[Samba] Authentication problems using libsmbclient to traverse DFS
links
Avinash
pavinash at gmail.com
Wed Sep 19 05:36:55 GMT 2007
Hi,
I'm trying to create a map of DFS links to actual server/share's.
I know that you can get this information by logging on to the DFS root
server, but I'm trying to use the libsmbclient API to
get this information.
I have created a fairly simple DFS structure on 2003 servers with
everything on the same domain.
//MyDomain/DFSRoot
/Link1 -> //Fileserv-1/FileShare1
/Link2 -> //Fileserv-2/FileShare2
On the command line I can traverse the DFS tree without any problems,
so using smbclient I can perform the following steps:
# smbclient //10.4.1.107/DFSRoot -A
./credfile
Domain=[ENG-DEV] OS=[Windows Server 2003 3790]
Server=[Windows Server 2003 5.2]
smb: \> ls
.
D 0 Thu Mar 29 12:52:35
2007
..
D 0 Thu Mar 29 12:52:35
2007
Link1
D 0 Thu Mar 29 12:46:43
2007
Link2
D 0 Thu Mar 29 12:52:35
2007
65389 blocks of size 65536. 36670 blocks available
smb: \> showconnect
//Fileserv-1/DFSRoot
smb: \>
cd Link1
smb: \Link1\> ls
.
D 0 Thu Mar 29 12:43:19
2007
..
D 0 Thu Mar 29 12:43:19
2007
List.xls A 25088 Sat
Jan 7 23:03:18 2006
.
.
.
smb: \Link1\> showconnect
//Fileserv-1/FileShare1
smb:
\Link1\> cd ../Link2
smb: \Link2\> ls
.
D 0 Thu Mar 29 12:40:14
2007
..
D 0 Thu Mar 29 12:40:14
2007
abs-guide.pdf A 2069818 Thu Mar 29 12:39:04
2007
.
.
.
sag.pdf A
869300 Thu Mar 29 12:40:14 2007
65389 blocks of size 65536. 36659 blocks available
smb:
\Link2\>
showconnect
//Fileserv-2/FileShare2
smb:
\Link2\>
However, problems ensue when I try to connect using the smbc_open and
smbc_opendir functions.
Tracing execution under gdb I see that my authentication callback
function is being called every time I use the smbc_opendir
function (that's good). I can authenticate without any problems to
the DFS root,but the problem occurs when Samba tries to
traverse the DFS tree. In this case the original server/share (i.e. of
the DFS root) is not the server/share of the DFS link.
When the code follows the path of the link, all the original
authentication information is lost. My username, password, and
workgroup are all changed to my Unix username and the workgroup that
I've defined in smb.conf. I'm prompted for a password from
the do_connect function and authentication to the server/share fails.
Using
a simple program to perform a recursive list of the contents under my
DFS root with the libsmbclient interface here's my output:
****
$ ./smblister smb://10.4.1.107/DFSRoot
Opening
(smb://10.4.1.107/DFSRoot)...
Authentication function:
Connection opened with smbc_opendir().
Opening
(smb://10.4.1.107/DFSRoot/Link1
)...
Authentication function:
Password:
tree connect failed: NT_STATUS_ACCESS_DENIED
Unable
to follow dfs referral [//Fileserv-1/FileShare1]
Could not resolve
\Link1\*
Could not open [
smb://10.4.1.107/DFSRoot/Link1] (2:No such
file or directory)
Opening (smb://10.4.1.107/DFSRoot/Link2)...
Authentication function:
tree connect failed:
NT_STATUS_ACCESS_DENIED
Unable to follow dfs referral
[//Fileserv-2/FileShare2]
Could not resolve \Link2\*
Could not
open [smb://10.4.1.107/DFSRoot/Link2] (0:Success) *****
One
difference between the two scenarios is that in the first case the
cli_cm_set_credentials function is being called in the second case
it's not. I'm not sure, but should the authentication callback
function be used when resolving a DFS path? I'm still looking
into where the defaults are set and if it's possible to get
authentication info that's not statically defined.
I also saw that I can define the /etc/samba/smbusers to map a Unix
user name to a Windows login and tried this, but my default
username is still the Unix one. I also uncommented the username map
line in smb.conf.
Thanks for looking at this...
Regards,
Avinash
More information about the samba
mailing list