[Samba] unable to log on to Samba shares remotely
Claesen Dirk
dirk.claesen at ipc.be
Tue Jun 26 06:25:10 MDT 2012
Dear,
I have a working Samba 3.5.6 running on one of my servers onto which (existing) users can successfully log on.
Recently, I needed to add some projects and some users but I cannot succeed in letting these new users access the shares.
The smb.conf file is very small and I had only 4 users until now.
In the following smb.conf, projA_dirs is only accessed by user1, while projB_dirs is the new project I need to add and this one will be accessed by user2
user1 is accessing projA_dirs since years without any problem, user2 is the one I fail to add.
Contents of smb.conf:
[global]
workgroup = TECH_GRP
server string = Samba %v on (%h)
log level = 3
log file = /usr/local/samba/var/log.%m
max log size = 50
dns proxy = No
ldap ssl = no
hosts allow = 192.168.5., 192.168.4., 192.168.3., 192.168.100.
[all_dirs]
comment = All directories on Server1
path = /
read only = No
[projA_dirs]
comment = All ProjectA directories on Server1
path = /disk/projA/prod
read only = No
[projB_dirs]
comment = All ProjectB directories on Server1
path = /disk/projB/prod
read only = No
The initial samba setup was a migration from a Samba 2 server which used the smbpasswd file. In order to convert this into a tdbsam, I used the command "pdbedit -i smbpasswd -e tdbsam" at the time I set up the server. As written earlier in this mail, this never caused any problems.
Now that I need user2 to access projB_dirs, I did the following:
- Add projB_dirs to the smb.conf file
- Ran "pdbedit -a user2" and provided the password
After having added the share and the user I could access the new share with the new user when working directly on the Samba server (server1). However, when I try to connect from another Samba 3.5.6 server or from a Windows XP PC I get respectively a "session setup failed: NT_STATUS_LOGON_FAILURE" or "System error 1326 has occurred. Logon failure: unknown user name or bad password." error message. (there is no firewall blocking any ports between the servers or between the PC and server1)
The output of pdbedit does not show any major differences for the two users to me:
# ../bin/pdbedit -v -u user1
Unix username: user1
NT username:
Account Flags: [UX ]
User SID: S-1-5-21-1956562905-4024769754-4182693708-1500
Primary Group SID: S-1-5-21-1956562905-4024769754-4182693708-513
Full Name: user1 server1
Home Directory: \\server1\user1
HomeDir Drive:
Logon Script:
Profile Path: \\server1\user1\profile
Domain: SERVER1
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Tue, 26 Jun 2012 13:38:36 CEST
Password can change: Tue, 26 Jun 2012 13:38:36 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# ../bin/pdbedit -v -u user2
Unix username: user2
NT username:
Account Flags: [UX ]
User SID: S-1-5-21-1956562905-4024769754-4182693708-1004
Primary Group SID: S-1-5-21-1956562905-4024769754-4182693708-513
Full Name: user2 server1
Home Directory: \\server1\user2
HomeDir Drive:
Logon Script:
Profile Path: \\server1\user2\profile
Domain: SERVER1
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Tue, 19 Jun 2012 17:20:33 CEST
Password can change: Tue, 19 Jun 2012 17:20:33 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.
Logging in with debug level 10 using smbclient from the other server gives me:
...
got smb length of 35
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=0
smb_pid=12023
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
Because I only had issues with the new users I added, I checked what would happen if I would remove user1 using pdbedit -x and then recreate that user using pdbedit -a. From that moment on I was also no longer able to log on with user1 remotely.
As I thought there might be a problem inside the database I shut down smbd and nmbd, removed passdb.tdb and secrets.tdb, and restarted the daemons. This resulted in the two tdb files to be recreated after which I added user1 and user2 again using pdbedit -a. Again, I could only access the shares using either of these users directly from server1 but not from any of the other servers.
Then I shut down the daemons again, restored the initial tdb files and restarted the daemons. With the initial tdb files back in place, I can login again remotely using user1 but not with user2 (even after I added the account again). Repeating my test connecting locally to the share, I noticed I am not able to connect locally with user1 to projA_dirs while it is possible to do it from the other server. I can connect locally using user2.
I didn't test the local connectivity with user1 before I started playing around with the tdb files so I cannot confirm whether or not this was possible before.
I'm looking for any hints that might help me understanding this issue and getting it solved. Local connectivity to the shares is not required but I must be able to connect using the new users from the Windows XP PC.
Kind regards,
Dirk Claesen
This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
e-mail and destroy any copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.
More information about the samba
mailing list