It might be nice to add a debug line somewhere in auth/pass_check.c around the if ((!*password) && !lp_null_passwords()) check indicating a reason for the failure, or maybe a config option around DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password)); instead of a precompiler #define
On Mon, Oct 8, 2012 at 4:11 PM, James Devine <fxmul...@gmail.com> wrote: > I found the problem, it appears IIS is sending an empty password > > > On Mon, Oct 8, 2012 at 1:36 PM, James Devine <fxmul...@gmail.com> wrote: > >> I have setup samba to share a local filesystem with the following config: >> >> [global] >> >> smb ports = 139 >> workgroup = WORKGROUP >> server string = %h server (Samba, Ubuntu) >> dns proxy = no >> log level = 255 >> debug timestamp = yes >> log file = /var/log/samba/log.%m >> max log size = 1000 >> syslog = 1 >> panic action = /usr/share/samba/panic-action %d >> encrypt passwords = no >> security = user >> obey pam restrictions = yes >> usershare allow guests = no >> load printers = no >> show add printer wizard = no >> printcap name = /dev/null >> disable spoolss = yes >> >> [web] >> path = /isp/web/ >> read only = no >> guest ok = no >> browseable = yes >> create mask = 0600 >> directory mask = 0700 >> >> >> >> I also have a windows machine to import it. If I import in windows >> explorer it works fine and the logs show: >> >> [2012/10/08 13:18:34.638730, 3] auth/auth.c:216(check_ntlm_password) >> check_ntlm_password: Checking password for unmapped user >> [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface >> [2012/10/08 13:18:34.638739, 3] auth/auth.c:219(check_ntlm_password) >> check_ntlm_password: mapped user is: >> [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] >> [2012/10/08 13:18:34.638747, 10] auth/auth.c:228(check_ntlm_password) >> check_ntlm_password: auth_context challenge created by random >> [2012/10/08 13:18:34.638754, 10] auth/auth.c:230(check_ntlm_password) >> challenge is: >> [2012/10/08 13:18:34.638760, 5] ../lib/util/util.c:278(_dump_data) >> [0000] 62 C8 5D A5 AD CA DD 2C b.]...., >> [2012/10/08 13:18:34.638774, 10] auth/auth.c:256(check_ntlm_password) >> check_ntlm_password: guest had nothing to say >> [2012/10/08 13:18:34.638783, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >> [2012/10/08 13:18:34.638793, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >> [2012/10/08 13:18:34.638801, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2012/10/08 13:18:34.638808, 5] >> auth/token_util.c:525(debug_nt_user_token) >> NT user token: (NULL) >> [2012/10/08 13:18:34.638815, 5] >> auth/token_util.c:551(debug_unix_user_token) >> UNIX token of user 0 >> Primary group is 0 and contains 0 supplementary groups >> [2012/10/08 13:18:34.638828, 5] lib/username.c:133(Get_Pwnam_alloc) >> Finding user 1641 >> [2012/10/08 13:18:34.638836, 5] lib/username.c:77(Get_Pwnam_internals) >> Trying _Get_Pwnam(), username as lowercase is 1641 >> [2012/10/08 13:18:34.859941, 5] lib/username.c:110(Get_Pwnam_internals) >> Get_Pwnam_internals did find user [1641]! >> [2012/10/08 13:18:34.859987, 4] auth/pass_check.c:679(pass_check) >> pass_check: Checking (PAM) password for user 1641 (l=1) >> [2012/10/08 13:18:34.860010, 4] auth/pampass.c:472(smb_pam_start) >> smb_pam_start: PAM: Init user: 1641 >> [2012/10/08 13:18:34.862743, 4] auth/pampass.c:489(smb_pam_start) >> smb_pam_start: