[Samba] smb_auth problem

Jon Wilson jon at wharfs.net
Mon Sep 1 11:42:14 GMT 2008


Sorry for the misleading information.

I use censornet and that stopped authenticating to the domain when I
did the upgrade to 3.2.x - I thought you might be suffering the same
issue.

Jon


2008/9/1 Vinicius Ruoso <vkr07 at c3sl.ufpr.br>:
> Hi Jon Wilson,
>
> Really thanks for your fast response. But the "lanman auth = yes" added
> to global directive of my smb.conf don't make any effect on smb_auth
> authentication process. The response still the same. :(
>
> Do you have any other idea of what can be done to fix it?
> Any hope is very welcome. I'm trying to get this work a long time.
>
> 8<-------------------------------------------------------------------
> The following are the man entry to lanman auth:
> It looks like that this option don't affect smbclient requests.
>
> lanman auth (G)
>
>           This parameter determines whether or not smbd(8) will attempt to
>           authenticate users or permit password changes using the LANMAN
>           password hash. If disabled, only clients which support NT password
>           hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows
>           95/98 or the MS DOS network client) will be able to connect to the
>           Samba host.
>
>           The LANMAN encrypted response is easily broken, due to it´s
>           case-insensitive nature, and the choice of algorithm. Servers
>           without Windows 95/98/ME or MS DOS clients are advised to disable
>           this option.
>
>           Unlike the encrypt passwords option, this parameter cannot alter
>           client behaviour, and the LANMAN response will still be sent over
>           the network. See the client lanman auth to disable this for
> Samba´s
>           clients (such as smbclient)
>
>           If this option, and ntlm auth are both disabled, then only NTLMv2
>           logins will be permited. Not all clients support NTLMv2, and most
>           will require special configuration to use it.
>
>           Default: lanman auth = no
>
> 8<-------------------------------------------------------------------
>
>
>
>> Since upgrading to 3.2.x I had to enable
>>
>> lanman auth = yes
>>
>> in my smb.conf
>>
>> (thats from memory - you may want to check the man page)
>>
>> It fixed it for me.
>>
>> Jon
>>
>>
>> 2008/8/31 Vinicius Ruoso <vkr07 at c3sl.ufpr.br>:
>>> Hi samba community.
>>>
>>> I'm having a problem with the smb_auth authentication method. Everything
>>> looks like normal, but everytime I try to use smb_auth it returns ERR.
>>>
>>> I will show here some commands output to secure that all configuration
>>> is
>>> correct, and if anyone can help me to investigate what's happend I'll
>>> thanks.
>>>
>>>
>>> I'm using: Debian lenny, updated.
>>>
>>> ii  samba          2:3.2.3-1
>>> ii  squid          2.7.STABLE3-1
>>>
>>> XXXXXXXXXX its the correct password.
>>>
>>> 8<----------------------------------
>>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
>>> vinicius XXXXXXXXXXX
>>> Domain name: SEKPLASTICOS
>>> Pass-through authentication: no
>>> Query address options: -U 127.0.0.1 -R
>>> Domain controller IP address: 10.0.0.1
>>> Domain controller NETBIOS name: SEK
>>> Contents of //SEK/NETLOGON/proxyauth:
>>> ERR
>>> 8<----------------------------------
>>>
>>> But, look at the smbclient command.
>>>
>>> vinicius at sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth
>>> -"
>>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
>>> allow
>>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
>>>
>>> Running smb_auth with user "vinicius" don't work too.
>>> 8<----------------------------------
>>>
>>> Some permission and configs:
>>>
>>> 8<----------------------------------
>>> The smb_auth permissions
>>>
>>> sek:/usr/lib/squid# ls -l /usr/lib/squid/
>>> total 284
