[Samba] windows authentication problem?

Soo Hom syhom at ece.ucsd.edu
Tue Jan 28 19:18:48 GMT 2003


I have samba + windbind running on red hat linux 8.0.   I can ssh to the
samba server but windows clients can't connect.

>From the log it looks like windows is not reading the user as  CVRR2+soo
and only using soo.

Any ideas on how to fix this problem?

Here is my smb.conf:

#======================= Global Settings

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = CVRR2

# server string is the equivalent of the NT Description field
   server string = Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   printcap name = /etc/printcap
   load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
   printing = lprng

# Uncomment this if you want a guest account, you must add this to
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
   max log size = 0

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = domain

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>
   password server = ostrich

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd

# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n

# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.

   pam password change = yes

  obey pam restrictions = yes

;winbind stuff

    winbind separator = +
    winbind cache time = 60
    template shell = /bin/bash
   template homedir = /home/%D/%U
    winbind uid = 10000-20000
    winbind gid = 10000-20000

#============================ Share Definitions
   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user

path = /home/CVRR2
read only = no
create mask = 0777
directory mask = 0777
browseable = yes
guest ok = no
"Valid users = CVRR2+username"

# NOTE: If you have a BSD-style print system there is no need to 
# specifically define each individual printer
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

Here is the samba log:
[2003/01/23 09:46:00, 3] smbd/reply.c:reply_sesssetup_and_X(868)
[2003/01/23 09:46:00, 3] libsmb/namequery.c:resolve_lmhosts(768)
  resolve_lmhosts: Attempting lmhosts lookup for name OSTRICH<0x20>
[2003/01/23 09:46:00, 3] libsmb/namequery.c:resolve_hosts(808)
  resolve_hosts: Attempting host lookup for name OSTRICH<0x20>
[2003/01/23 09:46:00, 3] lib/util_sock.c:open_socket_out(845)
  Connecting to at port 445
[2003/01/23 09:46:00, 0]
  cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2003/01/23 09:46:00, 0] smbd/password.c:domain_client_validate(1619)
  domain_client_validate: unable to validate password for user soo in
domain ROSEBUD to Domain controller ostrich. Error was
[2003/01/23 09:46:00, 1] smbd/password.c:pass_check_smb(545)
  Couldn't find user 'soo' in passdb.
[2003/01/23 09:46:00, 2] smbd/reply.c:reply_sesssetup_and_X(975)
  NT Password did not match for user 'soo'!
[2003/01/23 09:46:00, 2] smbd/reply.c:reply_sesssetup_and_X(985)
  Defaulting to Lanman password for soo
[2003/01/23 09:46:00, 1] smbd/password.c:pass_check_smb(545)
  Couldn't find user 'soo' in passdb.
[2003/01/23 09:46:00, 1] smbd/reply.c:reply_sesssetup_and_X(1001)
  Rejecting user 'soo': authentication failed
[2003/01/23 09:46:00, 3] smbd/error.c:error_packet(113)
  error packet at smbd/reply.c(1003) cmd=115 (SMBsesssetupX)
[2003/01/23 09:46:00, 3] smbd/process.c:timeout_processing(1098)
  end of file from client

More information about the samba mailing list