[Samba] windows users can login but OS X users cannot

grant little grantliddle at gmail.com
Sat Feb 20 02:29:24 MST 2010 

Hello,
having spent many hours scouring archives, docs, books and googling without
finding an answer I need to ask your help on this.

running samba 3.4.0-3ubuntu5.3 on ubuntu 9.10 server, client users can login
to the share from windows clients but the same users is denied access when
connecting from OS X  via GO/Connect To Server in format
smb://fqdnofserver

user authentication is to active directory  using kerberos and LDAP and am
not running winbind

pam.d/samba is set to allow smb logins, that is shell logins are not
permitted for active directory authenticated users. here's that snippet:
# /etc/pam.d/samba
auth sufficient pam_krb5.so minimum_uid=1000 use_first_pass
account sufficient pam_ldap.so use_first_pass
session sufficient pam_ldap.so


I have tested my configs on samba 3.0.33 on CENTOS and it works fine there
for both OS X and windows

the share is setup on
/shares/asgs
with these permissions:
drwxrwsrwx   8 root root   87 2010-02-20 00:17 shares
drwxrws--- 2 grant ASGSFileUsers  18 2010-02-20 00:21 asgs

here's smb.conf:
[global]
  unix extensions = no
  disable spoolss = Yes
  disable netbios = yes
  name resolve order = hosts
  workgroup = AD
  realm = AD.UCSD.EDU
  server string = %h server (Samba, Ubuntu)
  dns proxy = no
  log file = /var/log/samba/log.%m
  max log size = 1000
  syslog = 0
  log level = 3
  panic action = /usr/share/samba/panic-action %d
  security = ads
  encrypt passwords = true
  passdb backend = tdbsam
  obey pam restrictions = yes
  unix password sync = yes
  pam password change = no
  map to guest = bad user
  usershare allow guests = no
[asgs]
  comment = ASGS
  path = /shares/asgs
  browsable = Yes
  valid users = @ad\ASGSFileUsers
  write list = @ad\ASGSFileUsers
  create mask = 2660
  directory mask = 2770

The tail n20 of the log of the conecting ip shows this for an OS X attempt:
[2010/02/20 00:56:16,  3] smbd/oplock_linux.c:219(linux_init_kernel_oplocks)
  Linux kernel oplocks enabled
[2010/02/20 00:56:16,  3] smbd/process.c:1453(process_smb)
  Transaction 0 of length 51 (0 toread)
[2010/02/20 00:56:16,  3] smbd/process.c:1272(switch_message)
  switch message SMBnegprot (pid 5658) conn 0x0
[2010/02/20 00:56:16,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/20 00:56:16,  3] smbd/negprot.c:567(reply_negprot)
  Requested protocol [NT LM 0.12]
[2010/02/20 00:56:16,  3] smbd/negprot.c:387(reply_nt1)
  using SPNEGO
[2010/02/20 00:56:16,  3] smbd/negprot.c:672(reply_negprot)
  Selected protocol NT LM 0.12
[2010/02/20 00:56:18,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/20 00:56:18,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2010/02/20 00:56:18,  3] smbd/server.c:848(exit_server_common)
  Server exit (failed to receive smb request)



Hope someone can give me a pointer where to look next or what to tweak. Let
me know if you need other log snippets.

Thanks,
Grant

More information about the samba mailing list