[Samba] windows users can login but OS X users cannot

Alex Ferrara alex at receptiveit.com.au
Sat Feb 20 12:17:19 MST 2010


I have seen this behaviour recently using Samba 3.4.5 from the Lucid  
tree on Ubuntu 9.10

Try using domain\username for the username

To me, it appears to be a bug in winbind not using the default domain,  
but I could be wrong.

Sent from my iPhone

On 20/02/2010, at 8:29 PM, grant little <grantliddle at gmail.com> wrote:

> Hello,
> having spent many hours scouring archives, docs, books and googling  
> without
> finding an answer I need to ask your help on this.
>
> running samba 3.4.0-3ubuntu5.3 on ubuntu 9.10 server, client users  
> can login
> to the share from windows clients but the same users is denied  
> access when
> connecting from OS X  via GO/Connect To Server in format
> smb://fqdnofserver
>
> user authentication is to active directory  using kerberos and LDAP  
> and am
> not running winbind
>
> pam.d/samba is set to allow smb logins, that is shell logins are not
> permitted for active directory authenticated users. here's that  
> snippet:
> # /etc/pam.d/samba
> auth sufficient pam_krb5.so minimum_uid=1000 use_first_pass
> account sufficient pam_ldap.so use_first_pass
> session sufficient pam_ldap.so
>
>
> I have tested my configs on samba 3.0.33 on CENTOS and it works fine  
> there
> for both OS X and windows
>
> the share is setup on
> /shares/asgs
> with these permissions:
> drwxrwsrwx   8 root root   87 2010-02-20 00:17 shares
> drwxrws--- 2 grant ASGSFileUsers  18 2010-02-20 00:21 asgs
>
> here's smb.conf:
> [global]
>  unix extensions = no
>  disable spoolss = Yes
>  disable netbios = yes
>  name resolve order = hosts
>  workgroup = AD
>  realm = AD.UCSD.EDU
>  server string = %h server (Samba, Ubuntu)
>  dns proxy = no
>  log file = /var/log/samba/log.%m
>  max log size = 1000
>  syslog = 0
>  log level = 3
>  panic action = /usr/share/samba/panic-action %d
>  security = ads
>  encrypt passwords = true
>  passdb backend = tdbsam
>  obey pam restrictions = yes
>  unix password sync = yes
>  pam password change = no
>  map to guest = bad user
>  usershare allow guests = no
> [asgs]
>  comment = ASGS
>  path = /shares/asgs
>  browsable = Yes
>  valid users = @ad\ASGSFileUsers
>  write list = @ad\ASGSFileUsers
>  create mask = 2660
>  directory mask = 2770
>
> The tail n20 of the log of the conecting ip shows this for an OS X  
> attempt:
> [2010/02/20 00:56:16,  3] smbd/oplock_linux.c:219 
> (linux_init_kernel_oplocks)
>  Linux kernel oplocks enabled
> [2010/02/20 00:56:16,  3] smbd/process.c:1453(process_smb)
>  Transaction 0 of length 51 (0 toread)
> [2010/02/20 00:56:16,  3] smbd/process.c:1272(switch_message)
>  switch message SMBnegprot (pid 5658) conn 0x0
> [2010/02/20 00:56:16,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/02/20 00:56:16,  3] smbd/negprot.c:567(reply_negprot)
>  Requested protocol [NT LM 0.12]
> [2010/02/20 00:56:16,  3] smbd/negprot.c:387(reply_nt1)
>  using SPNEGO
> [2010/02/20 00:56:16,  3] smbd/negprot.c:672(reply_negprot)
>  Selected protocol NT LM 0.12
> [2010/02/20 00:56:18,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/02/20 00:56:18,  3] smbd/connection.c:31(yield_connection)
>  Yielding connection to
> [2010/02/20 00:56:18,  3] smbd/server.c:848(exit_server_common)
>  Server exit (failed to receive smb request)
>
>
>
> Hope someone can give me a pointer where to look next or what to  
> tweak. Let
> me know if you need other log snippets.
>
> Thanks,
> Grant
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list