[Samba] smb_auth problem

Vinicius Ruoso vkr07 at c3sl.ufpr.br
Mon Sep 1 01:21:59 GMT 2008 

Hi Jon Wilson,

Really thanks for your fast response. But the "lanman auth = yes" added
to global directive of my smb.conf don't make any effect on smb_auth
authentication process. The response still the same. :(

Do you have any other idea of what can be done to fix it?
Any hope is very welcome. I'm trying to get this work a long time.

8<-------------------------------------------------------------------
The following are the man entry to lanman auth:
It looks like that this option don't affect smbclient requests.

lanman auth (G)

           This parameter determines whether or not smbd(8) will attempt to
           authenticate users or permit password changes using the LANMAN
           password hash. If disabled, only clients which support NT password
           hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows
           95/98 or the MS DOS network client) will be able to connect to the
           Samba host.

           The LANMAN encrypted response is easily broken, due to it´s
           case-insensitive nature, and the choice of algorithm. Servers
           without Windows 95/98/ME or MS DOS clients are advised to disable
           this option.

           Unlike the encrypt passwords option, this parameter cannot alter
           client behaviour, and the LANMAN response will still be sent over
           the network. See the client lanman auth to disable this for
Samba´s
           clients (such as smbclient)

           If this option, and ntlm auth are both disabled, then only NTLMv2
           logins will be permited. Not all clients support NTLMv2, and most
           will require special configuration to use it.

