[Samba] can't map drive to WinXP client from v3.0.21 w. security=ads
Jonathan C. Detert
detertj at msoe.edu
Fri Jan 20 21:57:47 GMT 2006
new installation of samba v3.0.21 on debian. Joined the samba box to an
ActiveDirectory domain.
Can enumerate users/groups with wbinfo run locally on the samba box.
Can connect remotely to samba box via smbclient Version 3.0.10-Ubuntu linux.
Can create new files via 'put' cmd within smbclient.
Can login remotely to samba box with ssh client on linux box.
Can _NOT_ map a drive to samba box from WinXP SP2 box that is joined
to the same A.D. domain :
i run 'net use \\sambabox\username'
and about 10 seconds later I get this output:
'System error 1240 has occurred.
The account is not authorized to log in from this station.'
Does anyone have an idea what's wrong, and/or a suggestion of what to
try to find out why it's not working?
AtDhVaAnNkCsE
the rest of this email is supporting data that may or may not be
relevant or interesting.
pam config
----------
I'm wondering if the problem could be the pam config. The ssh and
samba pam configs are almost the same - the ssh config has 4 things that
the samba config doesn't:
session optional pam_motd.so
session optional pam_mail.so standard noenv
session required pam_limits.so
@include common-password
which makes me think, if anything, that the pam requirements for ssh are
more stringent than for samba. Yet samba isn't working, and ssh does.
Here's the auth pam stuff done for samba (and ssh) :
auth requisite pam_nologin.so debug
auth [success=1 default=ignore] pam_localuser.so debug
auth [success=done auth_err=bad] pam_winbind.so debug
auth required pam_unix.so nullok_secure debug
Here's the account pam stuff done for samba & ssh:
account sufficient pam_winbind.so debug
account required pam_unix.so debug
and the session pam stuff:
session required pam_unix.so
samba logs (debuglevel = 2)for successful connect via smbclient:
----------------------------------------------------------------
[2006/01/20 15:54:39, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [detertj] -> [detertj]
-> [MSOE+detertj] succeeded
[2006/01/20 15:54:39, 1] smbd/service.c:make_connection_snum(666)
carlisle (155.92.193.21) connect to service detertj initially as
user MSOE+detertj (uid=10008, gid=10000) (pid 7892)
samba logs (degublevel=3) for failed 'net use' on winxp sp2 box:
----------------------------------------------------------------
[2006/01/20 15:22:27, 3] smbd/oplock.c:init_oplocks(711)
open_oplock_ipc: opening loopback UDP socket.
[2006/01/20 15:22:27, 3] smbd/process.c:process_smb(1194)
Transaction 0 of length 137
[2006/01/20 15:22:27, 3] smbd/process.c:switch_message(993)
switch message SMBnegprot (pid 5028) conn 0x0
[2006/01/20 15:22:27, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_negprot(475)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_negprot(475)
Requested protocol [LANMAN1.0]
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_negprot(475)
Requested protocol [Windows for Workgroups 3.1a]
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_negprot(475)
Requested protocol [LM1.2X002]
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_negprot(475)
Requested protocol [LANMAN2.1]
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_negprot(475)
Requested protocol [NT LM 0.12]
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_nt1(346)
using SPNEGO
[2006/01/20 15:22:27, 3] smbd/negprot.c:reply_negprot(568)
Selected protocol NT LM 0.12
[2006/01/20 15:22:29, 3] smbd/process.c:timeout_processing(1447)
timeout_processing: End of file from client (client has disconnected).
--
Happy Landings,
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
More information about the samba
mailing list