[Samba] smbclient fails only for the domain Administrator

steve steve at steve-ss.com
Wed May 29 16:01:02 MDT 2013 

On Wed, 2013-05-29 at 22:28 +0200, steve wrote:
> 4.0.6 with 3.6.12 file server
> Hi
> Ordinary users can connect fine:
> 
> smbclient //oliva/users -Usteve2
> Enter steve2's password: 
> Domain=[HH3] OS=[Unix] Server=[Samba 3.6.9]
> smb: \> 
> 
> log:
> schannel_fetch_session_key_tdb: restored schannel info key
> SECRETS/SCHANNEL/OLIVA
> schannel_store_session_key_tdb: stored schannel info with key
> SECRETS/SCHANNEL/OLIVA
> auth_check_password_send: Checking password for unmapped user
> [HH3]\[steve2]@[\\HH16]
> auth_check_password_send: mapped user is: [HH3]\[steve2]@[\\HH16]
> 
>  getent passwd steve2
> steve2:*:3000023:20513:steve2:/home/users/steve2:/bin/bash
> --------------------------
> 
> But Administrator (with rfc2307 attributes) can't:
>   smbclient //oliva/users -UAdministrator
> Enter Administrator's password: 
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> log:
> schannel_fetch_session_key_tdb: restored schannel info key
> SECRETS/SCHANNEL/OLIVA
> schannel_store_session_key_tdb: stored schannel info with key
> SECRETS/SCHANNEL/OLIVA
> auth_check_password_send: Checking password for unmapped user
> [HH3]\[Administrator]@[\\HH16]
> auth_check_password_send: mapped user is: [HH3]\[Administrator]@[\\HH16]
> -------------------------------------
> getent passwd Administrator
> Administrator:*:3000099:20513:Administrator:/:
> 
> getent group Domain\ Users
> Domain Users:*:20513:
> -------------------------------------
> smb.conf on the Samba3 file server:
> [global]
> workgroup = HH3
> realm = HH3.SITE
> kerberos method = system keytab
> security = ADS
> #username map = /home/steve/smbusers
> 
> [users]
> path = /home/users
> read only = No
> 
> [profiles]
> path = /home/profiles
> read only = No
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
> browseable = No
> guest ok = No
> printable = No
> profile acls = Yes
> csc policy = disable
> 
> [shared]
> path = /home/shared
> read only = No
> -------------------------------------------
> 
> Question: Why can ordinary users connect, but not the domain admin?
> Thanks, Steve
> 

Hi again
The fileserver is looking for: HH3\Administrator (i.e. with the
workgroup attached)???

> [2013/05/29 23:58:24.560712,  3] libsmb/cliconnect.c:3170(cli_start_connection)
  Connecting to host=HH16.HH3.SITE
[2013/05/29 23:58:24.561068,  3]
lib/util_sock.c:766(open_socket_out_send)
  Connecting to 192.168.1.16 at port 445
[2013/05/29 23:58:25.699013,  3] auth/auth_util.c:1121(check_account)
  Failed to find authenticated user HH3\administrator via getpwnam(),
denying access.
[2013/05/29 23:58:25.703519,  2] auth/auth.c:319(check_ntlm_password)
  check_ntlm_password:  Authentication for user [Administrator] ->
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/05/29 23:58:25.703924,  3] smbd/error.c:81(error_packet_set)
  error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2013/05/29 23:58:25.708454,  3]
smbd/server_exit.c:181(exit_server_common)
  Server exit (failed to receive smb request)

> 
>

More information about the samba mailing list