[Samba] INTERACTIVE logon works, NETWORK logon does not with Samba 3.0.14a

Constantine Filin cfilin at intermedia.net
Tue Jul 12 21:07:03 GMT 2005 

Greetings -

I have Fedora Core 2 Linux box with Samba 3.0.14a compiled 
and installed there.

Here's output of testparm:

<TESTPARM OUTPUT>
[root at cflinux ~/Downloads/samba-3.0.14a]# /usr/bin/testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[tmp]"
Processing section "[cf]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

# Global parameters
[global]
 workgroup = INTERMEDIA
 server string = CF LINUX BOX
 password server = None
 smb passwd file = /etc/samba/smbpasswd
 username map = /etc/samba/smbusers
 log level = 10 passdb:5 auth:10
 log file = /var/log/samba/%m.log
 max log size = 200
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 printcap name = /etc/printcap
 wins proxy = Yes
 wins server = 207.5.70.254
 hosts allow = 204.147.182.21/255.255.255.0

[homes]
 comment = Home Directories
 read only = No
 browseable = No

[printers]
 comment = All Printers
 path = /var/spool/samba
 printable = Yes
 browseable = No

[tmp]
 comment = Temporary file space
 path = /tmp
 read only = No
 guest ok = Yes

[cf]
 comment = CF Home
 path = /home/cf
 read only = No
<TESTPARM OUTPUT>

Also here is my /etc/samba/smbusers

[root at cflinux /etc/samba]# cat smbusers
root = INTERMEDIA\backup
cf = INTERMEDIA\cf

In smbpasswd I have records for user "cf" and user "root".

I can connect from my Windows 2003 server to share "cf" as user
"INTERMEDIA\cf" when I logon to this Windows station with "INTERACTIVE"
type of logon.

However, when I logon as the same user to the same Windows station with
"NETWORK" type of logon (e.g. to a telnet service), and then from that
Windows station, I cannot connect to the same Samba share on my Linux
box.
The error message I get is "Access Denied".

Further research in the logs shows that when I come to Linux box with
NETWORK logon, Linux box cannot determine that I am coming as
INTERMEDIA\cf user and attempts to connect me to that share as guest,
which is disallowed.
Eventually samba server sends NT_STATUS_ACCESS_DENIED message to the
Windows station. The appropriate log section follows:

<LOG>
[2005/07/12 12:55:22, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[]
PrimaryDomain=[Windows Server 2003 5.2]
[2005/07/12 12:55:22, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
  Got user=[] domain=[] workstation=[PROMQUEEN] len1=1 len2=0
[2005/07/12 12:55:22, 6] param/loadparm.c:lp_file_list_changed(2707)
  lp_file_list_changed()
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Tue
Jul 12 11:58:26 2005

[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info_map(224)
  make_user_info_map: Mapping user []\[] from workstation [PROMQUEEN]
[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for  ()
[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info(142)
  making strings for 's user_info struct
[2005/07/12 12:55:22, 5] auth/auth_util.c:make_user_info(184)
  making blobs for 's user_info struct
[2005/07/12 12:55:22, 10] auth/auth_util.c:make_user_info(200)
  made an encrypted user_info for  ()
[2005/07/12 12:55:22, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[]\[]@[PROMQUEEN] with the new password interface
[2005/07/12 12:55:22, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [CFLINUX]\[]@[PROMQUEEN]
[2005/07/12 12:55:22, 10] auth/auth.c:check_ntlm_password(231)
</LOG>

When I connect with INTERACTIVE logon, the same log section looks 
like this:

<SUCCESSFUL_LOG>
  user_in_list: checking if user |cf| is in winbind group
|INTERMEDIA\cf|
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info_map(224)
  make_user_info_map: Mapping user [INTERMEDIA]\[cf] from workstation
[PROMQUEEN]
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for cf (cf)
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info(142)
  making strings for cf's user_info struct
[2005/07/12 14:05:04, 5] auth/auth_util.c:make_user_info(184)
  making blobs for cf's user_info struct
[2005/07/12 14:05:04, 10] auth/auth_util.c:make_user_info(200)
  made an encrypted user_info for cf (cf)
[2005/07/12 14:05:04, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[INTERMEDIA]\[cf]@[PROMQUEEN] with the new password interface
[2005/07/12 14:05:04, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [CFLINUX]\[cf]@[PROMQUEEN]
[2005/07/12 14:05:04, 10] auth/auth.c:check_ntlm_password(231)
</SUCCESSFUL_LOG>


Question:

How can I connect to Samba shares with NETWORK type of logon?

Thanks in advance.

Constantine

More information about the samba mailing list