[Samba] Authentication problems using libsmbclient API and DFS
shares
rbrowne at estreet.com
rbrowne at estreet.com
Fri Apr 6 10:32:34 GMT 2007
Hi,
I'm trying to create a map of DFS links to actual
server/share's. I know that you can get this information by logging
on to the DFS root server, but I'm trying to use the libsmbclient API to
get this information.
I have created a fairly simple DFS
structure on 2003 servers with everything on the same domain.
//MyDomain/DFSRoot
/Link1 -> //Fileserv-1/FileShare1
/Link2 -> //Fileserv-2/FileShare2
On the command line I
can traverse the DFS tree without any problems, so using smbclient I can
perform the following steps:
# smbclient //10.4.1.107/DFSRoot
-A ./credfile
Domain=[ENG-DEV] OS=[Windows Server 2003 3790]
Server=[Windows Server 2003 5.2]
smb: \> ls
.
D 0 Thu Mar 29 12:52:3
2007
..
D 0 Thu Mar 29 12:52:35
2007
Link1
D 0 Thu Mar 29 12:46:43
2007
Link2
D 0 Thu Mar 29 12:52:35
2007
65389 blocks of size 65536. 36670 blocks available
smb: \>
showconnect
//Fileserv-1/DFSRoot
smb: \> cd Link1
smb: \Link1\> ls
.
D 0 Thu Mar 29 12:43:19
2007
..
D 0 Thu Mar 29 12:43:19
2007
List.xls
A 25088 Sat Jan 7 23:03:18 2006
.
.
.
smb: \Link1\> showconnect
//Fileserv-1/FileShare1
smb: \Link1\> cd ../Link2
smb: \Link2\> ls
.
D 0 Thu Mar 29 12:40:14
2007
..
D 0 Thu Mar 29 12:40:14
2007
abs-guide.pdf
A 2069818 Thu Mar 29 12:39:04 2007
.
.
.
sag.pdf
A 869300 Thu Mar 29 12:40:14 2007
65389 blocks of size 65536. 36659 blocks available
smb: \Link2\>
showconnect
//Fileserv-2/FileShare2
smb: \Link2\>
However, problems ensue when I try to connect using the
smbc_open and smbc_opendir functions. Tracing execution under gdb I
see that my authentication callback function is being called every time I
use the smbc_opendir function (that's good). I can authenticate
without any problems to the DFS root, but the problem occurs when Samba
tries to traverse the DFS tree. In this case the original
server/share (i.e. of the DFS root) is not the server/share of the DFS
link. When the code follows the path of the link, all the original
authentication information is lost. My username, password, and
workgroup are all changed to my Unix username and the workgroup that I've
defined in smb.conf. I'm prompted for a password from the do_connect
function and authentication to the server/share fails.
One
difference between the two scenarios is that in the first case the
cli_cm_set_credentials function is being called in the second case it's
not. I'm not sure, but should the authentication callback function
be used when resolving a DFS path? I'm still looking into where the
defaults are set and if it's possible to get authentication info that's
not statically defined.
I also saw that I can define the
/etc/samba/smbusers to map a Unix user name to a Windows login and tried
this, but my default username is still the Unix one. I also
uncommented the username map line in smb.conf.
Thanks for
looking at this...
Regards,
Rich �
More information about the samba
mailing list