PAM: setting rhost to: 64.251.188.225 >> [2012/10/08 13:18:34.862764, 4] auth/pampass.c:498(smb_pam_start) >> smb_pam_start: PAM: setting tty >> [2012/10/08 13:18:34.862772, 4] auth/pampass.c:506(smb_pam_start) >> smb_pam_start: PAM: Init passed for user: 1641 >> [2012/10/08 13:18:34.862779, 4] auth/pampass.c:523(smb_pam_auth) >> smb_pam_auth: PAM: Authenticate User: 1641 >> [2012/10/08 13:18:34.862862, 4] auth/pampass.c:545(smb_pam_auth) >> smb_pam_auth: PAM: User 1641 Authenticated OK >> [2012/10/08 13:18:34.862874, 4] auth/pampass.c:564(smb_pam_account) >> >> >> >> >> But when I try to access a webpage through IIS which is also configured >> to access this network share it fails and I see this in the logs: >> >> [2012/10/08 13:16:09.600154, 3] auth/auth.c:216(check_ntlm_password) >> check_ntlm_password: Checking password for unmapped user >> [WIN-K7GH3RR6OCJ]\[1641]@[win-k7gh3rr6ocj] with the new password interface >> [2012/10/08 13:16:09.600163, 3] auth/auth.c:219(check_ntlm_password) >> check_ntlm_password: mapped user is: >> [DEV-WEB1]\[1641]@[win-k7gh3rr6ocj] >> [2012/10/08 13:16:09.600170, 10] auth/auth.c:228(check_ntlm_password) >> check_ntlm_password: auth_context challenge created by random >> [2012/10/08 13:16:09.600177, 10] auth/auth.c:230(check_ntlm_password) >> challenge is: >> [2012/10/08 13:16:09.600184, 5] ../lib/util/util.c:278(_dump_data) >> [0000] D9 C9 AA F1 93 54 39 AD .....T9. >> [2012/10/08 13:16:09.600197, 10] auth/auth.c:256(check_ntlm_password) >> check_ntlm_password: guest had nothing to say >> [2012/10/08 13:16:09.600211, 3] smbd/sec_ctx.c:210(push_sec_ctx) >> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >> [2012/10/08 13:16:09.600219, 3] smbd/uid.c:429(push_conn_ctx) >> push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >> [2012/10/08 13:16:09.600227, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >> [2012/10/08 13:16:09.600234, 5] >> auth/token_util.c:525(debug_nt_user_token) >> NT user token: (NULL) >> [2012/10/08 13:16:09.600240, 5] >> auth/token_util.c:551(debug_unix_user_token) >> UNIX token of user 0 >> Primary group is 0 and contains 0 supplementary groups >> [2012/10/08 13:16:09.600254, 5] lib/username.c:133(Get_Pwnam_alloc) >> Finding user 1641 >> [2012/10/08 13:16:09.600262, 5] lib/username.c:77(Get_Pwnam_internals) >> Trying _Get_Pwnam(), username as lowercase is 1641 >> [2012/10/08 13:16:09.600271, 5] lib/username.c:110(Get_Pwnam_internals) >> Get_Pwnam_internals did find user [1641]! >> [2012/10/08 13:16:09.600281, 3] smbd/sec_ctx.c:418(pop_sec_ctx) >> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2012/10/08 13:16:09.600289, 5] auth/auth.c:268(check_ntlm_password) >> check_ntlm_password: unix authentication for user [1641] FAILED with >> error NT_STATUS_LOGON_FAILURE >> [2012/10/08 13:16:09.600298, 2] auth/auth.c:314(check_ntlm_password) >> check_ntlm_password: Authentication for user [1641] -> [1641] FAILED >> with error NT_STATUS_LOGON_FAILURE >> [2012/10/08 13:16:09.600307, 5] auth/auth_util.c:2119(free_user_info) >> >> >> >> The first difference I am noticing is 'pop_sec_ctx (0, 0) - >> sec_ctx_stack_ndx = 0', I'm not sure if this is relevant or if the problem >> lies elsewhere but wondering if someone has any insights what might be >> wrong? >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba