[Samba] Windows 7 only connects if joined to the domain

Clif Smith clif at texicans.us
Thu Feb 25 10:33:14 MST 2010 

I'm running 3.4.6 (was running 3.0.28a but upgraded in hopes to fix this issue).  Clients running Windows 7 that are NOT joined to the AD domain (samba authenticates against it via "security = server") cannot authenticate to access the server.  Clients running Windows 7 that are on the domain as well as Windows XP, Windows 2003 on and off the domain work as expected.

Any help would be greatly appreciated! 

Thanks, Clif

smb.conf:
========================
[global]
  workgroup = XXXXXX
  netbios name = XXXXXX
  security = server
  password server = XXXXXX
  wins server = XXXXXX
  smb passwd file = /etc/samba/smbpasswd
  server string = ausfs1
  smb ports = 139
  lanman auth = no
  ntlm auth = no
  client ntlmv2 auth = yes
  client lanman auth = no
  client plaintext auth = no
  max protocol = smb2
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  restrict anonymous = 2
  local master = no
  domain master = no
  dns proxy = no
  log file = /var/log/samba/%m.log
  max log size = 500
  log level = 3
  syslog = 1
  veto files = /.DS_Store/Thumbs.db/

Debug log:
========================
[2010/02/25 11:23:41,  3] smbd/process.c:1459(process_smb)
 Transaction 0 of length 159 (0 toread)
[2010/02/25 11:23:41,  3] smbd/process.c:1273(switch_message)
 switch message SMBnegprot (pid 3179) conn 0x0
[2010/02/25 11:23:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [PC NETWORK PROGRAM 1.0]
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [LANMAN1.0]
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [Windows for Workgroups 3.1a]
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [LM1.2X002]
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [LANMAN2.1]
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [NT LM 0.12]
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [SMB 2.002]
[2010/02/25 11:23:41,  3] smbd/negprot.c:567(reply_negprot)
 Requested protocol [SMB 2.???]
[2010/02/25 11:23:41,  3] smbd/negprot.c:387(reply_nt1)
 using SPNEGO
[2010/02/25 11:23:41,  3] smbd/negprot.c:672(reply_negprot)
 Selected protocol NT LM 0.12
[2010/02/25 11:23:41,  3] smbd/process.c:1459(process_smb)
 Transaction 1 of length 142 (0 toread)
[2010/02/25 11:23:41,  3] smbd/process.c:1273(switch_message)
 switch message SMBsesssetupX (pid 3179) conn 0x0
[2010/02/25 11:23:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
 wct=12 flg2=0xc807
[2010/02/25 11:23:41,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/02/25 11:23:41,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
 Doing spnego session setup
[2010/02/25 11:23:41,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
 NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2010/02/25 11:23:41,  3] smbd/sesssetup.c:786(reply_spnego_negotiate)
 reply_spnego_negotiate: Got secblob of size 40
[2010/02/25 11:23:41,  3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
 Got NTLMSSP neg_flags=0xe2088297
[2010/02/25 11:23:41,  3] lib/util_sock.c:1033(open_socket_out_send)
 Connecting to XXXXXX at port 445
[2010/02/25 11:23:41,  3] auth/auth_server.c:86(server_cryptkey)
 connected to password server XXXXXX
[2010/02/25 11:23:41,  3] auth/auth_server.c:113(server_cryptkey)
 got session
[2010/02/25 11:23:41,  3] auth/auth_server.c:149(server_cryptkey)
 password server OK
[2010/02/25 11:23:41,  3] auth/auth_server.c:233(auth_get_challenge_server)
 using password server validation
[2010/02/25 11:23:41,  3] smbd/process.c:1459(process_smb)
 Transaction 2 of length 592 (0 toread)
[2010/02/25 11:23:41,  3] smbd/process.c:1273(switch_message)
 switch message SMBsesssetupX (pid 3179) conn 0x0
[2010/02/25 11:23:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
 wct=12 flg2=0xc807
[2010/02/25 11:23:41,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/02/25 11:23:41,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
 Doing spnego session setup
[2010/02/25 11:23:41,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
 NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2010/02/25 11:23:41,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
 Got user=[XXXXXX] domain=[XXXXXX] workstation=[WIN7] len1=24 len2=330
[2010/02/25 11:23:41,  3] auth/auth.c:222(check_ntlm_password)
 check_ntlm_password:  Checking password for unmapped user [XXXXXX]\[XXXXXX]@[WIN7] with the new password interface
[2010/02/25 11:23:41,  3] auth/auth.c:225(check_ntlm_password)
 check_ntlm_password:  mapped user is: [XXXXXX]\[XXXXXX]@[WIN7]
[2010/02/25 11:23:41,  3] smbd/sec_ctx.c:210(push_sec_ctx)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/02/25 11:23:41,  3] smbd/uid.c:428(push_conn_ctx)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/02/25 11:23:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/02/25 11:23:41,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41,  3] auth/auth_sam.c:282(check_sam_security)
 check_sam_security: Couldn't find user 'XXXXXX' in passdb.
[2010/02/25 11:23:41,  3] libsmb/cliconnect.c:1187(cli_session_setup)
 cli_session_setup: NT1 session setup failed: NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41,  3] libsmb/cliconnect.c:1187(cli_session_setup)
 cli_session_setup: NT1 session setup failed: NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41,  1] auth/auth_server.c:413(check_smbserver_security)
 password server XXXXXX rejected the password: NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41,  2] auth/auth.c:320(check_ntlm_password)
 check_ntlm_password:  Authentication for user [XXXXXX] -> [XXXXXX] FAILED with error NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41,  3] smbd/error.c:60(error_packet_set)
 error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:54,  3] smbd/sec_ctx.c:310(set_sec_ctx)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:54,  3] smbd/connection.c:31(yield_connection)
 Yielding connection to 
[2010/02/25 11:23:54,  3] smbd/server.c:845(exit_server_common)
 Server exit (failed to receive smb request)

More information about the samba mailing list