[Samba] Null session problem when mounting share using domainuseraccount

=?big5?B?TGF0cmVsbCBXYW5nIKT9xG269Q==?= Latrell.Wang at zyxel.com.tw
Wed Dec 13 10:49:34 GMT 2006 

My global session of smb.conf is as follows:
[global]
        dos charset =3D UTF8
        display charset =3D UTF8
        unix charset =3D UTF8
        server schannel=3Dauto
        netbios name =3D NSA1129
        write ok =3D yes
        guest account =3D smbguest
        map to guest =3D bad user
        encrypt passwords =3D yes
        map archive =3D no
        client use spnego =3D no
        auth methods =3D guest sam_ignoredomain winbind:ntdomain
        host msdfs =3D yes
        winbind use default domain =3D yes

        workgroup =3D NAS
        security =3D ads
        password server =3D 172.23.26.204 *
        realm =3D NAS.LOCAL
        idmap uid =3D 100000-500000
        idmap gid =3D 100000-500000
        winbind cache time =3D 15
        template homedir =3D /tmp/users/home/%D/%U
        template shell =3D /bin/bash

-----Original Message-----
From: samba-bounces+latrell.wang=3Dzyxel.com.tw at lists.samba.org =
[mailto:samba-bounces+latrell.wang=3Dzyxel.com.tw at lists.samba.org] On =
Behalf Of Latrell Wang =A4=FD=C4m=BA=F5
Sent: Wednesday, December 13, 2006 1:56 PM
To: samba at lists.samba.org
Subject: RE: [Samba] Null session problem when mounting share using =
domainuseraccount

In samba 3.0.14a, I noticed one item:
* Disable schannel on the LSA and SAMR pipes in winbindd client 1190 =
code to deal with Windows 2003 SP1 and Windows 2000 SP4 SR1.

