[Samba] Can winbind authenticate users from two AD groups?
Joel Therrien
Joel_Therrien at uml.edu
Wed Sep 16 22:00:42 MDT 2009
On the windows box, it doesn't display an error, it just shows the
username and password prompt
again.
The samba log for the windows box is attached. I am noting that the
student is correctly trying to log
in using the STUDENT\Username form to identify that he belongs to the
student domain. But the log
shows that the workstation is being added to his credentials. No idea if
that is casing the issue.
If it helps, I can also provide the samb config file.
Thanks!
logfile:
[2009/08/14 15:57:05, 3] smbd/process.c:process_smb(1549)
Transaction 0 of length 137 (0 toread)
[2009/08/14 15:57:05, 3] smbd/process.c:switch_message(1361)
switch message SMBnegprot (pid 5608) conn 0x0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [LANMAN1.0]
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [Windows for Workgroups 3.1a]
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [LM1.2X002]
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [LANMAN2.1]
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_negprot(568)
Requested protocol [NT LM 0.12]
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_nt1(392)
using SPNEGO
[2009/08/14 15:57:05, 3] smbd/negprot.c:reply_negprot(673)
Selected protocol NT LM 0.12
[2009/08/14 15:57:05, 3] smbd/process.c:process_smb(1549)
Transaction 1 of length 240 (0 toread)
[2009/08/14 15:57:05, 3] smbd/process.c:switch_message(1361)
switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
wct=12 flg2=0xc807
[2009/08/14 15:57:05, 2] smbd/sesssetup.c:setup_new_vc_session(1363)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
Doing spnego session setup
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(800)
reply_spnego_negotiate: Got secblob of size 40
[2009/08/14 15:57:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088207
[2009/08/14 15:57:05, 3] smbd/process.c:process_smb(1549)
Transaction 2 of length 276 (0 toread)
[2009/08/14 15:57:05, 3] smbd/process.c:switch_message(1361)
switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
wct=12 flg2=0xc807
[2009/08/14 15:57:05, 2] smbd/sesssetup.c:setup_new_vc_session(1363)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
Doing spnego session setup
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745)
Got user=[] domain=[] workstation=[UML-4F0C88A99EB] len1=1 len2=0
[2009/08/14 15:57:05, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[]\[]@[UML-4F0C88A99EB] with the new password interface
[2009/08/14 15:57:05, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [UMLADCO]\[]@[UML-4F0C88A99EB]
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: guest authentication for user [] succeeded
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID
[S-1-5-21-1671084997-507029419-2634510391-501]
[2009/08/14 15:57:05, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/08/14 15:57:05, 3] lib/privileges.c:get_privileges(63)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2009/08/14 15:57:05, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2009/08/14 15:57:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088205
[2009/08/14 15:57:05, 3] smbd/password.c:register_existing_vuid(314)
register_existing_vuid: User name: nobody Real name: nobody
[2009/08/14 15:57:05, 3] smbd/password.c:register_existing_vuid(326)
register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will
be vuid 100
[2009/08/14 15:57:05, 3] smbd/process.c:process_smb(1549)
Transaction 3 of length 90 (0 toread)
[2009/08/14 15:57:05, 3] smbd/process.c:switch_message(1361)
switch message SMBtconX (pid 5608) conn 0x0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/service.c:make_connection_snum(940)
Connect path is '/tmp' for service [ipc$]
[2009/08/14 15:57:05, 3] lib/util_seaccess.c:se_access_check(249)
[2009/08/14 15:57:05, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1671084997-507029419-2634510391-501
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
[2009/08/14 15:57:05, 3] smbd/vfs.c:vfs_init_default(96)
Initialising default vfs hooks
[2009/08/14 15:57:05, 3] smbd/vfs.c:vfs_init_custom(130)
Initialising custom vfs hooks from [/[Default VFS]/]
[2009/08/14 15:57:05, 3] lib/util_sid.c:string_to_sid(228)
string_to_sid: Sid joel does not start with 'S-'.
