Hello all! We are attempting to get Samba-3.0.10 working on a new Solaris 8 machine in preparation for upgrading an existing 2.2.8 installation (both use the SMCsamba packages from SunFreeware.com). We copied over the smb.conf file and the usermap from the Samba-2 installation, and seeing some weird symptoms when Windows users try to connect to the new machine.
We ran "net join" to join the local domain (referred to hereafter as MYDOMAIN). When we set "security = DOMAIN" in the smb.conf file (which is how we have it on 2.2.8), it works for users that are not in the usermap (i.e. whose UNIX login name is the same as their Windows login). But users who are in the usermap can't connect. However, when we change the setting to "security = SERVER" then it works for the users in the usermap. The main difference I see between DOMAIN and SERVER logins is that the DOMAIN uses winbind authentication, while SERVER uses smbserver authentication. Also, it looks like Samba tries to create a user with the login of the UNIX user, and then fails because it can't. If anyone can tell me where we're going wrong, I would really appreciate it! Thanks in advance! smb.conf global entries: # Global parameters [global] workgroup = MYDOMAIN netbios name = MYSERVER security = DOMAIN # security = SERVER encrypt passwords = Yes password server = winserv1 winserv2 * username map = /usr/local/samba/lib/usermap wins server = x.x.x.x log level = 3 log file = /var/log/smb.log Contents of usermap: unixuser=pcuser Log entries for the successful DOMAIN login with an unmapped user: [2005/02/01 15:57:58, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[myuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24 [2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] < SNIP > [2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: winbind authentication for user [myuser] succeeded [2005/02/01 15:57:58, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/02/01 15:57:58, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/02/01 15:57:58, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/02/01 15:57:58, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/02/01 15:57:58, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [myuser] -> [myuser] -> [myuser] succeeded [2005/02/01 15:57:58, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/02/01 15:57:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2005/02/01 15:57:58, 3] smbd/password.c:register_vuid(222) User name: myuser Real name: [2005/02/01 15:57:58, 3] smbd/password.c:register_vuid(241) UNIX uid 5489 is UNIX user myuser, and will be vuid 100 < SNIP > The logs for the failed DOMAIN login for the mapped user: [2005/02/01 15:35:41, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[PCuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24 [2005/02/01 15:35:41, 3] lib/username.c:map_username(173) Mapped user PCuser to unixuser [2005/02/01 15:35:41, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/01 15:35:41, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] < SNIP > [2005/02/01 15:35:41, 3] auth/auth_util.c:make_server_info_info3(1127) User unixuser does not exist, trying to add it [2005/02/01 15:35:41, 0] auth/auth_util.c:make_server_info_info3(1134) make_server_info_info3: pdb_init_sam failed! [2005/02/01 15:35:41, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [PCuser] -> [unixuser] FAILED with error NT_STATUS_NO_SUCH_USER < SNIP > Logs for the successful SERVER login for the mapped user: [2005/02/01 15:36:22, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[PCuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24 [2005/02/01 15:36:22, 3] lib/username.c:map_username(173) Mapped user PCuser to unixuser [2005/02/01 15:36:22, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/01 15:36:22, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] < SNIP > [2005/02/01 15:36:26, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: smbserver authentication for user [PCuser] succeeded [2005/02/01 15:36:26, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/02/01 15:36:26, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/02/01 15:36:26, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/02/01 15:36:26, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/02/01 15:36:26, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [PCuser] -> [unixuser] -> [unixuser] succeeded [2005/02/01 15:36:26, 3] smbd/password.c:register_vuid(222) User name: unixuser Real name: Unix User [2005/02/01 15:36:26, 3] smbd/password.c:register_vuid(241) UNIX uid 5479 is UNIX user unixuser, and will be vuid 100 < SNIP > ------------------------------------------------------------------------- Christina Plummer [EMAIL PROTECTED] UNIX Systems Administrator Information Technology Services University of Rochester (585)275-2239 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba