[Samba] SAMBA and 2 form factor auth
Russell Handorf
rhandorf at handorf.org
Tue Sep 26 15:50:08 GMT 2006
Thanks Gerald,
Finally, the other kicker of the problem is when I mount the samba share
on the system locally, SAMBA constantly attempts to reauthenticate with
the RADIUS server, which in turn constantly fails the connection as the
password has indeed changed (they're one time passwords)
08:52:35.554507 IP 192.168.0.200.8294 > crypto.radius: RADIUS, Access
Request (1), id: 0x91 length: 90
08:52:35.848306 IP crypto.radius > 192.168.0.200.8294: RADIUS, Access
Reject (3), id: 0x91 length: 20
08:52:43.024629 IP 192.168.0.200.8295 > crypto.radius: RADIUS, Access
Request (1), id: 0xc3 length: 90
08:52:43.388771 IP crypto.radius > 192.168.0.200.8295: RADIUS, Access
Reject (3), id: 0xc3 length: 20
Maybe I should look into making a RADIUS server that cache's last used
passwords? Or is there a way to have SAMBA just accept the session as
being previously authenticated and never re authenticating?
r
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Russell Handorf wrote:
>
>> fileserver:~# smbclient -U rhandorf -L \\\\localhost
>> Password:
>> Domain=[<snip>] OS=[Unix] Server=[Samba 3.0.14a-Debian]
>>
>> Sharename Type Comment
>> --------- ---- -------
>> netlogon Disk Network Logon Service
>> public Disk IPC$ IPC IPC
>> Service (samba file services)
>> ADMIN$ IPC IPC Service (samba file services)
>> rhandorf Disk Home directory of rhandorf
>> session setup failed: NT_STATUS_LOGON_FAILURE
>> NetBIOS over TCP disabled -- no workgroup available
>>
>> ======
>>
>> So, why does it auth twice? Why doesnt SAMBA keep
>> the first auth session as a success, and of course fail
>> on the second when my token has changed?
>>
>
> Restrict the connection to port 139 (-p 139)
> and smbclient will resuse the first connection.
> The problem is that the first one uses port 445 by default
> but you can only get browse lists over port 139. So it
> has to retry.
>
>
>
>
>
>
> cheers, jerry
> =====================================================================
> Samba ------- http://www.samba.org
> Centeris ----------- http://www.centeris.com
> "What man is a man who does not make the world better?" --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFGUFpIR7qMdg1EfYRAj1pAKCiSoGjsNLVBbwrsH/9J6Sg2CNd8gCg3qN3
> Uf5kW0g+mf5UQOCbdfrsMKI=
> =IdZ1
> -----END PGP SIGNATURE-----
>
More information about the samba
mailing list