Hi Wolfgang, Arne, On So 11 Aug 2013 14:04:26 CEST Wolfgang Schweer wrote:
On Sat, Aug 10, 2013 at 11:44:09AM +0200, Petter Reinholdtsen wrote:[Wolfgang Schweer] > Using a normal user account, the failure message is: > > "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is > reproducible. I get this too when I provide the password. But when I just press [enter] on the password prompt, I am logged in and can see my files. I guess Kerberos login work, while password check do not.Seems to be, cause smbclient -k //tjener/<uid> -U <uid> drops you immediatly into a smb shell. I noticed a really scaring thing: Logged in as a student using a teacher's uid with the above command, I'm able to get/put/rename/delete files and dirs, cause I seem to get the smb shell under that uid. Something seems to be misconfigured. Can someone try to reproduce this behaviour?
Reproducible here, as well. On the other hand (with the correct password entered): """ ldapadmin@tjener:~$ smbclient -L tjener -U mg WARNING: The "null passwords" option is deprecated WARNING: The "use spnego" option is deprecated Enter mg's password: session setup failed: NT_STATUS_LOGON_FAILURE ldapadmin@tjener:~$ """ With this in the log file """ ldapadmin@tjener:~$ sudo tail -f /var/log/samba/log.tjener Password:[2013/08/12 17:57:38.669988, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.[2013/08/12 17:57:41.705334, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.[2013/08/12 17:57:44.155758, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.[2013/08/12 17:59:23.792979, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.[2013/08/12 18:10:10.901732, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed. """Further more, I miss some policy entries in the sambaDomainName=SKOLELINUX object (like described here [1]):
# SAMBADOM, sambadom.local dn: sambaDomainName=SAMBADOM,dc=sambadom,dc=local sambaDomainName: SAMBADOM sambaSID: S-1-5-21-1179644376-2526199691-xxxxxxxxxx sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaRefuseMachinePwdChange: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaMinPwdLength: 7 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 1 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaForceLogoff: -1 sambaNextRid: 1021 [1] https://lists.samba.org/archive/samba/2011-September/164127.html Urggghhh... Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpGscGwBdZmv.pgp
Description: Digitale PGP-Unterschrift