Prev: [Samba] How to force NTLMv1 on server side?
Next: [Samba] ntlm_auth, universal principal name, multi-domain active directory - can samba authenticate?
From: Carlyle Sutphen on 9 Oct 2009 06:00 Hello List. We have a number of working ADS servers. One of out clients is not in the Kerberized domain so there users log in via NIS. Having looked at the options for enabling NIS authentication I have decided to use the smbpasswd. Now I can't get that to work. After using smbpasswd to create two users, one created locally, in the /etc/passwd, and one that exists already in NIS. Not only can I not map the share to my XP workstation, as either user, I am unable to change the password. I will include the failed password change and the server configuration followed by a log excerpt from the session. Here is the location of the smbpasswd file: # l /export/samba/var/private total 40 drwxr-x--- 2 root system 512 Oct 09 10:17 . drwxr-x--- 5 root system 512 Oct 07 18:13 .. -rw------- 1 root system 8192 Oct 09 11:37 secrets.tdb -rw------- 1 root system 325 Oct 09 09:44 smbpasswd And: # cat /export/samba/var/private/smbpasswd nobody:4294967294:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU ]:LCT-00000000: test:200:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-4ACEE647: zgunchr:2289386:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-4ACEE9EC: Now the failed smbpasswd session: smbpasswd -r fracosmad3 Old SMB password: New SMB password: Retype new SMB password: Could not connect to machine fracosmad3: NT_STATUS_LOGON_FAILURE Failed to change password for test The configuration: [global] security = USER workgroup = GWG wins server = fraeswwnp1.de.db.com,mhgeswwnp1.de.db.com server string = GWG dns proxy = no encrypt passwords = yes client ntlmv2 auth = yes lanman auth = no ntlm auth = no deadtime = 5 hide dot files = yes bind interfaces only = yes max log size = 4096 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 username map = /export/samba/etc/username.map pid directory = /export/samba/var/locks private dir = /export/samba/var/private interfaces = 10.216.5.45 netbios name = fracosmad3 netbios aliases = GWG log level = 3 log file = /export/samba/var/log/log.samba nis homedir = no [gwgro] comment = GWG Read Only User path = /home/gwgro valid users = gwgro,test read only = No writable = yes Log excerpt: [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc801 [2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2009/10/09 10:54:43, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[test] domain=[] workstation=[FRACOSMAD3] len1=24 len2=24 [2009/10/09 10:54:43, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user []\[test]@[FRACOSMAD3] with the new password interface [2009/10/09 10:54:43, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [FRACOSMAD3]\[test]@[FRACOSMAD3] [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 2] libsmb/ntlm_check.c:ntlm_password_check(349) ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user test [2009/10/09 10:54:43, 3] libsmb/ntlm_check.c:ntlm_password_check(356) ntlm_password_check: NEITHER LanMan nor NT password supplied for user test [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [test] -> [test] FAILED with error NT_STATUS_WRONG_PASSWORD [2009/10/09 10:54:43, 3] smbd/process.c:timeout_processing(1447) timeout_processing: End of file from client (client has disconnected). [2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/10/09 10:54:43, 2] smbd/server.c:exit_server(614) Closing connections [2009/10/09 10:54:43, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2009/10/09 10:54:43, 3] smbd/server.c:exit_server(655) Server exit (normal exit) -- Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter http://www.db.com/de/content/pflichtangaben.htm. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet. Please refer to http://www.db.com/en/content/eu_disclosures.htm for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |