[Samba] Simple configuration and not working.
Vincent.Badier at alcatel.fr
Vincent.Badier at alcatel.fr
Thu Sep 11 10:18:42 GMT 2003
>I would expect this to be 'security = ads'
>since you've specified a realm.
Yes you're right, i did it now.
>Does this apply to you? (From WHATSNEW):
>
>Changes in Behavior
>- -------------------
>
>The following issues are known changes in behavior between Samba 2.2 and
>Samba 3.0 that may affect certain installations of Samba.
>
>1) When operating as a member of a Windows domain, Samba 2.2 would
>map any users authenticated by the remote DC to the 'guest account'
>if a uid could not be obtained via the getpwnam() call. Samba 3.0
>rejects the connection as NT_STATUS_LOGON_FAILURE. There is no
>current work around to re-establish the 2.2 behavior.
I don't think so since i tried 2 remote connection attempts and auth seems
to success:
one from a remote linux client, and a log part :
# /usr/bin/smbclient //172.26.123.121/myshare -U mylogon -W MYAD
Password:
tree connect failed: NT_STATUS_ACCESS_DENIED
[2003/09/11 11:09:38, 2] auth/auth.c:check_ntlm_password(302)
check_ntlm_password: authentication for user [mylogon] -> [mylogon] -> ]
succeeded
[2003/09/11 11:09:38, 5] auth/auth_util.c:free_user_info(1185)
attempting to free (and zero) a user_info structure
[2003/09/11 11:09:38, 10] auth/auth_util.c:free_user_info(1188)
structure was created for mylogon
[2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(207)
User name: Real name:
[2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(225)
UNIX uid 0 is UNIX user, and will be vuid 100
[2003/09/11 11:09:38, 3] smbd/process.c:process_smb(890)
Transaction 3 of length 104
[2003/09/11 11:09:38, 3] smbd/process.c:switch_message(685)
switch message SMBtconX (pid 9247)
[2003/09/11 11:09:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/09/11 11:09:38, 2] smbd/service.c:make_connection_snum(384)
user ' (from session setup) not permitted to access this share (myshare)
[2003/09/11 11:09:38, 3] smbd/error.c:error_packet(113)
error packet at smbd/reply.c(274) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
Well, what i understand is that authentication succeeded, a free structure
was created, but it seems to be not populate (user name and real name
empty), so this is normal that user ' is not allowed to access to the
share.
Am I wrong in my reasoning?
Another attempt, from a windows client now. thing are quite weird to me :
First, there is
Ticket name is [MYWORKSTATION$@MYAD.AD.MYDOMAIN.COM]
and after another Ticket with the username. While i don't see any
authentifiaction success nor deny, i see that it attempt to see if the
username is in the group. Does the failure related to the bad username
entry in the struct?
[2003/09/11 11:45:40, 3] smbd/password.c:register_vuid(207)
User name:^IReal name:
...
[2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339)
user_in_winbind_group_list: nametogid for group MYAD+SEC_GLOBAL_GROUP
failed.
[2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339)
user_in_winbind_group_list: nametogid for group
MYAD+SEC_ANOTHER_GLOBAL_GROUP failed.
[2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339)
user_in_winbind_group_list: nametogid for group MYAD+THIRD_GLOBAL_GROUP
failed.
[2003/09/11 11:45:40, 2] smbd/service.c:make_connection_snum(384)
user ' (from session setup) not permitted to access this share
(secondshare)
I obviously checked that permissions are set on the filesystem as well as
the user account membership to global groups.
Doing thoses test seem to tell me that auth is working, but there is still
a small thing that don't work in my case.
If needed, i can provide complete log for each of theses test.
Thank's again for your help
Vincent
More information about the samba
mailing list