[Samba] INTERACTIVE logon works,
NETWORK logon does not with Samba 3.0.14a
Constantine Filin
cfilin at intermedia.net
Tue Jul 12 21:07:03 GMT 2005
Greetings -
I have Fedora Core 2 Linux box with Samba 3.0.14a compiled
and installed there.
Here's output of testparm:
<TESTPARM OUTPUT>
[root at cflinux ~/Downloads/samba-3.0.14a]# /usr/bin/testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[tmp]"
Processing section "[cf]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = INTERMEDIA
server string = CF LINUX BOX
password server = None
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
log level = 10 passdb:5 auth:10
log file = /var/log/samba/%m.log
max log size = 200
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
wins proxy = Yes
wins server = 207.5.70.254
hosts allow = 204.147.182.21/255.255.255.0
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes
[cf]
comment = CF Home
path = /home/cf
read only = No
<TESTPARM OUTPUT>
Also here is my /etc/samba/smbusers
[root at cflinux /etc/samba]# cat smbusers
root = INTERMEDIA\backup
cf = INTERMEDIA\cf
In smbpasswd I have records for user "cf" and user "root".
I can connect from my Windows 2003 server to share "cf" as user
"INTERMEDIA\cf" when I logon to this Windows station with "INTERACTIVE"
type of logon.
However, when I logon as the same user to the same Windows station with
"NETWORK" type of logon (e.g. to a telnet service), and then from that
Windows station, I cannot connect to the same Samba share on my Linux
box.
The error message I get is "Access Denied".
Further research in the logs shows that when I come to Linux box with
NETWORK logon, Linux box cannot determine that I am coming as
INTERMEDIA\cf user and attempts to connect me to that share as guest,
which is disallowed.
Eventually samba server sends NT_STATUS_ACCESS_DENIED message to the
Windows station. The appropriate log section follows:
<LOG>
[2005/07/12 12:55:22, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 5.2]
[2005/07/12 12:55:22, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
Got user=[] domain=[] workstation=[PROMQUEEN] len1=1 len2=0
[2005/07/12 12:55:22, 6] param/loadparm.c:lp_file_list_changed(2707)
lp_file_list_changed()
file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue
Jul 12 11:58:26 2005
[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info_map(224)
make_user_info_map: Mapping user []\[] from workstation [PROMQUEEN]
[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for ()
[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info(142)
making strings for 's user_info struct
[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info(184)
making blobs for 's user_info struct
[2005/07/12 12:55:22, 10] auth/auth_util.c:make_user_info(200)
made an encrypted user_info for ()
[2005/07/12 12:55:22, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[]\[]@[PROMQUEEN] with the new password interface
[2005/07/12 12:55:22, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [CFLINUX]\[]@[PROMQUEEN]
[2005/07/12 12:55:22, 10] auth/auth.c:check_ntlm_password(231)
</LOG>
When I connect with INTERACTIVE logon, the same log section looks
like this:
<SUCCESSFUL_LOG>
user_in_list: checking if user |cf| is in winbind group
|INTERMEDIA\cf|
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info_map(224)
make_user_info_map: Mapping user [INTERMEDIA]\[cf] from workstation
[PROMQUEEN]
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for cf (cf)
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info(142)
making strings for cf's user_info struct
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info(184)
making blobs for cf's user_info struct
[2005/07/12 14:05:04, 10] auth/auth_util.c:make_user_info(200)
made an encrypted user_info for cf (cf)
[2005/07/12 14:05:04, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[INTERMEDIA]\[cf]@[PROMQUEEN] with the new password interface
[2005/07/12 14:05:04, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [CFLINUX]\[cf]@[PROMQUEEN]
[2005/07/12 14:05:04, 10] auth/auth.c:check_ntlm_password(231)
</SUCCESSFUL_LOG>
Question:
How can I connect to Samba shares with NETWORK type of logon?
Thanks in advance.
Constantine
More information about the samba
mailing list