[Samba] Samba 4 vs Samba 3

Benjamin Huntsman BHuntsman at mail2.cu-portland.edu
Fri Feb 1 14:42:29 MST 2013


Just to follow up, here is the excerpt from the log.smbd when running 3.6.10 and connecting to the share:

[2013/02/01 13:38:58.729913,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [10.33.72.67]\[root]@[10.33.75.164] with the new password interface
[2013/02/01 13:38:58.729995,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [SYSTST]\[root]@[10.33.75.164]
[2013/02/01 13:38:58.744799,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for root
[2013/02/01 13:38:58.746405,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: unix authentication for user [root] succeeded
[2013/02/01 13:38:58.746507,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root] succeeded


I notice there's nothing in there about SPNEGO.  I also tried setting all the SPNEGO options to off under Samba 4.0.2, but that didn't work either, and the SPNEGO messages still appear in the log...
Is there a straightforward way to get Samba 4 to use the unencrypted passwords and the local UNIX password, or is it hopeless?

Thanks!

-Ben
________________________________________
From: samba-bounces at lists.samba.org [samba-bounces at lists.samba.org] on behalf of Benjamin Huntsman [BHuntsman at mail2.cu-portland.edu]
Sent: Friday, February 01, 2013 9:47 AM
To: samba at lists.samba.org
Subject: [Samba] Samba 4 vs Samba 3

So, I have "working" builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC.
For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password.

The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections.  Here's the Samba config I'm using on both:


Samba 3:
[global]
        encrypt passwords = No
        log level = 3
        os level = 8
        local master = No
        domain master = No
        idmap config * : range =
        idmap config * : backend = tdb

[testshare]
       path = /testshare
       read only = no

Samba 4:
[global]
        encrypt passwords = No
        log level = 3
        client max protocol = SMB2
        client min protocol = SMB2
        os level = 8
        local master = No
        domain master = No
        idmap config * : range =
        idmap config * : backend = tdb

[testshare]
       path = /testshare
       read only = no


On both a test Windows XP and Windows 7 machine, I have the unencrypted passwords policy enabled.  When running Samba 3.6.10 using the config above, I can map the share just fine.  However, under 4.0.x (I've tried 4.0.0, 4.0.1, and 4.0.2), when mapping the share on Windows, the password prompt comes back immediately, and I get the following in the log:


[2013/02/01 09:34:56.256107,  3] auth/auth.c:177(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [10.33.72.67]\[root]@[SAMBATEST] with the new password interface
[2013/02/01 09:34:56.256176,  3] auth/auth.c:180(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [SYSTST]\[root]@[SAMBATEST]
[2013/02/01 09:34:56.256843,  2] auth/auth.c:288(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [root] -> [root] FAILED with error NT_STATUS_LOGON_FAILURE
[2013/02/01 09:34:56.256951,  2] ../auth/gensec/spnego.c:745(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_LOGON_FAILURE
[2013/02/01 09:34:56.259280,  2] smbd/smb2_server.c:3123(smbd_smb2_request_incoming)
  smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET


I am absolutely 100% certain that I'm typing the password correctly.  :)  Perhaps my build of Samba 4 is broken after all?  Anyone know why I'd see different behavior between 3.6.10 and 4.0.2, even though the config files are basically identical (though both were generated by swat)?
I really want to move to Samba 4 if I can...

Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list