[Samba] Classic PDC appears to revert to guest login on Samba 4
tda at ls83.eclipse.co.uk
tda at ls83.eclipse.co.uk
Fri Sep 11 15:47:43 UTC 2015
On 11/09/15 15:51, tda at ls83.eclipse.co.uk wrote:
> Hi
>
> Just upgraded a classic PDC running Samba 3.6 to 4.1 and although I can
> log in from a workstation (testing with W2k and XP), no drives are
> mapped. From the logs it appears that I'm being logged in as guest.
> smb.conf has been stable for 10+ years under Samba 3. I have added the
> first line (server role), other than that it's untouched:
>
Should have stated the symptoms I'm seeing. Shares are not being mapped
when I log on from a workstation. However, I can browse the shares and
map to them with net use after logging in.
>
> [global]
> server role = classic primary domain controller
> workgroup = NTDOMAIN
> server string = Samba %v
> passdb backend = tdbsam
> log file = /var/log/samba/log.%m
> log level = 5
> max log size = 500
> time server = Yes
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8760
> SO_RCVBUF=8760
> show add printer wizard = No
> logon script = logon.bat
> logon path =
> logon home =
> domain logons = Yes
> os level = 64
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> hosts allow = 172.27.113., 192.168.2., 127.
> load printers = yes
> printing = cups
> printcap name = cups
> print command =
> lpq command = %p
> lprm command =
> veto files = /*:/
> msdfs root = no
> wins support = yes
> name resolve order = wins hosts lmhosts bcast
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = no
> public = yes
> guest ok = yes
> read only = yes
> printable = yes
>
> [Data]
> comment = Development Data
> path = /mnt/sdb1/samba/share1/Data
> valid users = +devel
> read only = No
> create mask = 0770
> directory mask = 0770
> force directory mode = 02770
> force create mode = 0660
>
> [homes]
> comment = Home Directory
> path = /mnt/sdb1/samba/share1/Users/%S
> valid users = +users
> read only = No
> create mask = 0700
> directory mask = 0700
> force directory mode = 0
> force create mode = 0
> browseable = No
>
> [netlogon]
> path = /home/netlogon
> write list = root
> msdfs root = yes
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> browseable = yes
> guest ok = no
> read only = no
> write list = root
>
>
> In the logs this looks suspicious:
>
> [2015/09/11 15:22:55.478781, 4]
> ../source3/param/loadparm.c:4878(lp_load_ex)
> pm_process() returned Yes
> [2015/09/11 15:22:55.478818, 3]
> ../source3/param/loadparm.c:1774(lp_add_ipc)
> adding IPC service
> [2015/09/11 15:22:55.478860, 5]
> ../source3/auth/auth_util.c:115(make_user_info_map)
> Mapping user []\[] from workstation [DELL]
> [2015/09/11 15:22:55.478906, 5]
> ../source3/auth/auth_util.c:137(make_user_info_map)
> Mapped domain from [] to [NTDOMAIN] for user [] from workstation [DELL]
> [2015/09/11 15:22:55.478935, 5]
> ../source3/auth/user_info.c:61(make_user_info)
> attempting to make a user_info for ()
> [2015/09/11 15:22:55.478961, 5]
> ../source3/auth/user_info.c:72(make_user_info)
> making strings for 's user_info struct
> [2015/09/11 15:22:55.478989, 5]
> ../source3/auth/user_info.c:92(make_user_info)
> making blobs for 's user_info struct
> [2015/09/11 15:22:55.479017, 3]
> ../source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user
> []\[]@[DELL] with the new password interface
> [2015/09/11 15:22:55.479045, 3]
> ../source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [NTDOMAIN]\[]@[DELL]
> [2015/09/11 15:22:55.479078, 5] ../lib/util/util.c:556(dump_data)
> [0000] 54 9F 54 CF 39 A9 CD 4B T.T.9..K
> [2015/09/11 15:22:55.479130, 3]
> ../source3/auth/auth.c:226(auth_check_ntlm_password)
> check_ntlm_password: guest authentication for user [] succeeded
> [2015/09/11 15:22:55.479159, 5]
> ../source3/auth/auth.c:278(auth_check_ntlm_password)
> check_ntlm_password: guest authentication for user [] -> [] ->
> [nobody] succeeded
> [2015/09/11 15:22:55.479200, 3]
> ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)
> NTLMSSP Sign/Seal - Initialising with flags:
> [2015/09/11 15:22:55.479227, 3]
> ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
>
>
> Looks like I'm ending up as a guest.
>
> Thanks
>
> Tim
>
More information about the samba
mailing list