[Samba] Samba 4 vs Samba 3
Benjamin Huntsman
BHuntsman at mail2.cu-portland.edu
Fri Feb 1 14:42:29 MST 2013
Just to follow up, here is the excerpt from the log.smbd when running 3.6.10 and connecting to the share:
[2013/02/01 13:38:58.729913, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [10.33.72.67]\[root]@[10.33.75.164] with the new password interface
[2013/02/01 13:38:58.729995, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [SYSTST]\[root]@[10.33.75.164]
[2013/02/01 13:38:58.744799, 3] passdb/lookup_sid.c:1754(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for root
[2013/02/01 13:38:58.746405, 3] auth/auth.c:268(check_ntlm_password)
check_ntlm_password: unix authentication for user [root] succeeded
[2013/02/01 13:38:58.746507, 2] auth/auth.c:309(check_ntlm_password)
check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded
I notice there's nothing in there about SPNEGO. I also tried setting all the SPNEGO options to off under Samba 4.0.2, but that didn't work either, and the SPNEGO messages still appear in the log...
Is there a straightforward way to get Samba 4 to use the unencrypted passwords and the local UNIX password, or is it hopeless?
Thanks!
-Ben
________________________________________
From: samba-bounces at lists.samba.org [samba-bounces at lists.samba.org] on behalf of Benjamin Huntsman [BHuntsman at mail2.cu-portland.edu]
Sent: Friday, February 01, 2013 9:47 AM
To: samba at lists.samba.org
Subject: [Samba] Samba 4 vs Samba 3
So, I have "working" builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC.
For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password.
The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both:
Samba 3:
[global]
encrypt passwords = No
log level = 3
os level = 8
local master = No
domain master = No
idmap config * : range =
idmap config * : backend = tdb
[testshare]
path = /testshare
read only = no
Samba 4:
[global]
encrypt passwords = No
log level = 3
client max protocol = SMB2
client min protocol = SMB2
os level = 8
local master = No
domain master = No
idmap config * : range =
idmap config * : backend = tdb
[testshare]
path = /testshare
read only = no
On both a test Windows XP and Windows 7 machine, I have the unencrypted passwords policy enabled. When running Samba 3.6.10 using the config above, I can map the share just fine. However, under 4.0.x (I've tried 4.0.0, 4.0.1, and 4.0.2), when mapping the share on Windows, the password prompt comes back immediately, and I get the following in the log:
[2013/02/01 09:34:56.256107, 3] auth/auth.c:177(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [10.33.72.67]\[root]@[SAMBATEST] with the new password interface
[2013/02/01 09:34:56.256176, 3] auth/auth.c:180(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [SYSTST]\[root]@[SAMBATEST]
[2013/02/01 09:34:56.256843, 2] auth/auth.c:288(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [root] -> [root] FAILED with error NT_STATUS_LOGON_FAILURE
[2013/02/01 09:34:56.256951, 2] ../auth/gensec/spnego.c:745(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_LOGON_FAILURE
[2013/02/01 09:34:56.259280, 2] smbd/smb2_server.c:3123(smbd_smb2_request_incoming)
smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET
I am absolutely 100% certain that I'm typing the password correctly. :) Perhaps my build of Samba 4 is broken after all? Anyone know why I'd see different behavior between 3.6.10 and 4.0.2, even though the config files are basically identical (though both were generated by swat)?
I really want to move to Samba 4 if I can...
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list