[Samba] Simple configuration and not working.

Gerald (Jerry) Carter jerry at samba.org
Wed Sep 10 16:22:40 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 10 Sep 2003 Vincent.Badier at alcatel.fr wrote:

> I checked with rc3, and now this work with such a smb.conf.

Excellent!

> Then i can't connect with my domain account. With a windows client, it
> ask me to enter a username and password again and again. I increase the
> log verbose and saw that auth suceeded, and just after, a new auth
> attemp with empty domain/username so i don't understand why this happen.
> I noticed that this didn't occured when i was with 2.2.x.

Does this apply to you?  (From WHATSNEW):

Changes in Behavior
- -------------------

The following issues are known changes in behavior between Samba 2.2 and
Samba 3.0 that may affect certain installations of Samba.

  1)  When operating as a member of a Windows domain, Samba 2.2 would
      map any users authenticated by the remote DC to the 'guest account'
      if a uid could not be obtained via the getpwnam() call.  Samba 3.0
      rejects the connection as NT_STATUS_LOGON_FAILURE.  There is no
      current work around to re-establish the 2.2 behavior.

....

> [global]
>         workgroup = MYAD
>         realm = MYAD.AD.MYDOMAIN.COM
>         netbios name = FRMASSMEP03
>         server string = %h server (Samba %v)
>         security = DOMAIN

I would expect this to be 'security = ads' 
since you've specified a realm.


> [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500)
>   NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002
> 5.1]
> [2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286)
>   Got user=[mylogon] domain=[MYAD] workstation=[MYHOSTNAME] len1=24 len2=24
> [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216)
>   make_user_info_map: Mapping user [MYAD]\[mylogon] from workstation
> [MYHOSTNAME]
> ....
> [2003/09/10 16:18:26, 3] auth/auth.c:check_ntlm_password(265)
>   check_ntlm_password: winbind authentication for user [mylogon] succeeded
> ....

I expect that getpwnam() failed for the user.  does 

 getent passwd MYAD+mylogon 

succeed?



cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/X0/QIR7qMdg1EfYRAuMRAJ0WVsyL/Igh/vH3kZC8z1i7W6d0TgCfUjRn
RqIQjsBnwau/rCm44l5FOow=
=fYsC
-----END PGP SIGNATURE-----

More information about the samba mailing list