[Samba] Can winbind authenticate users from two AD groups?

Joel Therrien Joel_Therrien at uml.edu
Mon Sep 21 08:04:01 MDT 2009


Sorry, I sent a reply last week and it looks like it never made it out, 
here is a repost...

On the windows box, it doesn't display an error, it just shows the 
username and password prompt
again.

    The samba log for the windows box is attached. I am noting that the 
student is correctly trying to log
in using the STUDENT\Username form to identify that he belongs to the 
student domain. But the log
shows that the workstation is being added to his credentials. No idea if 
that is casing the issue.

If it helps, I can also provide the samb config file.

Thanks!

logfile:
[2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
  Transaction 0 of length 137 (0 toread)
[2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
  switch message SMBnegprot (pid 5608) conn 0x0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
  Requested protocol [LANMAN1.0]
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
  Requested protocol [Windows for Workgroups 3.1a]
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
  Requested protocol [LM1.2X002]
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
  Requested protocol [LANMAN2.1]
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
  Requested protocol [NT LM 0.12]
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_nt1(392)
  using SPNEGO
[2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(673)
  Selected protocol NT LM 0.12
[2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
  Transaction 1 of length 240 (0 toread)
[2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
  switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
  wct=12 flg2=0xc807
[2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
  Doing spnego session setup
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_spnego_negotiate(800)
  reply_spnego_negotiate: Got secblob of size 40
[2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xa2088207
[2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
  Transaction 2 of length 276 (0 toread)
[2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
  switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
  wct=12 flg2=0xc807
[2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
  Doing spnego session setup
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:ntlmssp_server_auth(745)
  Got user=[] domain=[] workstation=[UML-4F0C88A99EB] len1=1 len2=0
[2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(220)
  check_ntlm_password:  Checking password for unmapped user 
[]\[]@[UML-4F0C88A99EB] with the new password interface
[2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(223)
  check_ntlm_password:  mapped user is: [UMLADCO]\[]@[UML-4F0C88A99EB]
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(269)
  check_ntlm_password: guest authentication for user [] succeeded
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] lib/privileges.c:get_privileges(63)
  get_privileges: No privileges assigned to SID 
[S-1-5-21-1671084997-507029419-2634510391-501]
[2009/08/14 15:57:05,  3] lib/privileges.c:get_privileges(63)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2009/08/14 15:57:05,  3] lib/privileges.c:get_privileges(63)
  get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2009/08/14 15:57:05,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xa2088205
[2009/08/14 15:57:05,  3] smbd/password.c:register_existing_vuid(314)
  register_existing_vuid: User name: nobody    Real name: nobody
[2009/08/14 15:57:05,  3] smbd/password.c:register_existing_vuid(326)
  register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will 
be vuid 100
[2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
  Transaction 3 of length 90 (0 toread)
[2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
  switch message SMBtconX (pid 5608) conn 0x0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/service.c:make_connection_snum(940)
  Connect path is '/tmp' for service [ipc$]
[2009/08/14 15:57:05,  3] lib/util_seaccess.c:se_access_check(249)
[2009/08/14 15:57:05,  3] lib/util_seaccess.c:se_access_check(252)
  se_access_check: user sid is S-1-5-21-1671084997-507029419-2634510391-501
  se_access_check: also S-1-1-0
  se_access_check: also S-1-5-2
  se_access_check: also S-1-5-32-546
[2009/08/14 15:57:05,  3] smbd/vfs.c:vfs_init_default(96)
  Initialising default vfs hooks
[2009/08/14 15:57:05,  3] smbd/vfs.c:vfs_init_custom(130)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2009/08/14 15:57:05,  3] lib/util_sid.c:string_to_sid(228)
  string_to_sid: Sid joel does not start with 'S-'.
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  2] smbd/uid.c:change_to_user(192)
  change_to_user: SMB user  (unix user nobody, vuid 100) not permitted 
access to share ipc$.
[2009/08/14 15:57:05,  0] smbd/service.c:make_connection_snum(1082)
  Can't become connected user!
[2009/08/14 15:57:05,  3] smbd/connection.c:yield_connection(31)
  Yielding connection to ipc$
[2009/08/14 15:57:05,  3] smbd/error.c:error_packet_set(61)
  error packet at smbd/reply.c(662) cmd=117 (SMBtconX) 
NT_STATUS_LOGON_FAILURE
[2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
  Transaction 4 of length 43 (0 toread)
[2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
  switch message SMBulogoffX (pid 5608) conn 0x0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/reply.c:reply_ulogoffX(1910)
  ulogoffX vuid=100
[2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
  Transaction 5 of length 240 (0 toread)
[2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
  switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
  wct=12 flg2=0xc807
[2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
  Doing spnego session setup
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_spnego_negotiate(800)
  reply_spnego_negotiate: Got secblob of size 40
[2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xa2088207
[2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
  Transaction 6 of length 358 (0 toread)
[2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
  switch message SMBsesssetupX (pid 5608) conn 0x0
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
  wct=12 flg2=0xc807
[2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
  Doing spnego session setup
[2009/08/14 15:57:05,  3] 
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 
5.1] PrimaryDomain=[]
[2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:ntlmssp_server_auth(745)
  Got user=[lian_dai] domain=[STUDENT] workstation=[UML-4F0C88A99EB] 
len1=24 len2=24
[2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(220)
  check_ntlm_password:  Checking password for unmapped user 
[STUDENT]\[lian_dai]@[UML-4F0C88A99EB] with the new password interface
[2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(223)
  check_ntlm_password:  mapped user is: 
[STUDENT]\[lian_dai]@[UML-4F0C88A99EB]
[2009/08/14 15:57:05,  1] auth/auth.c:check_domain_match(171)
  check_domain_match: Attempt to connect as user lian_dai from domain 
STUDENT denied.
[2009/08/14 15:57:05,  3] smbd/error.c:error_packet_set(61)
  error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) 
NT_STATUS_LOGON_FAILURE
[2009/08/14 15:57:05,  3] smbd/process.c:smbd_process(2035)
  receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/08/14 15:57:05,  3] smbd/connection.c:yield_connection(31)
  Yielding connection to
[2009/08/14 15:57:05,  3] smbd/server.c:exit_server_common(949)
  Server exit (normal exit)

Asst. Prof. Joel M. Therrien
Ph: 978-934-3324
Fax: 978-934-3027
Joel_Therrien at uml.edu
Dept. of Electrical & Computer Engineering
U. Massachusetts-Lowell
1 University Ave
Lowell, MA 01854



Joel Therrien wrote:
>
>     On the windows box, it doesn't display an error, it just shows the 
> username and password prompt
> again.
>
>     The samba log for the windows box is attached. I am noting that 
> the student is correctly trying to log
> in using the STUDENT\Username form to identify that he belongs to the 
> student domain. But the log
> shows that the workstation is being added to his credentials. No idea 
> if that is casing the issue.
>
> If it helps, I can also provide the samb config file.
>
> Thanks!
>
> logfile:
> [2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
>   Transaction 0 of length 137 (0 toread)
> [2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
>   switch message SMBnegprot (pid 5608) conn 0x0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
>   Requested protocol [PC NETWORK PROGRAM 1.0]
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
>   Requested protocol [LANMAN1.0]
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
>   Requested protocol [Windows for Workgroups 3.1a]
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
>   Requested protocol [LM1.2X002]
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
>   Requested protocol [LANMAN2.1]
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(568)
>   Requested protocol [NT LM 0.12]
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_nt1(392)
>   using SPNEGO
> [2009/08/14 15:57:05,  3] smbd/negprot.c:reply_negprot(673)
>   Selected protocol NT LM 0.12
> [2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
>   Transaction 1 of length 240 (0 toread)
> [2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
>   switch message SMBsesssetupX (pid 5608) conn 0x0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
>   wct=12 flg2=0xc807
> [2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would 
> close all old resources.
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
>   Doing spnego session setup
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
>   NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 
> 2002 5.1] PrimaryDomain=[]
> [2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_spnego_negotiate(800)
>   reply_spnego_negotiate: Got secblob of size 40
> [2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>   Got NTLMSSP neg_flags=0xa2088207
> [2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
>   Transaction 2 of length 276 (0 toread)
> [2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
>   switch message SMBsesssetupX (pid 5608) conn 0x0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
>   wct=12 flg2=0xc807
> [2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would 
> close all old resources.
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
>   Doing spnego session setup
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
>   NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 
> 2002 5.1] PrimaryDomain=[]
> [2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:ntlmssp_server_auth(745)
>   Got user=[] domain=[] workstation=[UML-4F0C88A99EB] len1=1 len2=0
> [2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(220)
>   check_ntlm_password:  Checking password for unmapped user 
> []\[]@[UML-4F0C88A99EB] with the new password interface
> [2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(223)
>   check_ntlm_password:  mapped user is: [UMLADCO]\[]@[UML-4F0C88A99EB]
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(269)
>   check_ntlm_password: guest authentication for user [] succeeded
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] lib/privileges.c:get_privileges(63)
>   get_privileges: No privileges assigned to SID 
> [S-1-5-21-1671084997-507029419-2634510391-501]
> [2009/08/14 15:57:05,  3] lib/privileges.c:get_privileges(63)
>   get_privileges: No privileges assigned to SID [S-1-5-2]
> [2009/08/14 15:57:05,  3] lib/privileges.c:get_privileges(63)
>   get_privileges: No privileges assigned to SID [S-1-5-32-546]
> [2009/08/14 15:57:05,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
>   NTLMSSP Sign/Seal - Initialising with flags:
> [2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>   Got NTLMSSP neg_flags=0xa2088205
> [2009/08/14 15:57:05,  3] smbd/password.c:register_existing_vuid(314)
>   register_existing_vuid: User name: nobody    Real name: nobody
> [2009/08/14 15:57:05,  3] smbd/password.c:register_existing_vuid(326)
>   register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will 
> be vuid 100
> [2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
>   Transaction 3 of length 90 (0 toread)
> [2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
>   switch message SMBtconX (pid 5608) conn 0x0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/service.c:make_connection_snum(940)
>   Connect path is '/tmp' for service [ipc$]
> [2009/08/14 15:57:05,  3] lib/util_seaccess.c:se_access_check(249)
> [2009/08/14 15:57:05,  3] lib/util_seaccess.c:se_access_check(252)
>   se_access_check: user sid is 
> S-1-5-21-1671084997-507029419-2634510391-501
>   se_access_check: also S-1-1-0
>   se_access_check: also S-1-5-2
>   se_access_check: also S-1-5-32-546
> [2009/08/14 15:57:05,  3] smbd/vfs.c:vfs_init_default(96)
>   Initialising default vfs hooks
> [2009/08/14 15:57:05,  3] smbd/vfs.c:vfs_init_custom(130)
>   Initialising custom vfs hooks from [/[Default VFS]/]
> [2009/08/14 15:57:05,  3] lib/util_sid.c:string_to_sid(228)
>   string_to_sid: Sid joel does not start with 'S-'.
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:push_sec_ctx(224)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/uid.c:push_conn_ctx(357)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  2] smbd/uid.c:change_to_user(192)
>   change_to_user: SMB user  (unix user nobody, vuid 100) not permitted 
> access to share ipc$.
> [2009/08/14 15:57:05,  0] smbd/service.c:make_connection_snum(1082)
>   Can't become connected user!
> [2009/08/14 15:57:05,  3] smbd/connection.c:yield_connection(31)
>   Yielding connection to ipc$
> [2009/08/14 15:57:05,  3] smbd/error.c:error_packet_set(61)
>   error packet at smbd/reply.c(662) cmd=117 (SMBtconX) 
> NT_STATUS_LOGON_FAILURE
> [2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
>   Transaction 4 of length 43 (0 toread)
> [2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
>   switch message SMBulogoffX (pid 5608) conn 0x0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/reply.c:reply_ulogoffX(1910)
>   ulogoffX vuid=100
> [2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
>   Transaction 5 of length 240 (0 toread)
> [2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
>   switch message SMBsesssetupX (pid 5608) conn 0x0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
>   wct=12 flg2=0xc807
> [2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would 
> close all old resources.
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
>   Doing spnego session setup
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
>   NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 
> 2002 5.1] PrimaryDomain=[]
> [2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_spnego_negotiate(800)
>   reply_spnego_negotiate: Got secblob of size 40
> [2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>   Got NTLMSSP neg_flags=0xa2088207
> [2009/08/14 15:57:05,  3] smbd/process.c:process_smb(1549)
>   Transaction 6 of length 358 (0 toread)
> [2009/08/14 15:57:05,  3] smbd/process.c:switch_message(1361)
>   switch message SMBsesssetupX (pid 5608) conn 0x0
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1409)
>   wct=12 flg2=0xc807
> [2009/08/14 15:57:05,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
>   setup_new_vc_session: New VC == 0, if NT4.x compatible we would 
> close all old resources.
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173)
>   Doing spnego session setup
> [2009/08/14 15:57:05,  3] 
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208)
>   NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 
> 2002 5.1] PrimaryDomain=[]
> [2009/08/14 15:57:05,  3] libsmb/ntlmssp.c:ntlmssp_server_auth(745)
>   Got user=[lian_dai] domain=[STUDENT] workstation=[UML-4F0C88A99EB] 
> len1=24 len2=24
> [2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(220)
>   check_ntlm_password:  Checking password for unmapped user 
> [STUDENT]\[lian_dai]@[UML-4F0C88A99EB] with the new password interface
> [2009/08/14 15:57:05,  3] auth/auth.c:check_ntlm_password(223)
>   check_ntlm_password:  mapped user is: 
> [STUDENT]\[lian_dai]@[UML-4F0C88A99EB]
> [2009/08/14 15:57:05,  1] auth/auth.c:check_domain_match(171)
>   check_domain_match: Attempt to connect as user lian_dai from domain 
> STUDENT denied.
> [2009/08/14 15:57:05,  3] smbd/error.c:error_packet_set(61)
>   error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) 
> NT_STATUS_LOGON_FAILURE
> [2009/08/14 15:57:05,  3] smbd/process.c:smbd_process(2035)
>   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
> [2009/08/14 15:57:05,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/08/14 15:57:05,  3] smbd/connection.c:yield_connection(31)
>   Yielding connection to
> [2009/08/14 15:57:05,  3] smbd/server.c:exit_server_common(949)
>   Server exit (normal exit)
>
> Asst. Prof. Joel M. Therrien
> Ph: 978-934-3324
> Fax: 978-934-3027
> Joel_Therrien at uml.edu
> Dept. of Electrical & Computer Engineering
> U. Massachusetts-Lowell
> 1 University Ave
> Lowell, MA 01854
>
>
> vishesh kumar wrote:
>> What exactly error, does it give login / password error while 
>> connecting samba box from windows.
>>
>> thnks
>>
>>
>> On Wed, Sep 16, 2009 at 2:45 AM, Joel_Therrien <Joel_Therrien at uml.edu 
>> <mailto:Joel_Therrien at uml.edu>> wrote:
>>
>>     Hello,
>>
>>     I am trying to authenticate users from two seperate groups within
>>     our active directory listings: faculty and students. I can do
>>     wbinfo -a on users from both groups. But when students try to
>>     access samba shares they cannot. Since I am using PAM for
>>     authentication, I had them try logging into the Linux box. They
>>     can do that using the exact same credentials they tried with the
>>     samba login. Faculty have no issues.
>>
>>     I have the samba.conf file and log files available if needed.
>>
>>     Thanks in advance for any help, this issue is preventing my
>>     students from having easy access to the lab's data file server.
>>
>>     Joel Therrien
>>     Ast. Professor,
>>     Electrical and Computer Engineering
>>     -- 
>>     To unsubscribe from this list go to the following URL and read the
>>     instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>>
>>
>> -- 
>> http://linuxinterviews.blogspot.com


More information about the samba mailing list