[Samba] Authentication failure when accessing Samba server in a NT domain

Ashutosh Kamdar akamdar at gnsi.com
Tue Apr 26 12:10:19 GMT 2005 

Hello Samba Gurus,

I have configured my Samba install to be a domain member of a NT4-Style domain. The version of samba used is 3.0.13. The domain joining process worked fine (net rpc join). An excerpt of smb.conf is provided at the end for reference. 

The problem is that when users access this server, they are challenged for the username password. I was of the impression that this process would be seamless to the user. On providing the NT username/password, the login process still fails. It just comes back with the same prompt challenging the user.

These users are added in /etc/passwd but not in smbpasswd, as per the documentation. 

On using smbclient:
# ./smbclient -d 3 -U akamdar -L localhost

This was the output obtained:
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf"
Processing section "[global]"
added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0
Client started (version 3.0.13).
resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
resolve_wins: Attempting wins lookup for name localhost<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name localhost<0x20>
Connecting to 127.0.0.1 at port 445
Password:

Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
SPNEGO login failed: Access denied
session setup failed: NT_STATUS_ACCESS_DENIED

Can someone please help me understand what exactly is causing this problem and of possible solutions? Any help would be greatly appreciated.

Regards,

Ashutosh

---smb.conf--------------------8<---------------------------

[global]
        dns proxy = no
        debug timestamp = yes
        encrypt passwords = yes
        idmap gid = 15000-20000
        socket options = TCP_NODELAY
        max log size = 1024
        password server = PASSWORDSERVER
        idmap uid = 15000-20000
        debug level = 3
        security = domain
        server string = Samba Server
        workgroup = DOMAINNAME
        log level = 3
        log file = /usr/local/samba/var/log.%m
        netbios name = appserver7
        load printers = yes
        os level = 33
        default = share
        winbind use default domain = Yes

[homes]
   comment = Home Directories
   valid users = %S
   browseable = no
   writable = yes

[share]
path = /share
comment = Solaris share
valid users = @staff
guest ok = Yes
read only = No

More information about the samba mailing list