[Samba] Q: Client cannot authenticate

Chris Osicki osk at admin.swisscom-mobile.ch
Thu Aug 21 09:50:20 GMT 2008


Hi

A new setup Windows client fails to authenticate to my Samba server (3.0.24-SerNet-RedHat).
What I see in log at level 10 is:

  Got user=[SA-MC-SMSNS at corproot.net] domain=[] workstation=[MSISMSSRV01P] len1=24 len2=122

The empty domain seams to be origin of the problem, for other systems
working OK this field is not empty.

The Windows client is:
NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2]
Security settings on this system enforce NTLMv2, those ones working OK are set to use
NTLM (I was told by the Windows admin).

I guess the problem is on the Windows side but I cannot think about better place to ask than
this list.

Log and configs below.

I would be very thankful for any help.

Thanks for your time.
Chris

  Got user=[SA-MC-SMSNS at corproot.net] domain=[] workstation=[MSISMSSRV01P] len1=24 len2=122
[2008/08/20 09:41:57, 6] param/loadparm.c:lp_file_list_changed(2998)
  lp_file_list_changed()
  file /etc/samba/smb.conf.nfsv2 -> /etc/samba/smb.conf.nfsv2  last mod_time: Mon Aug 18 16:58:49 2008

[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info_map(161)
  make_user_info_map: Mapping user []\[SA-MC-SMSNS at corproot.net] from workstation [MSISMSSRV01P]
[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info(75)
  attempting to make a user_info for SA-MC-SMSNS at corproot.net (SA-MC-SMSNS at corproot.net)
[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info(85)
  making strings for SA-MC-SMSNS at corproot.net's user_info struct
[2008/08/20 09:41:57, 5] auth/auth_util.c:make_user_info(117)
  making blobs for SA-MC-SMSNS at corproot.net's user_info struct
[2008/08/20 09:41:57, 10] auth/auth_util.c:make_user_info(135)
  made an encrypted user_info for SA-MC-SMSNS at corproot.net (SA-MC-SMSNS at corproot.net)
[2008/08/20 09:41:57, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user []\[SA-MC-SMSNS at corproot.net]@[MSISMSSRV01P] with the new password interfac
e
[2008/08/20 09:41:57, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MCRESDOM]\[SA-MC-SMSNS at corproot.net]@[MSISMSSRV01P]
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(233)
  check_ntlm_password: auth_context challenge created by random
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(235)
  challenge is:
[2008/08/20 09:41:57, 5] lib/util.c:dump_data(2222)
  [000] 29 67 C6 A2 2C EF D6 92                           )g<C6><A2>,<EF><D6>.
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(261)
  check_ntlm_password: guest had nothing to say
[2008/08/20 09:41:57, 8] lib/util.c:is_myname(2043)
  is_myname("MCRESDOM") returns 0
[2008/08/20 09:41:57, 6] auth/auth_sam.c:check_samstrict_security(414)
  check_samstrict_security: MCRESDOM is not one of my local names (ROLE_DOMAIN_MEMBER)
[2008/08/20 09:41:57, 10] auth/auth.c:check_ntlm_password(261)
  check_ntlm_password: sam had nothing to say
[2008/08/20 09:41:57, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/08/20 09:41:57, 3] smbd/uid.c:push_conn_ctx(345)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/08/20 09:41:57, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/08/20 09:41:57, 5] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2008/08/20 09:41:57, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2008/08/20 09:41:57, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/08/20 09:41:57, 5] auth/auth.c:check_ntlm_password(273)
  check_ntlm_password: winbind authentication for user [SA-MC-SMSNS at corproot.net] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/08/20 09:41:57, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [SA-MC-SMSNS at corproot.net] -> [SA-MC-SMSNS at corproot.net] FAILED with error NT_STATUS_LO
GON_FAILURE
[2008/08/20 09:41:57, 5] auth/auth_util.c:free_user_info(1867)
  attempting to free (and zero) a user_info structure
[2008/08/20 09:41:57, 10] auth/auth_util.c:free_user_info(1871)
  structure was created for SA-MC-SMSNS at corproot.net
[2008/08/20 09:41:57, 3] smbd/error.c:error_packet(146)
  error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2008/08/20 09:41:57, 5] lib/util.c:show_msg(485)
[2008/08/20 09:41:57, 5] lib/util.c:show_msg(495)

smb.conf
[global]
        workgroup = mcresdom
        security = domain
        client lanman auth = No
        client NTLMv2 auth = Yes
        password server = sg1562z.mcresdom.net sg1561p.mcresdom.net
        name resolve order = host

        winbind uid = 1000-120000
        winbind gid = 1000-120000
        winbind enum users = no
        winbind enum groups = no

        # Using ldap server as winbindd backend
        idmap backend = ldap:ldap://msunldap1.swissptt.ch ldap:ldap://msunldap2.swissptt.ch
        ldap admin dn = uid=idmapadm,ou=idmap,dc=mobile,dc=ch
        ldap idmap suffix = ou=idmap
        ldap suffix = dc=mobile,dc=ch

And smb.conf.nfsv2 (config for this Samba instance)
[global]
        workgroup = MCRESDOM
        security = domain
        netbios name = MSILYNFSV2
        log level = 0
        preferred master = no
        dns proxy = no
        server string = %L SYI-UNS Samba Server on %h (%v)
        log file = /var/log/samba.nfsv2/%m.log
        pid directory = /var/run/samba.nfsv2
        private dir = /etc/samba.nfsv2
        lock directory = /var/lib/samba.nfsv2
        bind interfaces only = yes
        interfaces = msilynfsv2


More information about the samba mailing list