Does the fix related directly to my problem. The detailed debug message =
of smbmount is as follows:
root at NSA1129:~# smbmount //localhost/dd /mnt -o =
username=3Dlatrell1,password=3D1234qwer,debug=3D9
mount.smbfs started (version 3.0.21c)
added interface ip=3D172.23.26.67 bcast=3D172.23.26.255 =
nmask=3D255.255.255.0
Opening cache file at /etc/zyxel/samba/gencache.tdb
name localhost#20 found.
Connecting to 127.0.0.1 at port 445
socket option SO_KEEPALIVE =3D 0
socket option SO_REUSEADDR =3D 0
socket option SO_BROADCAST =3D 0
socket option TCP_NODELAY =3D 1
socket option TCP_KEEPCNT =3D 9
socket option TCP_KEEPIDLE =3D 7200
socket option TCP_KEEPINTVL =3D 75
socket option IPTOS_LOWDELAY =3D 0
socket option IPTOS_THROUGHPUT =3D 0
socket option SO_SNDBUF =3D 50160
socket option SO_RCVBUF =3D 87378
socket option SO_SNDLOWAT =3D 1
socket option SO_RCVLOWAT =3D 1
socket option SO_SNDTIMEO =3D 0
socket option SO_RCVTIMEO =3D 0
24240: session request ok
write_socket(4,183)
write_socket(4,183) wrote 183
size=3D85
smb_com=3D0x72
smb_rcls=3D0
smb_reh=3D0
smb_err=3D0
smb_flg=3D136
smb_flg2=3D49153
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D0
smb_mid=3D1
smt_wct=3D17
smb_vwv[ 0]=3D    7 (0x7)
smb_vwv[ 1]=3D12803 (0x3203)
smb_vwv[ 2]=3D  256 (0x100)
smb_vwv[ 3]=3D 1024 (0x400)
smb_vwv[ 4]=3D   65 (0x41)
smb_vwv[ 5]=3D    0 (0x0)
smb_vwv[ 6]=3D  256 (0x100)
smb_vwv[ 7]=3D45312 (0xB100)
smb_vwv[ 8]=3D   94 (0x5E)
smb_vwv[ 9]=3D64768 (0xFD00)
smb_vwv[10]=3D33011 (0x80F3)
smb_vwv[11]=3D32768 (0x8000)
smb_vwv[12]=3D17990 (0x4646)
smb_vwv[13]=3D31267 (0x7A23)
smb_vwv[14]=3D50974 (0xC71E)
smb_vwv[15]=3D    1 (0x1)
smb_vwv[16]=3D 2048 (0x800)
smb_bcc=3D16
size=3D85
smb_com=3D0x72
smb_rcls=3D0
smb_reh=3D0
smb_err=3D0
smb_flg=3D136
smb_flg2=3D49153
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D0
smb_mid=3D1
smt_wct=3D17
smb_vwv[ 0]=3D    7 (0x7)
smb_vwv[ 1]=3D12803 (0x3203)
smb_vwv[ 2]=3D  256 (0x100)
smb_vwv[ 3]=3D 1024 (0x400)
smb_vwv[ 4]=3D   65 (0x41)
smb_vwv[ 5]=3D    0 (0x0)
smb_vwv[ 6]=3D  256 (0x100)
smb_vwv[ 7]=3D45312 (0xB100)
smb_vwv[ 8]=3D   94 (0x5E)
smb_vwv[ 9]=3D64768 (0xFD00)
smb_vwv[10]=3D33011 (0x80F3)
smb_vwv[11]=3D32768 (0x8000)
smb_vwv[12]=3D17990 (0x4646)
smb_vwv[13]=3D31267 (0x7A23)
smb_vwv[14]=3D50974 (0xC71E)
smb_vwv[15]=3D    1 (0x1)
smb_vwv[16]=3D 2048 (0x800)
smb_bcc=3D16
write_socket(4,137)
write_socket(4,137) wrote 137
size=3D64
smb_com=3D0x73
smb_rcls=3D0
smb_reh=3D0
smb_err=3D0
smb_flg=3D136
smb_flg2=3D16385
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D100
smb_mid=3D2
smt_wct=3D3
smb_vwv[ 0]=3D  255 (0xFF)
smb_vwv[ 1]=3D    0 (0x0)
smb_vwv[ 2]=3D    1 (0x1)
smb_bcc=3D23
24240: session setup ok
write_socket(4,69)
write_socket(4,69) wrote 69
size=3D35
smb_com=3D0x75
smb_rcls=3D1
smb_reh=3D0
smb_err=3D5
smb_flg=3D136
smb_flg2=3D1
smb_tid=3D0
smb_pid=3D24240
smb_uid=3D100
smb_mid=3D3
smt_wct=3D0
smb_bcc=3D0
24240: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed

Latrell.

-----Original Message-----
From: samba-bounces+latrell.wang=3Dzyxel.com.tw at lists.samba.org =
[mailto:samba-bounces+latrell.wang=3Dzyxel.com.tw at lists.samba.org] On =
Behalf Of Latrell Wang =A4=FD=C4m=BA=F5
Sent: Tuesday, December 12, 2006 7:12 PM
To: samba at lists.samba.org
Subject: [Samba] Null session problem when mounting share using domain =
useraccount

Hi all:

=20

As far as I know, windows 2003 sp1 restricts anonymous access to samr =
and lsarpc. On windows 2003, everyone group does not include anonymous =
logon, thus anonymous enumeration can=A1=A6t be achieved unless =
anonymous logon is a member of pre-windows 2000 compatible group. I =
think this is the reason why smbmount using domain user account failed. =
The error message is as follows:

=20

26520: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)

SMB connection failed

=20

The packets showed that =A1=A7STATUS_ACCESS_DENIED=A1=A8 in SamrConnect2 =
request and reply. If anonymous logon belongs to pre-windows 2000 =
compatible group, smbmount ran successfully.

=20

Will samba work around this issue?

=20

Thanks for the replies.

=20

Latrell.

--=20
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--=20
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list