[Samba] Samba processes domain authenticated user as nobody during logon. bat execution

gpalmer at lganet.com gpalmer at lganet.com
Wed Jun 23 16:15:53 GMT 2004


Beating head on desk again!

I have a samba server is running winbind which can access domain.  It is
working fine and is using domain credentials.  I access the samba shares
after the user has authenticated against a novell server during the novell
logon script. The shares are authenticated with user domain credentials and
verified with smbstatus. This works great!

If I alternatively use windows networking domain authentication, I have
problems.   
The Win95 station correctly authenticates against NT4 PDC and runs logon.bat
from that server. 
As LOGON.BAT accesses samba shares, samba appears to get user credentials
without the Domain Name.  Since there are no users on the samba server, this
gets morphed into nobody.  
All services which can be accessed as nobody are attached as nobody,  all
other services are denied.  As a result important tools such as "net use X:
/home" do not work when file and directory permissions prohibit access to
nobody.

During the LOGON.BAT, I issued a net config
Computer name                  \\LGA00D0B724628B
User name                      GPALMER
Workgroup                      LGANET
Workstation root directory     C:\WINDOWS

Software version               4.00.950
Redirector version             4.00
Client for NetWare version     3.26

Registry setting require authentication..  It appears that "net" thinks it
is part of the domain; but as stated above, samba attaches as nobody.  Samba
logs indicate that it is receive user gpalmer and not lganet\gpalmer. 

>From a DOS window, after logon.bat finishes , I can successfully execute
"net use X: /home".  Samba gets and processes the full domain credentials.  
Samba interperets user as nobody without regard to setting in "Log on to
windows nt domain" in the "client for microsoft networks" dialog.
If the home directory is moved to nt server it will successfully attach
during logon.bat.
I have exhausted all options I know about.

Thanks in advance for any insight you might give.


Excerpts from Failure log:
At log level 5
[2004/06/22 16:19:12, 3] smbd/reply.c:reply_sesssetup_and_X(1070)
  No such user gpalmer [] - using guest account
.
.
.
[2004/06/22 16:19:13, 3] smbd/service.c:find_service(140)
  checking for home directory gpalmer gave (NULL)
[2004/06/22 16:19:13, 3] smbd/service.c:find_service(209)
  find_service() failed to find service gpalmer
[2004/06/22 16:19:13, 0] smbd/service.c:make_connection(251)
  lga009027a6e884 (192.168.12.178) couldn't find service gpalmer
 
at loglevel 0
[2004/06/23 08:59:49, 0] smbd/password.c:authorise_login(863)
  authorise_login: rejected invalid user nobody
[2004/06/23 09:04:10, 0] smbd/service.c:make_connection(251)
  lga009027a6e884 (192.168.12.178) couldn't find service gpalmer


Samba version 2.2.8a
SMB.CONF
#*********************************************************************
#server naming
        server string = LGACHI01 - Chicago Main Server
        workgroup = LGANET
        netbios name = LGACHI01
        netbios aliases = LGAGLE04

#*********************************************************************
#authentication
        #PDC
        password server = LGAGLE02 LGAGLE03
        logon script = logon.bat
        encrypt passwords = yes
        password level = 8
        username level = 8
        #username map = /usr/local/samba/lbin/map.user
        smb passwd file = /usr/local/samba/lbin/smbpasswd
        security = domain
        domain master = no
        domain admin group = @root
        domain logons = no

#********************************************************************
* #WINS Browsing and naming
#wins server
        wins support = no
        lm announce = yes
        lm interval = 120
        preferred master = no
        remote browse sync = 192.168.201.0 192.168.201.255 192.168.201.1
        remote announce = 192.168.201.255/LGANET 192.168.12.255/LGANET
192.168.3
1.255/LGANET 192.168.51.255/LGANET
        local master = no
        os level = 0

#wins client
        name resolve order = wins bcast lmhosts host
        wins server = 192.168.12.28 192.168.201.1
        wins proxy = yes
        dns proxy = no
        browse list = yes

 #*********************************************************************
#IP Networking
        time server = yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=819
2
        allow hosts = 192.168. 127.
        interfaces = 192.168.10.2/24 192.168.11.2/24 192.168.12.2/24
192.168.12.
101/24 192.168.12.104/24
        oplock break wait time = 100

#*********************************************************************
#printing
        print command = lpr -l -P'%p' %s
        printing = lprng
        printcap name = /etc/printcap
        load printers = yes

#*********************************************************************
#log files
        log file = /var/log/samba/log.%m
        max log size = 50
        log level = 0
#*********************************************************************
#winbind
        #winbind separator = -
        winbind uid =10000-15000
        winbind gid =10000-15000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/samba/data.user/%U
        template shell = /bin/bash

#*********************************************************************
#global share declarations
        browseable=yes
        writeable=yes
        public=yes
        printable=no
        map archive = yes
        map system = yes
        map hidden = yes
        force create mode = 0660
        force directory mode = 0770 
        force group="LGANET\Domain Users"

#*********************************************************************
#Printer Shares
[printers]
        path = /var/spool/samba
        writeable = yes
        browseable = no
        comment = All Printers
        printable = yes
        public = no
        print command=lpr -l -P'%p' %s

#*********************************************************************
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
        path = /home/samba/data.user/%U/windows.profile
        browseable = no
        write list ="LGANET\"%U
        valid users="LGANET\"%U

[homes]
        comment = Home Directory for \\%D\%U (H:)
        path = /home/samba/data.user/%U
        #browseable = no
        write list ="LGANET\"%U
        read list="LGANET\"%U
        valid users="LGANET\"%U




More information about the samba mailing list