[Samba] Authentication mystery

Maurício Ramos Mauricio.Ramos at wedotechnologies.com
Wed Mar 17 13:31:46 MDT 2010


List,

things are strange here. We have a PDC (Windows based) that is out from our office and in our local network we have machines (windows xp, some with SP2 and others with SP3) that log in the domain and others don´t. We´ve been using samba just to share some directories in our internal development server. The mystery is that some users have access while others don´t, although they are all created using the same commands/configuration...

useradd -d /home/someuser -g users -m -s /bin/bash someuser
smbpasswd -L -a someuser

We can check that they are created in both linux and samba: home directory is there, ssh logins are possible but mapping the shares...no way. Issuing a smbclient command like...

smbclient -L fpwdev04 -U someuser

...shows the expected output (listing of shares defined).

By how far we investigated, things do not seem much logical, since we have Windows XP SP2 in which things work and others not. The same for machines with SP3. This also applies to machines logging or not in the domain.

Actually,  we have 4 servers, all running their own samba, with a very similar configuration. The main differences are attributes like "server string", "force user", "guest ok" and the shares themselves. Let´s call it "our main samba" has its "force user" set to "samba" and "guest ok" to "no". The others, have "force user" to "%U" and "guest ok", some to "yes" and others to "no". Since in the "global" section they are all set to...

  local master = no
  prefered master = no
  domain master = no
  domain logons = no
  wins proxy = no
  dns proxy = no
  os level = 0

...and we specify the server when we map a share, I do not believe they are competing with each other and causing this behavior.

Have you ever experienced something like that?

Below I paste our smb.conf.  If you can help us in anyway, it would be very appreciated! Thanks you all in advance.

[global]

  workgroup = workgroup
  server string = Development 4 Server
  local master = no
  prefered master = no
  domain master = no
  domain logons = no
  wins proxy = no
  dns proxy = no
  os level = 0
  smb ports = 139
  security = user
  passdb backend = smbpasswd:/etc/samba/smbpasswd
  encrypt passwords = yes

invalid users = root bin daemon adm lp sync shutdown halt mail news uucp operator games gopher ftp nobody rpm dbus nscd vcsa pcap rpc mailnull smmsp avahi sshd rpcuser nfsnobody haldaemon distcache apache postgres mysql webalizer squid ntp xfs gdm sabayon ais pegasus piranha luci ricci cvs oracle10 ldap ra ca_admin gpo avahi-autoipd csvn trainee vpndial oraclebpa intranet

force user = samba
force group = users
guest ok = no
create mode = 0770
directory mode = 0770
force create mode = 0770
force directory mode = 0770

wins server = 172.26.129.25

load printers = no
guest account = nobody
printcap name = /etc/printcap

username map = /etc/samba/smbusers

[VM]
comment = Virtual Machines Files
path = /data1/home/samba/repository/VM
writeable = yes
browseable = yes
valid users = @users
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[Projects]
comment = Projects
path = /data1/home/samba/repository/Projects
writeable = yes
browseable = yes
valid users = @users
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf




More information about the samba mailing list