[Samba] check_ntlm_password: Authentication for user FAILED with error NT_STATUS_IO_TIMEOUT

mallapadi niranjan niranjan.ashok at gmail.com
Mon Mar 20 12:40:04 GMT 2006 

Hi all

I have a samba pdc with ldap (samba 3.0.21c with openldap 2.3.19) and 2
domain member servers(as file servers which
are running samba 3.0.21c) .
all my users are redirected to my files server to access the respective
shares.
when the logon script runs, the log file in the file server shows the
following error log
thereby the drive is not getting mapped, the user has to manually give the
"net use p: \\projectsrv\share" command
####################################################################
[2006/03/18 15:32:17, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [testuser] -> [testuser]
FAILED with error NT_STATUS_IO_TIMEOUT
[2006/03/18 15:32:30, 2] smbd/server.c:exit_server(614)
  Closing connections
[2006/03/18 15:32:32, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2006/03/18 15:32:33, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
  init_group_from_ldap: Entry found for group: 513
[2006/03/18 15:32:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
  init_group_from_ldap: Entry found for group: 513
[2006/03/18 15:32:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
  init_group_from_ldap: Entry found for group: 1000
[2006/03/18 15:32:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
  init_group_from_ldap: Entry found for group: 1629
[2006/03/18 15:32:34, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [testuser] -> [testuser] ->
[testuser] succeeded
[2006/03/18 15:32:34, 2] lib/module.c:do_smb_load_module(66)
  Module '/usr/local/samba-3c/lib/vfs/recycle.so' loaded
####################################################################

my PDC smb.conf file
#####################################################################
[global]
  workgroup = msdpl.com
  netbios name = medhapdc
  passdb backend = ldapsam:ldap://msdpl.com
  server string = Domain Controller
  hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
  security = user
  encrypt passwords = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = eth0, lo
  printing = cups
  disable spoolss = Yes
  printcap name = cups
  max print jobs = 100
  enable privileges = yes
  password level = 8
  username level = 8
  bind interfaces only = yes
  local master = Yes
  os level = 65
  domain master = yes
  preferred master = yes
  null passwords = no
  hide unreadable = yes
  hide dot files = yes
  domain logons = yes
  logon script = %u.bat
  logon path =
  logon drive = X:
  logon home = \\medhapdc\%U
  wins support = yes
  name resolve order = wins lmhosts host bcast
  dns proxy = no
  time server = yes
  log file = /var/log/samba/%m.log
  max log size = 50
  nt acl support = yes
  ldap passwd sync = yes
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
  ldap delete dn = Yes
  ldap ssl = no
  ldap suffix = dc=msdpl,dc=com
  ldap admin dn = cn=manager,dc=msdpl,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=People
  ldap machine suffix = ou=Computers
  ldap idmap suffix = ou=Idmap
  ldap timeout = 50
  idmap backend = ldap:ldap://msdpl.com
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  check password script = /usr/local/bin/crackcheck -s
  map acl inherit = yes
  winbind use default domain = yes
  template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
   comment = Home Directories
   valid users = %S, root
   browseable = no
   read only = no
   nt acl support = Yes
# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /usr/local/samba-3c/lib/netlogon/scripts
   guest ok = yes
   browseable = yes
   write list = root, kr1233

[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0600
   guest ok = Yes
   printable = yes
   use client driver = Yes
   browseable = no
#####################################################################
my domain member server (file server) smb.conf
###################################################################
[global]
 unix charset = LOCALE
 workgroup = msdpl.com
 netbios name = prjsrv01
 server string = Project Server 1
 printcap name = /etc/printcap
 load printers = yes
 cups options = raw
 log level = 2
 log file = /usr/local/samba-3c/var/%U.%m.log
 syslog = 0
 max log size = 100
 smb ports = 139
 security = domain
 username map = /usr/local/samba-3c/lib/smbusers
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 name resolve order = wins bcasts hosts
 wins server = 192.168.129.20
 dns proxy = no
 ldap server = 192.168.129.20
 ldap suffix = dc=msdpl,dc=com
 ldap machine suffix = ou=Computers
 ldap user suffix = ou=People
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap
 ldap admin dn = cn=manager,dc=msdpl,dc=com
 ldap ssl = no
 ldap timeout = 50
 acl check permissions = Yes
 template shell = /bin/false
 winbind use default domain = no
 inherit permissions = yes
 inherit acls = yes
 nt acl support = yes
 hide dot files = yes
#######################################Share
Definations########################################
 [homes]
   comment = Home Directories
   valid users = %S
   browseable = no
   writable = yes
   veto files =
/.bash_history/.bash_logout/.bash_profile/.bashrc/.canna/.emacs/.gtkrc/.kde/.viminfo/.xemacs/.zshrc/
   hide dot files = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

 [projects]
 comment = All Projects
 path = /projects
 browseable = no
 guest ok = no
 writeable = yes
 printable = no
 veto files = desktop.ini/lost+found/.Trash-root/*.sh/*.scr/.recycle/
 create mode = 2700
 force create mode = 0700
 force directory mode = 0700
 inherit permissions = yes
 inherit acls = yes
 vfs objects = recycle

 [datalib]
 comment = DataLib
 path = /datalib
 browseable = no
 writeable = yes
 vfs objects = recycle
 veto files = lost+found
 inherit permissions = yes
 inherit acls = yes
 veto files = desktop.ini/lost+found/.Trash-root/*.sh/*.scr/.recycle/
###################################################################

What could be the problem, please guide me

Regards
Niranjan

More information about the samba mailing list