[Samba] windows authentication problem?
Soo Hom
syhom at ece.ucsd.edu
Tue Jan 28 19:18:48 GMT 2003
Hello,
I have samba + windbind running on red hat linux 8.0. I can ssh to the
samba server but windows clients can't connect.
>From the log it looks like windows is not reading the user as CVRR2+soo
and only using soo.
Any ideas on how to fix this problem?
Here is my smb.conf:
#
#======================= Global Settings
=====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = CVRR2
# server string is the equivalent of the NT Description field
server string = Samba Server
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
printing = lprng
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 0
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = domain
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
password server = ostrich
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.
pam password change = yes
obey pam restrictions = yes
;winbind stuff
winbind separator = +
winbind cache time = 60
template shell = /bin/bash
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user
[test]
path = /home/CVRR2
read only = no
create mask = 0777
directory mask = 0777
browseable = yes
guest ok = no
"Valid users = CVRR2+username"
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
Here is the samba log:
[2003/01/23 09:46:00, 3] smbd/reply.c:reply_sesssetup_and_X(868)
sesssetupX:name=[soo]
[2003/01/23 09:46:00, 3] libsmb/namequery.c:resolve_lmhosts(768)
resolve_lmhosts: Attempting lmhosts lookup for name OSTRICH<0x20>
[2003/01/23 09:46:00, 3] libsmb/namequery.c:resolve_hosts(808)
resolve_hosts: Attempting host lookup for name OSTRICH<0x20>
[2003/01/23 09:46:00, 3] lib/util_sock.c:open_socket_out(845)
Connecting to 132.239.223.171 at port 445
[2003/01/23 09:46:00, 0]
rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(406)
cli_net_sam_logon_internal: NT_STATUS_NO_SUCH_USER
[2003/01/23 09:46:00, 0] smbd/password.c:domain_client_validate(1619)
domain_client_validate: unable to validate password for user soo in
domain ROSEBUD to Domain controller ostrich. Error was
NT_STATUS_NO_SUCH_USER.
[2003/01/23 09:46:00, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'soo' in passdb.
[2003/01/23 09:46:00, 2] smbd/reply.c:reply_sesssetup_and_X(975)
NT Password did not match for user 'soo'!
[2003/01/23 09:46:00, 2] smbd/reply.c:reply_sesssetup_and_X(985)
Defaulting to Lanman password for soo
[2003/01/23 09:46:00, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'soo' in passdb.
[2003/01/23 09:46:00, 1] smbd/reply.c:reply_sesssetup_and_X(1001)
Rejecting user 'soo': authentication failed
[2003/01/23 09:46:00, 3] smbd/error.c:error_packet(113)
error packet at smbd/reply.c(1003) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2003/01/23 09:46:00, 3] smbd/process.c:timeout_processing(1098)
end of file from client
More information about the samba
mailing list