[Samba] authentication, pam, etc. (more)
Richard Bonomo
bonomo at sal.wisc.edu
Tue Jun 8 18:50:30 GMT 2004
Dear Samba Folks,
Re the message I sent you earlier (reproduced
below). The logs are also producing error
messages such as this:
smbd[12778]: pam_succeed_if: requirement "uid < 100" not met by user
"bonomo"
smbd[12821]: pam_succeed_if: requirement "uid < 100" not met by user
"bonomo"
smbd[12840]: pam_succeed_if: requirement "uid < 100" not met by user "dem"
Of course, the UID's are NOT below 100, but something
thinks they are, and perhaps this is leading to the rejections
by PAM. What would cause all user names to be initially mapped
to UID 0?
Rich
******************
Dear Samba folks,
I very recently replaced our SGI Challenge S file
server, which employed samba 2 to service Windows boxes,
with an Intel Linux box running Fedora core 2 Linux
with samba 3.0.3.
When I connect to the server, it takes a number
of *minutes* to get an authentication challenge
window. After entering name and password,
the connection proceeds, and shares are displayed
normally. Passwords are not encrypted (at least
not at this time), as I don't like the idea
of having to have a password set sitting on disk,
and for other reasons.
The log entries at the time of connect are
VERY many, but they go in this cycle:
[2004/06/07 08:24:19, 2] auth/pampass.c:smb_pam_auth(514)
smb_pam_auth: PAM: Athentication Error for user bonomo
[2004/06/07 08:24:19, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Authentication Failure : Authentication
failure
[2004/06/07 08:24:19, 0] auth/pampass.c:smb_pam_passcheck(810)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User bonomo !
[2004/06/07 08:24:19, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [bonomo] -> [bonomo]
After the above cycle repeats MANY times, then it goes to this...
FAILED with error NT_STATUS_WRONG_PASSWORD
[2004/06/07 08:28:37, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [bonomo] -> [bonomo] ->
[bonomo] succeeded
[2004/06/07 08:28:37, 2] lib/access.c:check_access(324)
Allowed connection from (144.92.179.44)
[2004/06/07 08:28:58, 2] lib/access.c:check_access(324)
Allowed connection from (144.92.179.44)
[2004/06/07 08:28:59, 2] lib/access.c:check_access(324)
Allowed connection from (144.92.179.44)
[2004/06/07 08:28:59, 1] smbd/service.c:make_connection_snum(619)
I think the below is a consequence of trying to print something
to a print share. Printing is not working, either (jobs just
disappear when sent to this printer; other printers show "fail to
connect"). Command line printing on the server itself is OK.
144.92.179.44 (144.92.179.44) connect to service ps1 initially as user
bonomo (uid=1110, gid=0) (pid 11949)
[2004/06/07 08:28:59, 0] smbd/nttrans.c:call_nt_transact_ioctl(2075)
call_nt_transact_ioctl(0x280004): Currently not implemented.
[2004/06/07 08:28:59, 1] smbd/service.c:close_cnum(801)
144.92.179.44 (144.92.179.44) closed connection to service ps1
Have you any words of wisdom?
Here is the smb.conf file (the file from
the samba 2 system, with adjustments):
;
[global]
;
; security options
;
workgroup = SAL
security = user
password level = 2
encrypt passwords = no
admin users = root
hosts allow = 144.92.179. 205.173. 127.0.0.1
guest account = guest
domain logons = no
logon script = %U.bat
obey pam restrictions = no
;
debuglevel = 2
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dead time = 5
; max xmit = 8192
;
; Browser Control
os level = 33
domain master = no
preferred master = no
; Case Preservation
preserve case = yes
short preserve case = yes
;
; printing options
;
; printing = sysv
printing = cups
printcap = cups
; printcap name = /etc/samba/psuedoprintcap
load printers = yes
; print command = /usr/bin/lp -d%p
;
; file options
;
hide dot files = yes
preserve case = yes
short preserve case = yes
map archive = no
;
; This next option sets a separate log file for each client.