           Default: lanman auth = no

8<-------------------------------------------------------------------



> Since upgrading to 3.2.x I had to enable
>
> lanman auth = yes
>
> in my smb.conf
>
> (thats from memory - you may want to check the man page)
>
> It fixed it for me.
>
> Jon
>
>
> 2008/8/31 Vinicius Ruoso <vkr07 at c3sl.ufpr.br>:
>> Hi samba community.
>>
>> I'm having a problem with the smb_auth authentication method. Everything
>> looks like normal, but everytime I try to use smb_auth it returns ERR.
>>
>> I will show here some commands output to secure that all configuration
>> is
>> correct, and if anyone can help me to investigate what's happend I'll
>> thanks.
>>
>>
>> I'm using: Debian lenny, updated.
>>
>> ii  samba          2:3.2.3-1
>> ii  squid          2.7.STABLE3-1
>>
>> XXXXXXXXXX its the correct password.
>>
>> 8<----------------------------------
>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
>> vinicius XXXXXXXXXXX
>> Domain name: SEKPLASTICOS
>> Pass-through authentication: no
>> Query address options: -U 127.0.0.1 -R
>> Domain controller IP address: 10.0.0.1
>> Domain controller NETBIOS name: SEK
>> Contents of //SEK/NETLOGON/proxyauth:
>> ERR
>> 8<----------------------------------
>>
>> But, look at the smbclient command.
>>
>> vinicius at sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth
>> -"
>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
>> allow
>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
>>
>> Running smb_auth with user "vinicius" don't work too.
>> 8<----------------------------------
>>
>> Some permission and configs:
>>
>> 8<----------------------------------
>> The smb_auth permissions
>>
>> sek:/usr/lib/squid# ls -l /usr/lib/squid/
>> total 284
>> -rwxr-xr-x 1 root  root   15212 Jul  6 06:28 digest_pw_auth
>> -rwxr-xr-x 1 root  root   11636 Jul  6 06:26 diskd-daemon
>> -rwxr-sr-- 1 proxy shadow  7988 Jul  6 06:28 getpwnam_auth
>> -rwxr-xr-x 1 root  root   10312 Jul  6 06:28 ip_user_check
>> -rwxr-xr-x 1 root  root   17544 Jul  6 06:28 ldap_auth
>> -rwxr-xr-x 1 root  root    5464 Jul  6 06:26 logfile-daemon
>> -rwxr-xr-x 1 root  root   32828 Jul  6 06:28 msnt_auth
>> -rwxr-xr-x 1 root  root   15748 Jul  6 06:28 ncsa_auth
>> -rwxr-xr-x 1 root  root   42216 Jul  6 06:28 ntlm_auth
>> -rwxr-sr-- 1 proxy shadow 10696 Jul  6 06:28 pam_auth
>> -rwxr-xr-x 1 root  root    9552 Jul  6 06:28 smb_auth
>> -rwxr-xr-x 1 root  root    2287 Jul  6 06:23 smb_auth.sh
>> -rwxr-xr-x 1 root  root   22848 Jul  6 06:28 squid_kerb_auth
>> -rwxr-xr-x 1 root  root   19000 Jul  6 06:28 squid_ldap_group
>> -rwxr-xr-x 1 root  root    5996 Jul  6 06:28 squid_session
>> -rwxr-xr-x 1 root  root   10248 Jul  6 06:28 squid_unix_group
>> -rwxr-xr-x 1 root  root    3732 Jul  6 06:26 unlinkd
>> -rwxr-xr-x 1 root  root    2359 Abr  9  2007 wbinfo_group.pl
>> -rwxr-xr-x 1 root  root    8776 Jul  6 06:28 yp_auth
>>
>>
>> 8<----------------------------------
>> The SMB configuration
>>
>> sek:/usr/lib/squid# cat /etc/samba/smb.conf
>> # Samba config file created using SWAT
>> # from 192.168.0.2 (192.168.0.2)
>> # Date: 2008/04/04 23:07:20
>>
>> [global]
>>    workgroup = sekplasticos
>>    netbios name = sek
>>    server string = sek
>>    security = user
>>    null passwords = No
>>    encrypt passwords = true
>>    unix password sync = No
>>    unix charset = iso8859-1
>>    display charset = cp850
>>    log level = 3
>>    log file = /var/log/samba_log.%u
>>    keepalive = 20
>>    socket options = IPTOS_LOWDELAY TCP_NODELAY
>>    logon path = \\sek\sysvol\%U
>>    logon drive = P
>>    domain logons = Yes
>>    os level = 100
>>    preferred master = Yes
>>    domain master = Yes
>>    local master = Yes
>>    wins support = Yes
>>    ldap ssl = no
>>    comment = Servidor Sek
>>    admin users = vinicius
>>    time server = Yes
>>    hosts allow = 127., 192.168.0., 10.0.0.
>>
>> [homes]
>>    comment = Pastas dos Usuarios
>>    browseable = No
>>    writable = Yes
>>    create mask = 0600
>>    directory mask = 0700
>>    valid users = %S
>>
>> [netlogon]
>>    comment = Compartilhamento de Scripts
>>    path = /home/netlogon
>>    public = Yes
>>    browseable = Yes
>>    writable = Yes
>>
>> [sysvol]
>>    comment = System Volume
>>    path = /home/sysvol
>>    writable = Yes
>>    guest ok = Yes
>>    share modes = No
>>    browseable = No
>>    hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>>
>> [publico]
>>   comment = publico
>>   path = /home/publico
>>   guest ok = No
>>   writable = Yes
>>   create mask = 0644
>>   directory mask = 0777
>>   public = Yes
>>
>> [aplicativos]
>>   comment = aplicativos
>>   path = /home/aplicativos
>>   guest ok = No
>>   writable = Yes
>>   browseable = Yes
>>   create mask = 0600
>>   directory mask = 0700
>>   valid users = gilberto
>> sek:/usr/lib/squid#
>>
>> 8<----------------------------------
>> The NETLOGON permissions and proxyauth
>>
>> sek:/home/netlogon# ls -l
>> total 4
>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
>> sek:/home/netlogon# ls -ld
>> drwxrwxrwx 2 root root 22 Ago 31 17:35 .
>> sek:/home/netlogon# cat proxyauth
>> allow
>> 8<----------------------------------
>>
>>
>> Really thanks if someone could help me.
>>
>> --
>> Vinicius Ruoso - vkr07 at c3sl.ufpr.br
>> C3SL: http://www.c3sl.ufpr.br
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>


-- 
Vinicius Ruoso - vkr07 at c3sl.ufpr.br
C3SL: http://www.c3sl.ufpr.br

More information about the samba mailing list