subject:"\[Samba\] Simple configuration and not working."

Re: [Samba] Simple configuration and not working.

2003-09-11 Thread Vincent . Badier


>I expect that getpwnam() failed for the user.  does
>
>getent passwd MYAD+mylogon
>
>succeed?


Sorry, i didn't answer to this question :

no this command didn't show anything to me :

#getent passwd MYAD+mylogon
#


Regard's
vincent


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple configuration and not working.

2003-09-11 Thread Vincent . Badier


>I would expect this to be 'security = ads'
>since you've specified a realm.

Yes you're right, i did it now.

>Does this apply to you?  (From WHATSNEW):
>
>Changes in Behavior
>- ---
>
>The following issues are known changes in behavior between Samba 2.2 and
>Samba 3.0 that may affect certain installations of Samba.
>
>1)  When operating as a member of a Windows domain, Samba 2.2 would
>map any users authenticated by the remote DC to the 'guest account'
>if a uid could not be obtained via the getpwnam() call.  Samba 3.0
>rejects the connection as NT_STATUS_LOGON_FAILURE.  There is no
>current work around to re-establish the 2.2 behavior.

I don't think so since i tried 2 remote connection attempts and auth seems
to success:

one from a remote linux client, and a log part :

# /usr/bin/smbclient //172.26.123.121/myshare -U mylogon -W MYAD
Password:
tree connect failed: NT_STATUS_ACCESS_DENIED

[2003/09/11 11:09:38, 2] auth/auth.c:check_ntlm_password(302)
 check_ntlm_password:  authentication for user [mylogon] -> [mylogon] -> ]
succeeded
[2003/09/11 11:09:38, 5] auth/auth_util.c:free_user_info(1185)
  attempting to free (and zero) a user_info structure
[2003/09/11 11:09:38, 10] auth/auth_util.c:free_user_info(1188)
  structure was created for mylogon
[2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(207)
  User name:Real name:
[2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(225)
  UNIX uid 0 is UNIX user, and will be vuid 100
[2003/09/11 11:09:38, 3] smbd/process.c:process_smb(890)
  Transaction 3 of length 104
[2003/09/11 11:09:38, 3] smbd/process.c:switch_message(685)
  switch message SMBtconX (pid 9247)
[2003/09/11 11:09:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/09/11 11:09:38, 2] smbd/service.c:make_connection_snum(384)
  user ' (from session setup) not permitted to access this share (myshare)
[2003/09/11 11:09:38, 3] smbd/error.c:error_packet(113)
  error packet at smbd/reply.c(274) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED

Well, what i understand is that authentication succeeded, a free structure
was created, but it seems to be not populate (user name and real name
empty), so this is normal that user ' is not allowed to access to the
share.
Am I wrong in my reasoning?

Another attempt, from a windows client now. thing are quite weird to me :

First, there is
Ticket name is [EMAIL PROTECTED]
and after another Ticket with the username. While i don't see any
authentifiaction success nor deny, i see that it attempt to see if the
username is in the group. Does the failure related to the bad username
entry in the struct?

[2003/09/11 11:45:40, 3] smbd/password.c:register_vuid(207)
  User name:^IReal name:
...
[2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339)
  user_in_winbind_group_list: nametogid for group MYAD+SEC_GLOBAL_GROUP
failed.
[2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339)
  user_in_winbind_group_list: nametogid for group
MYAD+SEC_ANOTHER_GLOBAL_GROUP failed.
[2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339)
  user_in_winbind_group_list: nametogid for group MYAD+THIRD_GLOBAL_GROUP
failed.
[2003/09/11 11:45:40, 2] smbd/service.c:make_connection_snum(384)
  user ' (from session setup) not permitted to access this share
(secondshare)


I obviously checked that permissions are set on the filesystem as well as
the user account membership to global groups.
Doing thoses test seem to tell me that auth is working, but there is still
a small thing that don't work in my case.
If needed, i can provide complete log for each of theses test.


Thank's again for your help
Vincent


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple configuration and not working.

2003-09-10 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 10 Sep 2003 [EMAIL PROTECTED] wrote:

> I checked with rc3, and now this work with such a smb.conf.

Excellent!

> Then i can't connect with my domain account. With a windows client, it
> ask me to enter a username and password again and again. I increase the
> log verbose and saw that auth suceeded, and just after, a new auth
> attemp with empty domain/username so i don't understand why this happen.
> I noticed that this didn't occured when i was with 2.2.x.

Does this apply to you?  (From WHATSNEW):

Changes in Behavior
- ---

The following issues are known changes in behavior between Samba 2.2 and
Samba 3.0 that may affect certain installations of Samba.

  1)  When operating as a member of a Windows domain, Samba 2.2 would
  map any users authenticated by the remote DC to the 'guest account'
  if a uid could not be obtained via the getpwnam() call.  Samba 3.0
  rejects the connection as NT_STATUS_LOGON_FAILURE.  There is no
  current work around to re-establish the 2.2 behavior.



> [global]
> workgroup = MYAD
> realm = MYAD.AD.MYDOMAIN.COM
> netbios name = FRMASSMEP03
> server string = %h server (Samba %v)
> security = DOMAIN

I would expect this to be 'security = ads' 
since you've specified a realm.