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 2] smbd/uid.c:change_to_user(192)
change_to_user: SMB user (unix user nobody, vuid 100) not permitted
access to share ipc$.
[2009/08/14 15:57:05, 0] smbd/service.c:make_connection_snum(1082)
Can't become connected user!
[2009/08/14 15:57:05, 3] smbd/connection.c:yield_connection(31)
Yielding connection to ipc$
[2009/08/14 15:57:05, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/reply.c(662) cmd=117 (SMBtconX)
NT_STATUS_LOGON_FAILURE
[2009/08/14 15:57:05, 3] smbd/process.c:process_smb(1549)
Transaction 4 of length 43 (0 toread)
[2009/08/14 15:57:05, 3] smbd/process.c:switch_message(1361)
switch message SMBulogoffX (pid 5608) conn 0x0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/reply.c:reply_ulogoffX(1910)
ulogoffX vuid=100
[2009/08/14 15:57:05, 3] smbd/process.c:process_smb(1549)
Transaction 5 of length 240 (0 toread)
[2009/08/14 15:57:05, 3] smbd/process.c:switch_message(1361)
switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
wct=12 flg2=0xc807
[2009/08/14 15:57:05, 2] smbd/sesssetup.c:setup_new_vc_session(1363)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
Doing spnego session setup
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(800)
reply_spnego_negotiate: Got secblob of size 40
[2009/08/14 15:57:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0xa2088207
[2009/08/14 15:57:05, 3] smbd/process.c:process_smb(1549)
Transaction 6 of length 358 (0 toread)
[2009/08/14 15:57:05, 3] smbd/process.c:switch_message(1361)
switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
wct=12 flg2=0xc807
[2009/08/14 15:57:05, 2] smbd/sesssetup.c:setup_new_vc_session(1363)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
Doing spnego session setup
[2009/08/14 15:57:05, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745)
Got user=[lian_dai] domain=[STUDENT] workstation=[UML-4F0C88A99EB]
len1=24 len2=24
[2009/08/14 15:57:05, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[STUDENT]\[lian_dai]@[UML-4F0C88A99EB] with the new password interface
[2009/08/14 15:57:05, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is:
[STUDENT]\[lian_dai]@[UML-4F0C88A99EB]
[2009/08/14 15:57:05, 1] auth/auth.c:check_domain_match(171)
check_domain_match: Attempt to connect as user lian_dai from domain
STUDENT denied.
[2009/08/14 15:57:05, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2009/08/14 15:57:05, 3] smbd/process.c:smbd_process(2035)
receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2009/08/14 15:57:05, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05, 3] smbd/connection.c:yield_connection(31)
Yielding connection to
[2009/08/14 15:57:05, 3] smbd/server.c:exit_server_common(949)
Server exit (normal exit)
Asst. Prof. Joel M. Therrien
Ph: 978-934-3324
Fax: 978-934-3027
Joel_Therrien at uml.edu
Dept. of Electrical & Computer Engineering
U. Massachusetts-Lowell
1 University Ave
Lowell, MA 01854
vishesh kumar wrote:
> What exactly error, does it give login / password error while
> connecting samba box from windows.
>
> thnks
>
>
> On Wed, Sep 16, 2009 at 2:45 AM, Joel_Therrien <Joel_Therrien at uml.edu
> <mailto:Joel_Therrien at uml.edu>> wrote:
>
> Hello,
>
> I am trying to authenticate users from two seperate groups within
> our active directory listings: faculty and students. I can do
> wbinfo -a on users from both groups. But when students try to
> access samba shares they cannot. Since I am using PAM for
> authentication, I had them try logging into the Linux box. They
> can do that using the exact same credentials they tried with the
> samba login. Faculty have no issues.
>
> I have the samba.conf file and log files available if needed.
>
> Thanks in advance for any help, this issue is preventing my
> students from having easy access to the lab's data file server.
>
> Joel Therrien
> Ast. Professor,
> Electrical and Computer Engineering
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
> --
> http://linuxinterviews.blogspot.com
More information about the samba
mailing list