[Samba] User is invalid on this system
Kevin Elliott
kevin_elliott at ci.juneau.ak.us
Thu Nov 29 17:51:55 MST 2012
Hello all.
We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients:
Here's an example from my workstation (logging verbosity set at 10):
[2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message)
switch message SMBsesssetupX (pid 2517) conn 0x0
[2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 1680
[2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data)
Found account name from PAC: kevin_elliott [Kevin Elliott]
[2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info)
Kerberos ticket principal name is [kevin_elliott at CBJ.LOCAL]
[2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info)
Username CBJ_NT+kevin_elliott is invalid on this system
[2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc)
receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET.
[2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common)
Server exit (failed to receive smb request)
However, I can successfully return login information with winbind:
# wbinfo -i kevin_elliott
kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false
'getent passwd' will only return the local users from /etc/passwd.
And the relevant section of smb.conf:
[global]
workgroup = CBJ_NT
realm = CBJ.LOCAL
netbios aliases = CITY-LIZA-L90, CITY-LIZA
server string = External FTP Server
interfaces = 192.0.2.87/32, lo
bind interfaces only = Yes
security = ADS
obey pam restrictions = Yes
password server = 192.0.2.25, 192.0.2.50
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
client NTLMv2 auth = Yes
log level = 3
log file = /var/log/samba/log.%m
max log size = 2500
printcap name = cups
os level = 5
local master = No
domain master = No
wins server = 192.0.2.25
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config LIBRARY:range = 65535-79999
idmap config LIBRARY:base_rid = 0
idmap config LIBRARY:backend = rid
idmap config * : range = 10000-65533
idmap config * : base_rid = 0
idmap config * : backend = rid
admin users = @CBJ_NT+admin
veto files = /.*/
[ftp]
comment = FTP directory
path = /var/ftp/pub/
valid users = "@CBJ_NT+domain users"
read only = No
create mask = 0775
directory mask = 0775
hide unreadable = Yes
Any ideas? Anyone else see this?
---
Kevin Elliott
Network Specialist
City and Borough of Juneau, MIS
(907) 586 - 0905
More information about the samba
mailing list