[Samba] Cannot get logged in using Server=DOMAIN

Stephen Carville effcee at heronforge.net
Tue Oct 11 15:37:57 GMT 2005

I have an FC3 intallation with samba-3.0.10-1. I cannot get it to accept
a login with server=DOMAIN. I can join the domain with no problem:

# net rpc join member -U scarville
Joined domain TOTALFLOOD.

I can browse the shares:

$ smbclient -L amazon
added interface ip= bcast= nmask=
Anonymous login successful
Domain=[TOTALFLOOD] OS=[Unix] Server=[Samba 3.0.10-1.fc3]

        Sharename      Type      Comment
        ---------      ----      -------
        netapps        Disk      Network Applications
        common         Disk      Common Files
        public         Disk      Public Files
        IPC$           IPC       IPC Service (Main File Server)
        ADMIN$         IPC       IPC Service (Main File Server)

        Server               Comment
        ---------            -------
        AMAZON               Main File Server
        ATLANTIC             DC-PDC

        Workgroup            Master
        ---------            -------
        TOTALFLOOD           ATLANTIC

but if I actually try to login with an NT username:

$ smbclient -v //amazon/common -U scarville -d 3
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface ip= bcast= nmask=
Client started (version 3.0.10-1.fc2).
resolve_lmhosts: Attempting lmhosts lookup for name amazon<0x20>
resolve_wins: Attempting wins lookup for name amazon<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name amazon<0x20>
Connecting to at port 445
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

My configuration lookslike:

$ testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netapps]"
Processing section "[common]"
Processing section "[public]"
Loaded services file OK.
Press enter to see a dump of your service definitions

# Global parameters
        workgroup = TOTALFLOOD
        server string = Main File Server
        security = DOMAIN
        username map = /etc/samba/smbusers
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        disable spoolss = Yes
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        ldap ssl = no
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        template shell =
        winbind use default domain = Yes

        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No

        comment = Network Applications
        path = /export/netapps
        force user = procman
        force group = users
        read only = No

        comment = Common Files
        path = /export/common
        force group = users
        read only = No
        create mask = 0775
        force create mode = 0664
        directory mask = 0775
        force directory mode = 0775

        comment = Public Files
        path = /export/public
        force user = procman
        force group = users
        read only = No
        create mask = 0774

In smbusers I have the line maping my NT username to my UNIX name:

stephen = scarville

My old samba 2.2 server on Redhat 7.2 is working OK but I'd like to
upgrade if possible.

Stephen Carville -- polluting the ranks of skeptics since 1995.
Government is actually the worst failure of civilized man. There has
never been a really good one, and even those that are most tolerable are
arbitrary, cruel, grasping and unintelligent.
             -- H. L. Mencken

More information about the samba mailing list