[Samba] session setup failed: NT_STATUS_LOGON_FAILURE

Roger Wu wu1004 at gmail.com
Wed Nov 4 11:33:58 UTC 2015


2015-11-04 18:41 GMT+08:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 04/11/15 10:28, Roger Wu wrote:
>
>>
>>
>>
>>     OK, you seem to be trying to set up a standalone server, you do
>>     realise that you will need to create your users on this as well as
>>     on the windows machines.
>>
>>
>> yes, but I hope samba can use NIS authentication instead of using it's
>> own database.
>> Do I need to use smbpasswd to create user accounts again? It's against
>> what I need...
>>
>
> Well, as I don't know what you what, I can only advise on what I see, and
> I see you trying to setup a standalone server.
>
>
>>     You might as well remove these lines, they are the defaults:
>>
>>             security = USER
>>             passdb backend = tdbsam
>>
>>
>> Don't I need to set the security level?
>>
>
> You don't need them because they are the *default* settings.
>
>
>>     You might as well remove this line, it isn't needed on a
>>     standalone server:
>>
>>             idmap config * : backend = tdb
>>
>> I didn't  set these parameters. They are reported by testparm command.
>>
>
> Don't post a smb.conf from testparm without saying so, this is probably
> why you are getting the other two lines above, testparm shows *all* lines
> in smb.conf, the ones you added *and* the default ones.
>
>>
>>
> I think you are going to have to tell us just what you are trying to
> achieve. Also if your windows machines are part of a domain.
>
> Rowland
>
> Please pardon me for poor English. I tried to describe what I want as
clear as I can.
My goal is to make our users can access their own workstation account and
personal files from windows XP/7.
So, it seems to me that if I can setup a samba server and let users login
from windows using NIS authentication,
that would be perfect, then I don't need to create smb accounts again.
The only thing a user needs to do is to explore the link such as
\\testcad16\<user_account>, then one can access his own
workstation account and files.

In such case, how should I do to achieve my goal?
I've been tried many samba versions, and each version seems to have mild
difference while setting smb.conf.
some parameters work and some don't for one version, but maybe stands in
opposite for another.
I am kind of confused which parameters are what I need.

Here is my smb.conf (not from testparm), I removed comments and disabled
lines.
I did remove those lines you suggested,

[global]
        workgroup = SMBTEST
        server string = Samba Server Version %v
        netbios name = testcad16
        hosts allow = 127. 172.26.
        dns proxy = no

        load printers = yes
        cups options = raw

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

and I tried some test as below

[root at testcad16 samba]# /etc/init.d/sernet-samba-smbd start
Starting SAMBA smbd :                                      [  OK  ]
[root at testcad16 samba]# /etc/init.d/sernet-samba-nmbd start
Starting SAMBA nmbd :                                      [  OK  ]
[root at testcad16 samba]# service sernet-samba-smbd status
Checking for SAMBA smbd :                                  [  OK  ]
[root at testcad16 samba]# service sernet-samba-nmbd status
Checking for SAMBA nmbd :                                  [  OK  ]
[root at testcad16 samba]# smbclient -L //testcad16
Enter root's password:
session setup failed: NT_STATUS_LOGON_FAILURE

[root at testcad16 samba]# smbclient -d3 -L //testcad16
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface eth0 ip=172.26.85.211 bcast=172.26.87.255
netmask=255.255.248.0
Client started (version 4.2.5-SerNet-RedHat-19.el6).
Enter root's password:
Connecting to 172.26.85.211 at port 445
Doing spnego session setup (blob length=74)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x608a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE



Regards,
Roger








>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list