[Samba] Windows 7 only connects if joined to the domain
in [Samba]
|
Prev: [Samba] Nobody can log on from a trusted domain, EXCEPT my own account
Next: Windows 7 only connects if joined to the domain
From: Clif Smith on 25 Feb 2010 12:40 I'm running 3.4.6 (was running 3.0.28a but upgraded in hopes to fix this issue). Clients running Windows 7 that are NOT joined to the AD domain (samba authenticates against it via "security = server") cannot authenticate to access the server. Clients running Windows 7 that are on the domain as well as Windows XP, Windows 2003 on and off the domain work as expected. Any help would be greatly appreciated! Thanks, Clif smb.conf: ======================== [global] workgroup = XXXXXX netbios name = XXXXXX security = server password server = XXXXXX wins server = XXXXXX smb passwd file = /etc/samba/smbpasswd server string = ausfs1 smb ports = 139 lanman auth = no ntlm auth = no client ntlmv2 auth = yes client lanman auth = no client plaintext auth = no max protocol = smb2 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 restrict anonymous = 2 local master = no domain master = no dns proxy = no log file = /var/log/samba/%m.log max log size = 500 log level = 3 syslog = 1 veto files = /.DS_Store/Thumbs.db/ Debug log: ======================== [2010/02/25 11:23:41, 3] smbd/process.c:1459(process_smb) Transaction 0 of length 159 (0 toread) [2010/02/25 11:23:41, 3] smbd/process.c:1273(switch_message) switch message SMBnegprot (pid 3179) conn 0x0 [2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [LANMAN1.0] [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [LM1.2X002] [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [LANMAN2.1] [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [NT LM 0.12] [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [SMB 2.002] [2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot) Requested protocol [SMB 2.???] [2010/02/25 11:23:41, 3] smbd/negprot.c:387(reply_nt1) using SPNEGO [2010/02/25 11:23:41, 3] smbd/negprot.c:672(reply_negprot) Selected protocol NT LM 0.12 [2010/02/25 11:23:41, 3] smbd/process.c:1459(process_smb) Transaction 1 of length 142 (0 toread) [2010/02/25 11:23:41, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 3179) conn 0x0 [2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/25 11:23:41, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/02/25 11:23:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/02/25 11:23:41, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/02/25 11:23:41, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/02/25 11:23:41, 3] smbd/sesssetup.c:786(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2010/02/25 11:23:41, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 [2010/02/25 11:23:41, 3] lib/util_sock.c:1033(open_socket_out_send) Connecting to XXXXXX at port 445 [2010/02/25 11:23:41, 3] auth/auth_server.c:86(server_cryptkey) connected to password server XXXXXX [2010/02/25 11:23:41, 3] auth/auth_server.c:113(server_cryptkey) got session [2010/02/25 11:23:41, 3] auth/auth_server.c:149(server_cryptkey) password server OK [2010/02/25 11:23:41, 3] auth/auth_server.c:233(auth_get_challenge_server) using password server validation [2010/02/25 11:23:41, 3] smbd/process.c:1459(process_smb) Transaction 2 of length 592 (0 toread) [2010/02/25 11:23:41, 3] smbd/process.c:1273(switch_message) switch message SMBsesssetupX (pid 3179) conn 0x0 [2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/25 11:23:41, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/02/25 11:23:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/02/25 11:23:41, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/02/25 11:23:41, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/02/25 11:23:41, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) Got user=[XXXXXX] domain=[XXXXXX] workstation=[WIN7] len1=24 len2=330 [2010/02/25 11:23:41, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [XXXXXX]\[XXXXXX]@[WIN7] with the new password interface [2010/02/25 11:23:41, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [XXXXXX]\[XXXXXX]@[WIN7] [2010/02/25 11:23:41, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/02/25 11:23:41, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/02/25 11:23:41, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/25 11:23:41, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'XXXXXX' in passdb. [2010/02/25 11:23:41, 3] libsmb/cliconnect.c:1187(cli_session_setup) cli_session_setup: NT1 session setup failed: NT_STATUS_LOGON_FAILURE [2010/02/25 11:23:41, 3] libsmb/cliconnect.c:1187(cli_session_setup) cli_session_setup: NT1 session setup failed: NT_STATUS_LOGON_FAILURE [2010/02/25 11:23:41, 1] auth/auth_server.c:413(check_smbserver_security) password server XXXXXX rejected the password: NT_STATUS_LOGON_FAILURE [2010/02/25 11:23:41, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [XXXXXX] -> [XXXXXX] FAILED with error NT_STATUS_LOGON_FAILURE [2010/02/25 11:23:41, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2010/02/25 11:23:54, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/02/25 11:23:54, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/02/25 11:23:54, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |