[Samba] NT domains authentication problem

Vicky Clarke vclarke at frontier.co.uk
Fri Jul 5 06:54:03 GMT 2002 

I'm trying to get Samba 2.2.3a (as distributed with SuSE 8.0) working 
inside our NT domain . I'm prompted for a username and password when I try 
to map the share to a network drive from my Windows PC, but my Windows 
logon and the matching password are rejected. Stepping through 
DIAGNOSIS.txt and using smbclient on the Samba server itself, I've got as 
far as step 7 before things start to go wrong; none of the suggestions in 
the diagnosis file seem relevant since as far as I know I should be 
contacting an NT server to log on, and I'm not quite sure I understand what 
the log file is telling me. The log and what I believe are the relevant 
bits of my current smb.conf  are below. I don't have smbusers set up, but 
I'm not certain if that's actually the problem or not; I've read the 'note 
about authorisation' section of the manpage for smb.conf about three times 
and I seem to get to a different conclusion every time! Can anyone shed any 
light on what might be going wrong here?

Many thanks,
Vicky Clarke
--------
 From the log file for the transaction
-------
[2002/07/05 14:15:00, 3] smbd/password.c:server_cryptkey(1095)
   password server OK
[2002/07/05 14:15:00, 3] smbd/negprot.c:reply_nt1(185)
   using password server validation
[2002/07/05 14:15:00, 3] smbd/negprot.c:reply_negprot(432)
   Selected protocol NT LANMAN 1.0
[2002/07/05 14:15:03, 3] smbd/process.c:process_smb(860)
   Transaction 2 of length 140
[2002/07/05 14:15:03, 3] smbd/process.c:switch_message(667)
   switch message SMBsesssetupX (pid 8160)
[2002/07/05 14:15:03, 3] smbd/sec_ctx.c:set_sec_ctx(314)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/07/05 14:15:03, 3] smbd/reply.c:reply_sesssetup_and_X(848)
   Domain=[DOMAIN1]  NativeOS=[Unix] NativeLanMan=[Samba]
[2002/07/05 14:15:03, 3] smbd/reply.c:reply_sesssetup_and_X(858)
   sesssetupX:name=[VCLARKE]       <---- this *is* the username I'm 
successfully logged into Windows with, and is also a valid Unix user on the 
server; using 'security = user' worked fine.
[2002/07/05 14:15:09, 1] smbd/password.c:server_validate(1191)
   password server 172.17.1.2 rejected the password
[2002/07/05 14:15:09, 1] smbd/password.c:pass_check_smb(555)
   Couldn't find user 'vclarke' in passdb.
[2002/07/05 14:15:09, 2] smbd/reply.c:reply_sesssetup_and_X(962)
   NT Password did not match for user 'vclarke'!
[2002/07/05 14:15:09, 2] smbd/reply.c:reply_sesssetup_and_X(972)
   Defaulting to Lanman password for vclarke
[2002/07/05 14:15:09, 1] smbd/password.c:pass_check_smb(555)
   Couldn't find user 'vclarke' in passdb.
[2002/07/05 14:15:09, 1] smbd/reply.c:reply_sesssetup_and_X(998)
   Rejecting user 'vclarke': bad password
[2002/07/05 14:15:09, 3] smbd/error.c:error_packet(103)
   error packet at smbd/reply.c(1000) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE
[2002/07/05 14:15:09, 3] smbd/process.c:timeout_processing(1092)
   receive_smb error (Success) exiting
[2002/07/05 14:15:09, 3] smbd/sec_ctx.c:set_sec_ctx(314)

--------
and the relevant bits of my current smb.conf:
--------
[global]
         workgroup = DOMAIN1
         os level = 2
         wins server = 172.17.1.2

         security = server
         encrypt passwords = no
         guest account = Nobody
         map to guest = Bad User
# This tells samba to use the file smbusers for user mapping.
;       username map = /etc/samba/smbusers

# This tells samba to write log files per machine.
         log file = /var/log/samba/%m
# This sets an alternate log level. Default is 2.
         log level = 3

# Uncomment the following, if you want to use an existing NT-Server to
# authenticate users, but don't forget that you also have to create them
# locally!
         security = server
         password server = 172.17.1.2
         socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY

# Uncomment this, if you want to integrate your server
# into an existing net e.g. with NT-WS to prevent nettraffic
         local master = No

# Please uncomment the following entry and replace the ip number and
# netmask with the values of your network interface configuration.
         interfaces = 172.17.1.3/255.255.255.0

# If you want Samba to act as a wins server, please set
# 'wins support' to yes.
         wins support = no

# If you want Samba to use an existing wins server, please uncomment the
# following line and replace the dummy with the wins server's ip number.
         wins server = 172.17.1.2

# Set these two parameters to your DOS code page and appropriate UNIX
# character set. These values are for west European languages (Latin-9)
# UNIX character and MS-DOS Latin 1 code page.
         character set = ISO8859-15
         client code page = 850

# This is a simple measure against Nimba Worm. Cf. README.Win32-Viruses
         veto files = /*.eml/*.nws/riched20.dll/*.{*}/

# Create a general-purpose shared directory everyone can use

[art]
         comment = Art directories
         path= /share/art
         read only = no
         create mask = 0666
         directory mask = 0777

--------

More information about the samba mailing list