> [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500)
>   NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002
> 5.1]
> [2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286)
>   Got user=[mylogon] domain=[MYAD] workstation=[MYHOSTNAME] len1=24 len2=24
> [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216)
>   make_user_info_map: Mapping user [MYAD]\[mylogon] from workstation
> [MYHOSTNAME]
> 
> [2003/09/10 16:18:26, 3] auth/auth.c:check_ntlm_password(265)
>   check_ntlm_password: winbind authentication for user [mylogon] succeeded
> 

I expect that getpwnam() failed for the user.  does 

 getent passwd MYAD+mylogon 

succeed?



cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
--John Cusack - "Grosse Point Blank" (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/X0/QIR7qMdg1EfYRAuMRAJ0WVsyL/Igh/vH3kZC8z1i7W6d0TgCfUjRn
RqIQjsBnwau/rCm44l5FOow=
=fYsC
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple configuration and not working.

2003-09-10 Thread Vincent . Badier


>Can you retest against RC3.  There was a change in the NTLMv2 behavior
>that might help.

Thank you for your response!!

I checked with rc3, and now this work with such a smb.conf.

I tried to join AD domain, as this will our final use, with a modified
smb.conf.
Somme error occured when attempting to join, but it succeded.
I can list domain users and groups.

Then i can't connect with my domain account. With a windows client, it ask
me to enter a username and password again and again.
I increase the log verbose and saw that auth suceeded, and just after, a
new auth attemp with empty domain/username so i don't understand why this
happen.
I noticed that this didn't occured when i was with 2.2.x.

I can provide the log connection attemp if needed


Thank for your help and for your excellent work!!
Vincent


smb.conf

[global]
workgroup = MYAD
realm = MYAD.AD.MYDOMAIN.COM
netbios name = FRMASSMEP03
server string = %h server (Samba %v)
security = DOMAIN
update encrypted = Yes
password server = ip.of.my.dc
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client lanman auth = No
client plaintext auth = No
log level = 3 passdb:5 auth:10 winbind:2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 8000
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = ip.of.my.dc
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
invalid users = root

[myshare]
path = /mnt/alcanet/mastw2k
valid users = MYAD+mylogon
admin users = MYAD+mylogon
read only = No



Somes lines of the log :

[2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500)
  NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002
5.1]
[2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286)
  Got user=[mylogon] domain=[MYAD] workstation=[MYHOSTNAME] len1=24 len2=24
[2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216)
  make_user_info_map: Mapping user [MYAD]\[mylogon] from workstation
[MYHOSTNAME]

[2003/09/10 16:18:26, 3] auth/auth.c:check_ntlm_password(265)
  check_ntlm_password: winbind authentication for user [mylogon] succeeded

[2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476)
  Doing spnego session setup
[2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500)
  NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002
5.1]
[2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286)
  Got user=[] domain=[] workstation=[MYHOSTNAME] len1=1 len2=0
[2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216)
  make_user_info_map: Mapping user []\[] from workstation [MYHOSTNAME]
[2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for  ()




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple configuration and not working.

2003-09-09 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 8 Sep 2003 [EMAIL PROTECTED] wrote:

> First, i'm sorry to be so silly that i don't even to success a basic samba
> configuration simply working.
> Compilation of the rc2 had no errors.
... 
> Here is my smb.conf :
> [global]
> workgroup = MYGROUP
> netbios name = DATA
> preferred master = No
> local master = No
> domain master = No
> 
> [homes]
> read only = No
> 
> [myshare]
> path = /mnt/mypath
> valid users = toto
> read only = No
> 
> on the server :
> data:/usr/local/samba# ./bin/smbpasswd -a toto
> New SMB password:
> Retype new SMB password:
> Added user toto.
> data:/usr/local/samba#
> 
> On the client
> ~# /usr/bin/smbclient //172.26.123.9/myshare -U toto
> added interface ip=139.54.25.234 bcast=139.54.27.255 nmask=255.255.252.0
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE


Can you retest against RC3.  There was a change in the NTLMv2 behavior 
that might help.




cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
--John Cusack - "Grosse Point Blank" (1997)


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/XhEfIR7qMdg1EfYRAhHwAKCE5YRxtCDj8U+AvLq9aSKI7Kk2IACeMiBw
4fGKb96h8RMH1MzJ9oiSUdU=
=7nSz
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Simple configuration and not working.

2003-09-08 Thread Vincent . Badier

First, i'm sorry to be so silly that i don't even to success a basic samba
configuration simply working.
Compilation of the rc2 had no errors.

testparm against my smb.conf said ok, and i can start nmbd and smbd.
I also add a new unix user, said toto, and added it in samba.

The problem is that i can't connect to any share, via Windows or via
GNU/Linux.
The result from Windows is a new windows requiring a valid
username/password and from linux, a deny message.

However, share seems to be well exported.
I read as many doc as i could and know that auth is made before all attempt
to connect to any share. So i think this is not any bad right on share, but
an account problem.

Please help since there is a couple of week i'm searching.
Thank's in advance.

Here are my smb.conf file and my entries

Here is my smb.conf :
[global]
workgroup = MYGROUP
netbios name = DATA
preferred master = No
local master = No
domain master = No

[homes]
read only = No

[myshare]
path = /mnt/mypath
valid users = toto
read only = No

on the server :
data:/usr/local/samba# ./bin/smbpasswd -a toto
New SMB password:
Retype new SMB password:
Added user toto.
data:/usr/local/samba#

On the client
~# /usr/bin/smbclient //172.26.123.9/myshare -U toto
added interface ip=139.54.25.234 bcast=139.54.27.255 nmask=255.255.252.0
Password:
session setup failed: NT_STATUS_LOGON_FAILURE




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Simple configuration and not working.

Re: [Samba] Simple configuration and not working.

Re: [Samba] Simple configuration and not working.

Re: [Samba] Simple configuration and not working.

Re: [Samba] Simple configuration and not working.

[Samba] Simple configuration and not working.

6 matches

Site Navigation

Mail list logo

Footer information