[linux-cifs-client] Re: Problems with cifs, samba, pam and ldap

Amadeu Andrade Barbosa Junior amadeu at im.ufba.br
Tue Nov 29 13:07:48 GMT 2005 

Hi Steven,

Steven French wrote:
>> problems with my linux cifs clients connecting to a
>> samba server with pam mediated authentication.
>>
>> Scenario:
>>
>> Linux Cifs client <----->  Samba Server  <--> PAM (libpam-ldap,
>> libnss-ldap) <---> OpenLDAP
>>
>> On the clients I try:
>>
>> mount -t cifs //IP_SAMBA_SERVER/user /tmp/user -o
> username=user,password=BLA
>>
>> I get:
>>
>> mount error 13 when I set "encrypted passwords = yes" in smb.conf and
>> mount error 5  when I set "encrypted passwords = no" in this same file.
> 
> Does anything change if you try from a different client e.g.
> "smbclient //IP_SAMBA_SERVER/user -U user%BLA"
> or is it a similar error?  

I tried on machine1 (IP: 192.168.134.2 samba-server and client at
3.0.20b-Debian 'unstable'):

root at machine1 # smbclient //192.168.134.2/poxxxa -U poxxxa%12 -v
Domain=[DCC] OS=[Unix] Server=[Samba 3.0.20b-Debian]
smb: \> ls
  .                                D        0  Thu Nov 24 11:46:29 2005
  ..                               DR        0  Thu Nov 24 11:31:23 2005
  .bash_profile.dpkg-dist          H      567  Thu Nov 24 11:31:23 2005
  .bashrc                          H     1347  Thu Nov 24 11:31:23 2005
  .bashrc.dpkg-dist                H     1834  Thu Nov 24 11:31:23 2005
  .themes                          DH        0  Thu Nov 24 11:31:23 2005
  Desktop                          D        0  Thu Nov 24 11:31:23 2005
  .bash_history                    H     2745  Fri Nov 25 11:13:34 2005
  .bash_profile                    H      701  Thu Nov 24 11:31:23 2005

                45746 blocks of size 131072. 10456 blocks available
smb: \>

I tried on machine2 (IP:192.168.134.4 client at 3.0.14a-Debian 'sarge')
and I receive the same output.

> Does trying:
> "mount -t cifs //IP_SAMBA_SERVER/user /tmp/user -o
> username=user,password=BLA,domain=DCC"
> (ie adding the domain name) make any difference?   On the server have
> you verified that the account
> exists from the local systems perspective, not just from the Samba/LDAP
> perspective(e.g. you can su to the account)?

I tried with domain=DCC and I get the same error 5 on machine1 and
machine2, look:

root at machine2 # mount -t cifs //192.168.134.2/poxxxa mnt/ -o
username=poxxxa,password=12,domain=DCC --verbose

 parsing options: rw,username=poxxxa,password=12,domain=DCC
mount.cifs kernel mount options
unc=//192.168.134.2\poxxxa,ip=192.168.134.2,ver=1,rw,username=poxxxa,password=12,domain=DCC
mount error 5 = Input/output error
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

Details about programs versions:

   * machine1 (samba server and client):

# mount.cifs -V
mount.cifs version: 1.9
# dpkg -l samba samba-common smbfs smbclient
ii  samba                     3.0.20b-2
ii  samba-common              3.0.20b-2
ii  smbfs                     3.0.20b-2
ii  smbclient                 3.0.20b-2
# uname -a
Linux sala134-exp 2.6.14-2-k7 #1 Mon Nov 14 15:33:15 UTC 2005 i686 GNU/Linux

   * machine2 (only client):

# mount.cifs -V
mount.cifs version: 1.6
# dpkg -l smbfs smbclient samba-common
un  samba                     <nothing>
ii  samba-common              3.0.14a-3
ii  smbfs                     3.0.14a-3
ii  smbclient                 3.0.14a-3
# uname -a
Linux kelvin 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux

On machine1 I have:

root at machine1 # cat /etc/passwd /etc/shadow|grep poxxxa
poxxxa:x:1000:1000:12,,,:/home/poxxxa:/bin/bash
poxxxa:$1$UGaly88G$e4VKY0WB0jQ74rnm0FuHx0:13116:0:99999:7:::

Yes, I can su to 'poxxxa' account.

I'll attach the smb.conf and strace output of mount.cifs and mount.smbfs
 of the machine1 and machine2. Maybe these archives will help to you
understanding my problem.

I no have problems when I use the 'smbfs' option in mount.

Any ideia?

Thanks by your attention...

--
|> Amadeu Jr. :: Estudante de Ciência da Computação - UFBa
                 Representante no DCC/UFBa - www.dacomp.im.ufba.br
                 Membro do GAVRI-IM - www.gavri.im.ufba.br
                 Voluntário - Projeto i-MIRA - www.imira.dcc.ufba.br
                 Colaborador no PSL-BA - www.psl-ba.softwarelivre.org
                 Mascote da GNOSIS - www.gnosislivre.org
                 Bolsista da Rede do DCC/UFBa - www.dcc.ufba.br
|> Mensagem :: "A desobediência é uma virtude necessária à criatividade"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strace+smbconf.tar.gz
Type: application/x-gzip
Size: 24588 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux-cifs-client/attachments/20051129/eb9457e2/stracesmbconf.tar-0001.bin

More information about the linux-cifs-client mailing list