>>> -rwxr-xr-x 1 root  root   15212 Jul  6 06:28 digest_pw_auth
>>> -rwxr-xr-x 1 root  root   11636 Jul  6 06:26 diskd-daemon
>>> -rwxr-sr-- 1 proxy shadow  7988 Jul  6 06:28 getpwnam_auth
>>> -rwxr-xr-x 1 root  root   10312 Jul  6 06:28 ip_user_check
>>> -rwxr-xr-x 1 root  root   17544 Jul  6 06:28 ldap_auth
>>> -rwxr-xr-x 1 root  root    5464 Jul  6 06:26 logfile-daemon
>>> -rwxr-xr-x 1 root  root   32828 Jul  6 06:28 msnt_auth
>>> -rwxr-xr-x 1 root  root   15748 Jul  6 06:28 ncsa_auth
>>> -rwxr-xr-x 1 root  root   42216 Jul  6 06:28 ntlm_auth
>>> -rwxr-sr-- 1 proxy shadow 10696 Jul  6 06:28 pam_auth
>>> -rwxr-xr-x 1 root  root    9552 Jul  6 06:28 smb_auth
>>> -rwxr-xr-x 1 root  root    2287 Jul  6 06:23 smb_auth.sh
>>> -rwxr-xr-x 1 root  root   22848 Jul  6 06:28 squid_kerb_auth
>>> -rwxr-xr-x 1 root  root   19000 Jul  6 06:28 squid_ldap_group
>>> -rwxr-xr-x 1 root  root    5996 Jul  6 06:28 squid_session
>>> -rwxr-xr-x 1 root  root   10248 Jul  6 06:28 squid_unix_group
>>> -rwxr-xr-x 1 root  root    3732 Jul  6 06:26 unlinkd
>>> -rwxr-xr-x 1 root  root    2359 Abr  9  2007 wbinfo_group.pl
>>> -rwxr-xr-x 1 root  root    8776 Jul  6 06:28 yp_auth
>>>
>>>
>>> 8<----------------------------------
>>> The SMB configuration
>>>
>>> sek:/usr/lib/squid# cat /etc/samba/smb.conf
>>> # Samba config file created using SWAT
>>> # from 192.168.0.2 (192.168.0.2)
>>> # Date: 2008/04/04 23:07:20
>>>
>>> [global]
>>>    workgroup = sekplasticos
>>>    netbios name = sek
>>>    server string = sek
>>>    security = user
>>>    null passwords = No
>>>    encrypt passwords = true
>>>    unix password sync = No
>>>    unix charset = iso8859-1
>>>    display charset = cp850
>>>    log level = 3
>>>    log file = /var/log/samba_log.%u
>>>    keepalive = 20
>>>    socket options = IPTOS_LOWDELAY TCP_NODELAY
>>>    logon path = \\sek\sysvol\%U
>>>    logon drive = P
>>>    domain logons = Yes
>>>    os level = 100
>>>    preferred master = Yes
>>>    domain master = Yes
>>>    local master = Yes
>>>    wins support = Yes
>>>    ldap ssl = no
>>>    comment = Servidor Sek
>>>    admin users = vinicius
>>>    time server = Yes
>>>    hosts allow = 127., 192.168.0., 10.0.0.
>>>
>>> [homes]
>>>    comment = Pastas dos Usuarios
>>>    browseable = No
>>>    writable = Yes
>>>    create mask = 0600
>>>    directory mask = 0700
>>>    valid users = %S
>>>
>>> [netlogon]
>>>    comment = Compartilhamento de Scripts
>>>    path = /home/netlogon
>>>    public = Yes
>>>    browseable = Yes
>>>    writable = Yes
>>>
>>> [sysvol]
>>>    comment = System Volume
>>>    path = /home/sysvol
>>>    writable = Yes
>>>    guest ok = Yes
>>>    share modes = No
>>>    browseable = No
>>>    hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>>>
>>> [publico]
>>>   comment = publico
>>>   path = /home/publico
>>>   guest ok = No
>>>   writable = Yes
>>>   create mask = 0644
>>>   directory mask = 0777
>>>   public = Yes
>>>
>>> [aplicativos]
>>>   comment = aplicativos
>>>   path = /home/aplicativos
>>>   guest ok = No
>>>   writable = Yes
>>>   browseable = Yes
>>>   create mask = 0600
>>>   directory mask = 0700
>>>   valid users = gilberto
>>> sek:/usr/lib/squid#
>>>
>>> 8<----------------------------------
>>> The NETLOGON permissions and proxyauth
>>>
>>> sek:/home/netlogon# ls -l
>>> total 4
>>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
>>> sek:/home/netlogon# ls -ld
>>> drwxrwxrwx 2 root root 22 Ago 31 17:35 .
>>> sek:/home/netlogon# cat proxyauth
>>> allow
>>> 8<----------------------------------
>>>
>>>
>>> Really thanks if someone could help me.
>>>
>>> --
>>> Vinicius Ruoso - vkr07 at c3sl.ufpr.br
>>> C3SL: http://www.c3sl.ufpr.br
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>>
>>
>
>
> --
> Vinicius Ruoso - vkr07 at c3sl.ufpr.br
> C3SL: http://www.c3sl.ufpr.br
>
>


More information about the samba mailing list