Got user=[user35] domain=[user35] workstation=[user35] len1=24 len2=340
[2019/09/06 09:26:48.772626, 3] ../source3/param/loadparm.c:3739(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/09/06 09:26:48.772688, 3] ../source3/param/loadparm.c:542(init_globals)
Initialising global parameters
[2019/09/06 09:26:48.772784, 3] ../source3/param/loadparm.c:2668(lp_do_section)
Processing section "[global]"
[2019/09/06 09:26:48.773174, 1]
../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
WARNING: The "syslog" option is deprecated
[2019/09/06 09:26:48.773277, 1]
../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
WARNING: The "null passwords" option is deprecated
[2019/09/06 09:26:48.773628, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[homes]"
[2019/09/06 09:26:48.773711, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[daten]"
[2019/09/06 09:26:48.773756, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[www]"
[2019/09/06 09:26:48.773843, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[gemeinsam]"
[2019/09/06 09:26:48.773901, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[EFA]"
[2019/09/06 09:26:48.773954, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[CAT]"
[2019/09/06 09:26:48.774024, 3] ../source3/param/loadparm.c:1585(lp_add_ipc)
adding IPC service
[2019/09/06 09:26:48.774397, 5]
../source3/auth/auth_util.c:122(make_user_info_map)
Mapping user [user35]\[user35] from workstation [user35]
[2019/09/06 09:26:48.774415, 5]
../source3/auth/auth_util.c:143(make_user_info_map)
Mapped domain from [user35] to [user33] for user [user35] from workstation
[user35]
[2019/09/06 09:26:48.774429, 5] ../source3/auth/user_info.c:62(make_user_info)
attempting to make a user_info for user35 (user35)
[2019/09/06 09:26:48.774444, 5] ../source3/auth/user_info.c:70(make_user_info)
making strings for user35's user_info struct
[2019/09/06 09:26:48.774459, 5] ../source3/auth/user_info.c:108(make_user_info)
making blobs for user35's user_info struct
[2019/09/06 09:26:48.774474, 3]
../source3/auth/auth.c:178(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[user35]\[user35]@[user35] with the new password interface
[2019/09/06 09:26:48.774489, 3]
../source3/auth/auth.c:181(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [user33]\[user35]@[user35]
[2019/09/06 09:26:48.774742, 3]
../source3/passdb/lookup_sid.c:1645(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for user35
[2019/09/06 09:26:48.774856, 3]
../source3/auth/check_samsec.c:56(sam_password_ok)
Account for user 'user35' has no password and null passwords are
allowed.
[2019/09/06 09:26:48.774879, 4]
../source3/auth/check_samsec.c:183(sam_account_ok)
sam_account_ok: Checking SMB password for user user35
[2019/09/06 09:26:48.774899, 5]
../source3/auth/check_samsec.c:165(logon_hours_ok)
logon_hours_ok: user user35 allowed to logon at this time (Fri Sep 6 07:26:48
2019
)
[2019/09/06 09:26:48.775065, 5]
../source3/auth/server_info_sam.c:122(make_server_info_sam)
make_server_info_sam: made server info for user user35 -> user35
[2019/09/06 09:26:48.775103, 3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
check_ntlm_password: sam authentication for user [user35] succeeded
[2019/09/06 09:26:48.775147, 5]
../source3/auth/auth.c:292(auth_check_ntlm_password)
check_ntlm_password: PAM Account for user [user35] succeeded
[2019/09/06 09:26:48.775166, 2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [user35] -> [user35] ->
[user35] succeeded
[2019/09/06 09:26:48.775362, 3]
../source3/auth/token_util.c:547(finalize_local_nt_token)
Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.775425, 3]
../source3/auth/token_util.c:579(finalize_local_nt_token)
Failed to fetch domain sid for user.DE
[2019/09/06 09:26:48.775970, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.776007, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.776039, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.776067, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.776111, 5]
../source3/passdb/pdb_interface.c:1749(lookup_global_sam_rid)
lookup_global_sam_rid: looking up RID 513.
[2019/09/06 09:26:48.776150, 5]
../source3/passdb/pdb_tdb.c:658(tdbsam_getsampwrid)
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2019/09/06 09:26:48.776189, 5]
../source3/passdb/pdb_interface.c:1825(lookup_global_sam_rid)
Can't find a unix id for an unmapped group
[2019/09/06 09:26:48.776215, 5]
../source3/passdb/pdb_interface.c:1535(pdb_default_sid_to_id)
SID S-1-5-21-3269160466-1648616366-3115778904-513 belongs to our domain, but
there is no corresponding object in the database.
[2019/09/06 09:26:48.776387, 1]
../auth/ntlmssp/ntlmssp_server.c:950(ntlmssp_server_postauth)
ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[user35] domain=[user35]
workstation=[user35]
[2019/09/06 09:26:48.776410, 1] ../lib/util/util.c:555(dump_data)
[0000] 60 14 2B E8 AC 21 12 CE 41 6D 00 DA B8 9E 7A BF `.+..!.. Am....z.
[2019/09/06 09:26:48.776439, 1] ../lib/util/util.c:555(dump_data)
[0000] 24 33 9E 21 86 7A B4 30 D4 FA 39 1C BD 14 F9 5B $3.!.z.0 ..9....[
[2019/09/06 09:26:48.776468, 2]
../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_INVALID_PARAMETER
[2019/09/06 09:26:48.776547, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_INVALID_PARAMETER] || at ../source3/smbd/smb2_sesssetup.c:134
[2019/09/06 09:26:48.777519, 3]
../source3/smbd/server_exit.c:246(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)