; Remove it if you want a combined log file.
log file = /var/log/samba/%m.log
max log size = 2000
; You will need a world readable lock directory and "share modes=yes"
; if you want to support the file sharing modes for multiple users
; of the same files
; lock directory = /var/lock/subsys/samba
share modes = yes
[homes]
comment = Home Directory for %u
path = /usr/users/%u
browseable = no
writable = yes
create mode = 0750
hide dot files = yes
guest ok = no
follow symlinks = yes
wide links = yes
[public]
comment = Home Directory for %u
path = /usr/users/%u/public_html
browseable = no
writable = yes
create mode = 0755
hide dot files = yes
guest ok = no
[web]
comment = WWW Folder
; invalid users =
valid users = @www
path = /usr/central/www
browseable = yes
writeable = yes
guest ok = no
[astro104]
comment = Astro104 web folder
valid users = wharris khn
path = /usr/users/astro104
browseable = yes
write OK = yes
read only = no
create mode = 0755
hide dot files = no
guest ok = no
[shared]
comment = Shared Folders
path = /usr/central/pc/shared
browseable = yes
writable = yes
create mode = 0755
follow symlinks = yes
wide links = yes
[SALA]
comment = SAL-A directory
path = /SAL/A
browseable = yes
writable = yes
create mode = 0755
follow symlinks = yes
wide links = yes
hide dot files = no
guest ok = no
[SALB]
comment = SAL-B directory
path = /SAL/B
browseable = yes
writable = yes
create mode = 0755
follow symlinks = yes
wide links = yes
hide dot files = no
guest ok = no
[ftp]
comment = Shared Folders
path = /usr/central/ftp/pub
browseable = yes
writable = yes
create mode = 0755
[pc]
comment = Shared %m Files
path = /usr/central/pc/%m
browseable = yes
writable = yes
create mode = 0750
[ps1]
comment = PostScript (Rm 6296B)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps1
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps1_duplex]
comment = PostScript duplex (Rm 6296B)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps1_duplex
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps4]
comment = HP PostScript (Rm 6283D)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps4
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps4_duplex_lg]
comment = HP PostScript (Rm 6283D)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps4_duplex_lg
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps4_big]
comment = HP PostScript (Rm 6283D)
public = yes
path = /var/spool/samba
browseable = yes
printer = ps4_big
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps7]
comment = PostScript (Rm 5507 Sterling)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps7
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps8]
comment = PostScript (Rm 6507 Sterling)
public = yes
path=/var/spool/samba
browseable = yes
printer = ps8
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps12]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = ps12
writable = no
printable = yes
; postscript = yes
print ok = yes
[ps14]
comment = 4th floor of Sterling Hall
public = yes
path=/var/spool/samba
browseable = yes
printable =yes
printer = ps14
writable = no
postcript = yes
print ok = yes
[scarlett]
comment = Color PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = scarlett
writable = no
printable = yes
; postscript = yes
print ok = yes
[michelle]
comment = Color PostScript Plotter (HP DesignJet 755CM)
public = yes
path=/var/spool/samba
browseable = yes
printable = yes
printer = michelle
writable = no
; postscript = yes
print ok = yes
[LindasApJ]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = LindasApJ
writable = no
printable = yes
; postscript = yes
print ok = yes
[LindasApJ_req]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = LindasApJ_req
writable = no
printable = yes
; postscript = yes
print ok = yes
[LindasApJ_dupl]
comment = Office PostScript Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = LindasApJ_dupl
writable = no
printable = yes
; postscript = yes
print ok = yes
[Wisplp0]
comment = Space Physics HP 6000 gn
public = yes
path=/var/spool/samba
browseable = yes
printer = Wisplp0
writable = no
printable = yes
; postscript = yes
print ok = yes
[file]
comment = PostScript File Printer
public = yes
path=/var/spool/samba
browseable = yes
printer = file
writable = no
printable = yes
; postscript = yes
print ok = yes
Thanks!
Rich B.
--
************************************************
Richard Bonomo
UW Space Astronomy Laboratory
ph: (608) 263-4683 telefacsimile: (608) 263-0361
SAL-related email: bonomo at sal.wisc.edu
all other email: bonomo at ece.wisc.edu
web page URL: http://www.cae.wisc.edu/~bonomo
************************************************
More information about the samba
mailing list