[Samba] Samba processes domain authenticated user as nobody during
logon. bat execution
gpalmer at lganet.com
gpalmer at lganet.com
Wed Jun 23 16:15:53 GMT 2004
Beating head on desk again!
I have a samba server is running winbind which can access domain. It is
working fine and is using domain credentials. I access the samba shares
after the user has authenticated against a novell server during the novell
logon script. The shares are authenticated with user domain credentials and
verified with smbstatus. This works great!
If I alternatively use windows networking domain authentication, I have
problems.
The Win95 station correctly authenticates against NT4 PDC and runs logon.bat
from that server.
As LOGON.BAT accesses samba shares, samba appears to get user credentials
without the Domain Name. Since there are no users on the samba server, this
gets morphed into nobody.
All services which can be accessed as nobody are attached as nobody, all
other services are denied. As a result important tools such as "net use X:
/home" do not work when file and directory permissions prohibit access to
nobody.
During the LOGON.BAT, I issued a net config
Computer name \\LGA00D0B724628B
User name GPALMER
Workgroup LGANET
Workstation root directory C:\WINDOWS
Software version 4.00.950
Redirector version 4.00
Client for NetWare version 3.26
Registry setting require authentication.. It appears that "net" thinks it
is part of the domain; but as stated above, samba attaches as nobody. Samba
logs indicate that it is receive user gpalmer and not lganet\gpalmer.
>From a DOS window, after logon.bat finishes , I can successfully execute
"net use X: /home". Samba gets and processes the full domain credentials.
Samba interperets user as nobody without regard to setting in "Log on to
windows nt domain" in the "client for microsoft networks" dialog.
If the home directory is moved to nt server it will successfully attach
during logon.bat.
I have exhausted all options I know about.
Thanks in advance for any insight you might give.
Excerpts from Failure log:
At log level 5
[2004/06/22 16:19:12, 3] smbd/reply.c:reply_sesssetup_and_X(1070)
No such user gpalmer [] - using guest account
.
.
.
[2004/06/22 16:19:13, 3] smbd/service.c:find_service(140)
checking for home directory gpalmer gave (NULL)
[2004/06/22 16:19:13, 3] smbd/service.c:find_service(209)
find_service() failed to find service gpalmer
[2004/06/22 16:19:13, 0] smbd/service.c:make_connection(251)
lga009027a6e884 (192.168.12.178) couldn't find service gpalmer
at loglevel 0
[2004/06/23 08:59:49, 0] smbd/password.c:authorise_login(863)
authorise_login: rejected invalid user nobody
[2004/06/23 09:04:10, 0] smbd/service.c:make_connection(251)
lga009027a6e884 (192.168.12.178) couldn't find service gpalmer
Samba version 2.2.8a
SMB.CONF
#*********************************************************************
#server naming
server string = LGACHI01 - Chicago Main Server
workgroup = LGANET
netbios name = LGACHI01
netbios aliases = LGAGLE04
#*********************************************************************
#authentication
#PDC
password server = LGAGLE02 LGAGLE03
logon script = logon.bat
encrypt passwords = yes
password level = 8
username level = 8
#username map = /usr/local/samba/lbin/map.user
smb passwd file = /usr/local/samba/lbin/smbpasswd
security = domain
domain master = no
domain admin group = @root
domain logons = no
#********************************************************************
* #WINS Browsing and naming
#wins server
wins support = no
lm announce = yes
lm interval = 120
preferred master = no
remote browse sync = 192.168.201.0 192.168.201.255 192.168.201.1
remote announce = 192.168.201.255/LGANET 192.168.12.255/LGANET
192.168.3
1.255/LGANET 192.168.51.255/LGANET
local master = no
os level = 0
#wins client
name resolve order = wins bcast lmhosts host
wins server = 192.168.12.28 192.168.201.1
wins proxy = yes
dns proxy = no
browse list = yes
#*********************************************************************
#IP Networking
time server = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=819
2
allow hosts = 192.168. 127.
interfaces = 192.168.10.2/24 192.168.11.2/24 192.168.12.2/24
192.168.12.
101/24 192.168.12.104/24
oplock break wait time = 100
#*********************************************************************
#printing
print command = lpr -l -P'%p' %s
printing = lprng
printcap name = /etc/printcap
load printers = yes
#*********************************************************************
#log files
log file = /var/log/samba/log.%m
max log size = 50
log level = 0
#*********************************************************************
#winbind
#winbind separator = -
winbind uid =10000-15000
winbind gid =10000-15000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/samba/data.user/%U
template shell = /bin/bash
#*********************************************************************
#global share declarations
browseable=yes
writeable=yes
public=yes
printable=no
map archive = yes
map system = yes
map hidden = yes
force create mode = 0660
force directory mode = 0770
force group="LGANET\Domain Users"
#*********************************************************************
#Printer Shares
[printers]
path = /var/spool/samba
writeable = yes
browseable = no
comment = All Printers
printable = yes
public = no
print command=lpr -l -P'%p' %s
#*********************************************************************
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /home/samba/data.user/%U/windows.profile
browseable = no
write list ="LGANET\"%U
valid users="LGANET\"%U
[homes]
comment = Home Directory for \\%D\%U (H:)
path = /home/samba/data.user/%U
#browseable = no
write list ="LGANET\"%U
read list="LGANET\"%U
valid users="LGANET\"%U
More information about the samba
mailing list