[Samba] Classic PDC appears to revert to guest login on Samba 4

tda at ls83.eclipse.co.uk tda at ls83.eclipse.co.uk
Fri Sep 11 15:47:43 UTC 2015 

On 11/09/15 15:51, tda at ls83.eclipse.co.uk wrote:
> Hi
>
> Just upgraded a classic PDC running Samba 3.6 to 4.1 and although I can
> log in from a workstation (testing with W2k and XP), no drives are
> mapped. From the logs it appears that I'm being logged in as guest.
> smb.conf has been stable for 10+ years under Samba 3. I have added the
> first line (server role), other than that it's untouched:
>


Should have stated the symptoms I'm seeing. Shares are not being mapped 
when I log on from a workstation. However, I can browse the shares and
map to them with net use after logging in.



>
> [global]
>          server role = classic primary domain controller
>      workgroup = NTDOMAIN
>      server string = Samba %v
>      passdb backend = tdbsam
>      log file = /var/log/samba/log.%m
>          log level = 5
>      max log size = 500
>      time server = Yes
>      socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8760
> SO_RCVBUF=8760
>      show add printer wizard = No
>      logon script = logon.bat
>      logon path =
>      logon home =
>      domain logons = Yes
>      os level = 64
>      preferred master = Yes
>      domain master = Yes
>      dns proxy = No
>      hosts allow = 172.27.113., 192.168.2., 127.
>          load printers = yes
>      printing = cups
>          printcap name = cups
>      print command =
>      lpq command = %p
>      lprm command =
>      veto files = /*:/
>          msdfs root = no
>          wins support = yes
>          name resolve order = wins hosts lmhosts bcast
>
> [printers]
>          comment = All Printers
>          path = /var/spool/samba
>          browseable = no
>          public = yes
>          guest ok = yes
>          read only = yes
>          printable = yes
>
> [Data]
>      comment = Development Data
>      path = /mnt/sdb1/samba/share1/Data
>      valid users = +devel
>      read only = No
>          create mask = 0770
>          directory mask = 0770
>          force directory mode = 02770
>          force create mode = 0660
>
> [homes]
>      comment = Home Directory
>      path = /mnt/sdb1/samba/share1/Users/%S
>      valid users = +users
>      read only = No
>      create mask = 0700
>      directory mask = 0700
>          force directory mode = 0
>          force create mode = 0
>      browseable = No
>
> [netlogon]
>      path = /home/netlogon
>      write list = root
>          msdfs root = yes
>
> [print$]
>          comment = Printer Drivers
>          path = /var/lib/samba/printers
>          browseable = yes
>          guest ok = no
>          read only = no
>          write list = root
>
>
> In the logs this looks suspicious:
>
> [2015/09/11 15:22:55.478781,  4]
> ../source3/param/loadparm.c:4878(lp_load_ex)
>    pm_process() returned Yes
> [2015/09/11 15:22:55.478818,  3]
> ../source3/param/loadparm.c:1774(lp_add_ipc)
>    adding IPC service
> [2015/09/11 15:22:55.478860,  5]
> ../source3/auth/auth_util.c:115(make_user_info_map)
>    Mapping user []\[] from workstation [DELL]
> [2015/09/11 15:22:55.478906,  5]
> ../source3/auth/auth_util.c:137(make_user_info_map)
>    Mapped domain from [] to [NTDOMAIN] for user [] from workstation [DELL]
> [2015/09/11 15:22:55.478935,  5]
> ../source3/auth/user_info.c:61(make_user_info)
>    attempting to make a user_info for  ()
> [2015/09/11 15:22:55.478961,  5]
> ../source3/auth/user_info.c:72(make_user_info)
>    making strings for 's user_info struct
> [2015/09/11 15:22:55.478989,  5]
> ../source3/auth/user_info.c:92(make_user_info)
>    making blobs for 's user_info struct
> [2015/09/11 15:22:55.479017,  3]
> ../source3/auth/auth.c:177(auth_check_ntlm_password)
>    check_ntlm_password:  Checking password for unmapped user
> []\[]@[DELL] with the new password interface
> [2015/09/11 15:22:55.479045,  3]
> ../source3/auth/auth.c:180(auth_check_ntlm_password)
>    check_ntlm_password:  mapped user is: [NTDOMAIN]\[]@[DELL]
> [2015/09/11 15:22:55.479078,  5] ../lib/util/util.c:556(dump_data)
>    [0000] 54 9F 54 CF 39 A9 CD 4B                            T.T.9..K
> [2015/09/11 15:22:55.479130,  3]
> ../source3/auth/auth.c:226(auth_check_ntlm_password)
>    check_ntlm_password: guest authentication for user [] succeeded
> [2015/09/11 15:22:55.479159,  5]
> ../source3/auth/auth.c:278(auth_check_ntlm_password)
>    check_ntlm_password:  guest authentication for user [] -> [] ->
> [nobody] succeeded
> [2015/09/11 15:22:55.479200,  3]
> ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)
>    NTLMSSP Sign/Seal - Initialising with flags:
> [2015/09/11 15:22:55.479227,  3]
> ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
>
>
> Looks like I'm ending up as a guest.
>
> Thanks
>
> Tim
>

More information about the samba mailing list