[Samba] authentication, pam, etc.
Richard Bonomo
bonomo at sal.wisc.edu
Mon Jun 7 16:06:39 GMT 2004
Dear Samba folks,
I very recently replaced our SGI Challenge S file
server, which employed samba 2 to service Windows boxes,
with an Intel Linux box running Fedora core 2 Linux
with samba 3.0.3.
When I connect to the server, it takes a number
of *minutes* to get an authentication challenge
window. After entering name and password,
the connection proceeds, and shares are displayed
normally. Passwords are not encrypted (at least
not at this time), as I don't like the idea
of having to have a password set sitting on disk,
and for other reasons.
The log entries at the time of connect are
VERY many, but they go in this cycle:
[2004/06/07 08:24:19, 2] auth/pampass.c:smb_pam_auth(514)
smb_pam_auth: PAM: Athentication Error for user bonomo
[2004/06/07 08:24:19, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Authentication Failure : Authentication
failure
[2004/06/07 08:24:19, 0] auth/pampass.c:smb_pam_passcheck(810)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User bonomo !
[2004/06/07 08:24:19, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [bonomo] -> [bonomo]
After the above cycle repeats MANY times, then it goes to this...
FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/06/07 08:28:37, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [bonomo] -> [bonomo] ->
[bonomo] succeeded
[2004/06/07 08:28:37, 2] lib/access.c:check_access(324)
Allowed connection from (144.92.179.44)
[2004/06/07 08:28:58, 2] lib/access.c:check_access(324)
Allowed connection from (144.92.179.44)
[2004/06/07 08:28:59, 2] lib/access.c:check_access(324)
Allowed connection from (144.92.179.44)
[2004/06/07 08:28:59, 1] smbd/service.c:make_connection_snum(619)
I think the below is a consequence of trying to print something
to a print share. Printing is not working, either (jobs just
disappear when sent to this printer; other printers show "fail to
connect"). Command line printing on the server itself is OK.
144.92.179.44 (144.92.179.44) connect to service ps1 initially as user
bonomo (uid=1110, gid=0) (pid 11949)
[2004/06/07 08:28:59, 0] smbd/nttrans.c:call_nt_transact_ioctl(2075)
call_nt_transact_ioctl(0x280004): Currently not implemented.
[2004/06/07 08:28:59, 1] smbd/service.c:close_cnum(801)
144.92.179.44 (144.92.179.44) closed connection to service ps1
Have you any words of wisdom?
Here is the smb.conf file (the file from
the samba 2 system, with adjustments):
;
[global]
;
; security options
;
workgroup = SAL
security = user
password level = 2
encrypt passwords = no
admin users = root
hosts allow = 144.92.179. 205.173. 127.0.0.1
guest account = guest
domain logons = no
logon script = %U.bat
obey pam restrictions = no
;
debuglevel = 2
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dead time = 5
; max xmit = 8192
;
; Browser Control
os level = 33
domain master = no
preferred master = no
; Case Preservation
preserve case = yes
short preserve case = yes
;
; printing options
;
; printing = sysv
printing = cups
printcap = cups
; printcap name = /etc/samba/psuedoprintcap
load printers = yes
; print command = /usr/bin/lp -d%p
;
; file options
;
hide dot files = yes
preserve case = yes
short preserve case = yes
map archive = no
;
; This next option sets a separate log file for each client.
; Remove it if you want a combined log file.
log file = /var/log/samba/%m.log
max log size = 2000
; You will need a world readable lock directory and "share modes=yes"
; if you want to support the file sharing modes for multiple users
; of the same files
; lock directory = /var/lock/subsys/samba
share modes = yes
[homes]
comment = Home Directory for %u
path = /usr/users/%u
browseable = no
writable = yes
create mode = 0750
hide dot files = yes
guest ok = no
follow symlinks = yes
wide links = yes
[public]
comment = Home Directory for %u
path = /usr/users/%u/public_html
browseable = no
writable = yes
create mode = 0755
hide dot files = yes
guest ok = no
[web]
comment = WWW Folder
; invalid users =
valid users = @www
path = /usr/central/www
browseable = yes
writeable = yes
guest ok = no
[astro104]
comment = Astro104 web folder
valid users = wharris khn
path = /usr/users/astro104
browseable = yes
write OK = yes
read only = no
create mode = 0755
hide dot files = no
guest ok = no
[shared]
comment = Shared Folders
path = /usr/central/pc/shared
browseable = yes
writable = yes
create mode = 0755
follow symlinks = yes
wide links = yes
[SALA]
comment = SAL-A directory
path = /SAL/A
browseable = yes
writable = yes
create mode = 0755
follow symlinks = yes
wide links = yes
hide dot files = no
guest ok = no
[SALB]
comment = SAL-B directory
path = /SAL/B
browseable = yes
writable = yes
create mode = 0755
follow symlinks = yes
wide links = yes
hide dot files = no
guest ok = no
[ftp]
comment = Shared Folders
path = /usr/central/ftp/pub
browseable = yes
writable = yes
create mode = 0755
[pc]
comment = Shared %m Files
path = /usr/central/pc/%m
browseable = yes
writable = yes
create mode = 0750
[ps1]
comment = PostScript (Rm 6296B)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps1
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps1_duplex]
comment = PostScript duplex (Rm 6296B)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps1_duplex
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps4]
comment = HP PostScript (Rm 6283D)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps4
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps4_duplex_lg]
comment = HP PostScript (Rm 6283D)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps4_duplex_lg
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps4_big]
comment = HP PostScript (Rm 6283D)
public = yes
path = /var/spool/samba
browseable = yes
printer = ps4_big
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps7]
comment = PostScript (Rm 5507 Sterling)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps7
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps8]
comment = PostScript (Rm 6507 Sterling)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps8
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps12]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = ps12
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps14]
comment = 4th floor of Sterling Hall
public = yes
path=/var/spool/samba
browseable = yes
printable =yes
printer = ps14
writable = no
postcript = yes
print ok = yes
[scarlett]
comment = Color PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = scarlett
writable = no
printable = yes
; postscript = yes
print ok = yes
[michelle]
comment = Color PostScript Plotter (HP DesignJet 755CM)
public = yes
path=/var/spool/samba
browseable = yes
printable = yes
printer = michelle
writable = no
; postscript = yes
print ok = yes
[LindasApJ]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = LindasApJ
writable = no
printable = yes
; postscript = yes
print ok = yes
[LindasApJ_req]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = LindasApJ_req
writable = no
printable = yes
; postscript = yes
print ok = yes
[LindasApJ_dupl]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = LindasApJ_dupl
writable = no
printable = yes
; postscript = yes
print ok = yes
[Wisplp0]
comment = Space Physics HP 6000 gn
public = yes
path=/var/spool/samba
browseable = yes
printer = Wisplp0
writable = no
printable = yes
; postscript = yes
print ok = yes
[file]
comment = PostScript File Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = file
writable = no
printable = yes
; postscript = yes
print ok = yes
Thanks!
Rich B.
--
************************************************
Richard Bonomo
UW Space Astronomy Laboratory
ph: (608) 263-4683 telefacsimile: (608) 263-0361
SAL-related email: bonomo at sal.wisc.edu
all other email: bonomo at ece.wisc.edu
web page URL: http://www.cae.wisc.edu/~bonomo
************************************************
More information about the samba
mailing list