On Wed, 2013-05-29 at 22:28 +0200, steve wrote: > 4.0.6 with 3.6.12 file server > Hi > Ordinary users can connect fine: > > smbclient //oliva/users -Usteve2 > Enter steve2's password: > Domain=[HH3] OS=[Unix] Server=[Samba 3.6.9] > smb: \> > > log: > schannel_fetch_session_key_tdb: restored schannel info key > SECRETS/SCHANNEL/OLIVA > schannel_store_session_key_tdb: stored schannel info with key > SECRETS/SCHANNEL/OLIVA > auth_check_password_send: Checking password for unmapped user > [HH3]\[steve2]@[\\HH16] > auth_check_password_send: mapped user is: [HH3]\[steve2]@[\\HH16] > > getent passwd steve2 > steve2:*:3000023:20513:steve2:/home/users/steve2:/bin/bash > -------------------------- > > But Administrator (with rfc2307 attributes) can't: > smbclient //oliva/users -UAdministrator > Enter Administrator's password: > session setup failed: NT_STATUS_LOGON_FAILURE > > log: > schannel_fetch_session_key_tdb: restored schannel info key > SECRETS/SCHANNEL/OLIVA > schannel_store_session_key_tdb: stored schannel info with key > SECRETS/SCHANNEL/OLIVA > auth_check_password_send: Checking password for unmapped user > [HH3]\[Administrator]@[\\HH16] > auth_check_password_send: mapped user is: [HH3]\[Administrator]@[\\HH16] > ------------------------------------- > getent passwd Administrator > Administrator:*:3000099:20513:Administrator:/: > > getent group Domain\ Users > Domain Users:*:20513: > ------------------------------------- > smb.conf on the Samba3 file server: > [global] > workgroup = HH3 > realm = HH3.SITE > kerberos method = system keytab > security = ADS > #username map = /home/steve/smbusers > > [users] > path = /home/users > read only = No > > [profiles] > path = /home/profiles > read only = No > store dos attributes = Yes > create mask = 0600 > directory mask = 0700 > browseable = No > guest ok = No > printable = No > profile acls = Yes > csc policy = disable > > [shared] > path = /home/shared > read only = No > ------------------------------------------- > > Question: Why can ordinary users connect, but not the domain admin? > Thanks, Steve >
Hi again The fileserver is looking for: HH3\Administrator (i.e. with the workgroup attached)??? > [2013/05/29 23:58:24.560712, 3] > libsmb/cliconnect.c:3170(cli_start_connection) Connecting to host=HH16.HH3.SITE [2013/05/29 23:58:24.561068, 3] lib/util_sock.c:766(open_socket_out_send) Connecting to 192.168.1.16 at port 445 [2013/05/29 23:58:25.699013, 3] auth/auth_util.c:1121(check_account) Failed to find authenticated user HH3\administrator via getpwnam(), denying access. [2013/05/29 23:58:25.703519, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2013/05/29 23:58:25.703924, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2013/05/29 23:58:25.708454, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba