Vista(by default NTLMv2) - Samba Security = domain,
connection from vista failed
gomathi palanimuthu
gomathi82 at gmail.com
Tue Feb 6 08:21:52 GMT 2007
Are you calling Samba by the same name it is registered with the DC as?
yes, with the same name whatever registered with DC, i am trying to connect
from vista (not a member of DC).
1. Connection from vista(non-member of DC) - failed -i added domain username
to smbpasswd file also.
2. Connection from vista(member of DC) - success . I think this is becos i
added domain username entry to unix smbpasswd file . So, connection got
succeeded.
Also, in vista i disabled firewall.
Here is my smb.conf file. Please correct if anything wrong. It will be
helpful even a small clue is given by someone.
[global]
#unix charset = LOCALE
workgroup = W2K3R2
netbios name = goms7
#realm = W2K3R2.LOCAL
encrypt passwords = yes
server string = Samba 3.0.23b
security = DOMAIN
password server = 172.16.140.210
auth methods = ntdomain
#wins server = 10.8.8.45
#wins support = yes
username map = /etc/samba/smbusers
log level = 10
syslog = 0
log file = /var/%m
max log size = 100
local master = no
stat cache = no
kernel oplocks = no
oplocks = no
level2oplocks = no
printcap name = CUPS
#winbind use default domain = yes
#ldap ssl = no
#idmap uid = 10000-20000
#idmap gid = 20001-30000
#winbind enum users = yes
#winbind enum groups = yes
#template shell = /bin/bash
#winbind separator = +
#winbind cache time = 120
printing = cups
map to guest = Never
use spnego = yes
client use spnego = no
server signing = yes
client signing = yes
max connections = 10
Not relevant to why the server fails to accept NTLMv2, but why are you
turning 'client ntlmv2 auth = no'?
------------ I removed this entry from smb.conf, but still not working.
On 2/6/07, Andrew Bartlett <abartlet at samba.org> wrote:
>
> On Tue, 2007-02-06 at 12:14 +0900, gomathi palanimuthu wrote:
> > Hi,
> >
> > The error i got in vista is STATUS_LOGON_FAILURE. Even with correct
> > credentials, vista couldnt get authenticated against domain controller
> via
> > samba.
>
> Are you calling Samba by the same name it is registered with the DC as?
>
> > I have tried forcing ntlmv2 only in 2003 domain controller too.
> > *Also, by default samba3.0.23b or samba3.0.23d respond to ntlmv2
> > connection?? or i shud configure samba accordingly(ie. by setting lanman
> > auth = no, ntlm auth = no, client NTLMv2 auth = no) to support ntlmv2
> > connection???*
>
> Samba accepts NTLMv2 by default.
>
> Not relevant to why the server fails to accept NTLMv2, but why are you
> turning 'client ntlmv2 auth = no'?
>
> > Attached the non-working ethereal packets info. in which NTLMSSP_AUTH is
> > failing with the mentioned parameters.
> > I think some smb.conf parameters are missing. Please correct if i am
> wrong.
>
> By ethereal (now wireshark) trace, we meant the pcap format packet
> capture, not the text...
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Red Hat Inc. http://redhat.com
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vista_samba3.0.23bconn.cap
Type: application/octet-stream
Size: 7894 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070206/e84f7ff0/vista_samba3.0.23bconn.obj
More information about the samba-technical
mailing list