[Samba] Re: ADS valid users can't map share
Igor Belyi
sambauser at katehok.ac93.org
Wed Oct 20 16:17:24 GMT 2004
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greg Adams wrote:
> | I tried to send a level 10 log from the moment of connection to the
> | user that should be mapped touching a file, but the attachment was too
> | large and the messages bounced, awaiting moderator approval. So
> | instead, I'll try to post the sections I think are relevant here:
> |
> | searching for spnego and username.map led me to this section:
> |
> *********************************************************************************************************
>
> | [2004/10/18 08:19:25, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
> | Doing spnego session setup
> | [2004/10/18 08:19:25, 3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
> | NativeOS=[Windows 2002 Service Pack 1 2600] NativeLanMan=[Windows
> | 2002 5.1] PrimaryDomain=[]
> | [2004/10/18 08:19:25, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
> | Got user=[imguser] domain=[EDSADDDM] workstation=[MULE] len1=24
> | len2=24
>
> NTLMSSP authentication here. Not kerberos. :-) So maybe you have
> 2 problems going on ? username map and kerberos....
>
> | Scanning username map /opt/samba/lib/username.map
> | user_in_list: checking user imguser in list
> | user_in_list: checking user |imguser| against |EDSADDDM+imguser|
> | make_user_info_map: Mapping user [EDSADDDM]\[imguser] from
> | workstation [MULE]
I've got the log when it was sent originally and I think the following
is more relevant part. I just don't know which one of the autentication
methods is used for Kerberos. It looks like the NTLM is the one which
got selected.
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match guest
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method guest has a valid init
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match sam
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method sam has a valid init
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match
winbind:ntdomain
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match ntdomain
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method ntdomain has a valid init
[2004/10/18 08:08:04, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method winbind has a valid init
[2004/10/18 08:08:04, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xe008b297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module guest did not want to specify a challenge
[2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module sam did not want to specify a challenge
[2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module winbind did not want to specify a challenge
[2004/10/18 08:08:04, 5] auth/auth.c:get_ntlm_challenge(135)
auth_context challenge created by random
Igor
More information about the samba
mailing list