HiI am busy setting up Samba with Freeipa authentication, I have been following https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA and tired it on both Centos 7 and Ubuntu 20.04 but both is failing the authentication with:root@no-oslh-smb2:/home/luser# smbclient -K -L 10.93.150.74 -U pqvindes Enter PROXDYNAMICS\pqvindes's password:session setup failed: NT_STATUS_LOGON_FAILUREThe local and the remote address is the hosts own IP address 10.93.150.74 which I find a bit odd.Does anyone have any suggestions on how to
get it working?The smb.conf file looks like this:[global] workgroup = PROXDYNAMICS realm = PROXDYNAMICS.COM dedicated keytab file = FILE:/etc/samba/samba.keytab kerberos method = dedicated keytab log file = /var/log/samba/log.%m log level = 3 security = ADS winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind normalize names = no ntlm auth = yes idmap config * : backend = autorid idmap config * :
range = 1000000-19999999 idmap config * : rangesize = 1000000 template shell = /bin/bash[homes] browsable = no writable = yes[shared] path = /home/shared writable = yes browsable=yes write list = @admins The logs gives the following during a logon attempt:[2021/11/01 09:15:54.352593, 3] ../../auth/ntlmssp/ntlmssp_server.c:550(ntlmssp_server_preauth) Got user=[pqvindes] domain=[PROXDYNAMICS] workstation=[NO-OSLH-SMB2] len1=24 len2=352[2021/11/01 09:15:54.352665, 3]
../../source3/param/loadparm.c:3873(lp_load_ex) lp_load_ex: refreshing parameters[2021/11/01 09:15:54.352782, 3] ../../source3/param/loadparm.c:549(init_globals) Initialising global parameters[2021/11/01 09:15:54.352911, 3] ../../source3/param/loadparm.c:2787(lp_do_section) Processing section "[global]"[2021/11/01 09:15:54.353210, 2] ../../source3/param/loadparm.c:2804(lp_do_section) Processing section "[homes]"[2021/11/01 09:15:54.353258, 2] ../../source3/param/loadparm.c:2804(lp_do_section) Processing
section "[shared]"[2021/11/01 09:15:54.353356, 3] ../../source3/param/loadparm.c:1622(lp_add_ipc) adding IPC service[2021/11/01 09:15:54.353399, 3] ../../source3/auth/auth.c:199(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [PROXDYNAMICS]\[pqvindes]@[NO-OSLH-SMB2] with the new password interface[2021/11/01 09:15:54.353435, 3] ../../source3/auth/auth.c:202(auth_check_ntlm_password) check_ntlm_password: mapped user is: [PROXDYNAMICS]\[pqvindes]@[NO-OSLH-SMB2][2021/11/01
09:15:54.354518, 3] ../../source3/auth/check_samsec.c:398(check_sam_security) check_sam_security: Couldn't find user 'pqvindes' in passdb.[2021/11/01 09:15:54.354551, 2] ../../source3/auth/auth.c:343(auth_check_ntlm_password) check_ntlm_password: Authentication for user [pqvindes] -> [pqvindes] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1[2021/11/01 09:15:54.354641, 2] ../../auth/auth_log.c:635(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [PROXDYNAMICS]\[pqvindes] at [Mon, 01 Nov 2021
09:15:54.354599 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [NO-OSLH-SMB2] remote host [ipv4:10.93.150.74:47650] mapped to [PROXDYNAMICS]\[pqvindes]. local host [ipv4:10.93.150.74:445] {"timestamp": "2021-11-01T09:15:54.354792+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status":
"NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:10.93.150.74:445", "remoteAddress": "ipv4:10.93.150.74:47650", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "PROXDYNAMICS", "clientAccount": "pqvindes", "workstation": "NO-OSLH-SMB2", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "pqvindes",
"mappedDomain": "PROXDYNAMICS", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 3390}}[2021/11/01 09:15:54.354930, 3] ../../auth/gensec/spnego.c:1442(gensec_spnego_server_negTokenTarg_step) gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed:
NT_STATUS_NO_SUCH_USER[2021/11/01 09:15:54.354989, 3] ../../source3/smbd/smb2_server.c:3254(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../../source3/smbd/smb2_sesssetup.c:149[2021/11/01 09:15:54.355643, 3] ../../source3/smbd/server_exit.c:243(exit_server_common) Server exit (NT_STATUS_END_OF_FILE)RegardsPer
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure