Prev: smbd start trouble - CentOS 5.4
Next: Error joining domain "The specified account already exists"
From: Thomas Gutzler on 25 May 2010 23:40
Hi,

After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to
karmic (3.4.0) I cannot access the shares any more.

The server (FINTLEWOODLEWIX) is set up to check authentication via a PDC
(IO), which is also running 3.4.0 (and has been before). Guest access is
allowed so that any users without a local unix account will be granted
read access. Valid users are allowed read/write.

After the upgrade I'm not able to connect to the share any more unless I
specifically use the guest account (nobody) and its password. When
trying to connect from a windows box (KRIKKIT), the logfile says the
following (smbd runs in -d3). It doesn't seem to matter if the user
(tom) has a local unix account or not:

[2010/05/26 11:00:17, 3] libsmb/namequery_dc.c:199(rpc_dc_name)
rpc_dc_name: Returning DC IO (130.95.136.177) for domain OBEL
[2010/05/26 11:00:17, 3] libsmb/cliconnect.c:2031(cli_start_connection)
Connecting to host=IO
[2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send)
Connecting to 130.95.136.177 at port 445
[2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send)
Connecting to 130.95.136.177 at port 139
[2010/05/26 11:00:17, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[KRIKKIT]\[tom]@[KRIKKIT] with the new password interface
[2010/05/26 11:00:17, 3] auth/auth.c:225(check_ntlm_password)
check_ntlm_password: mapped user is: [FINTLEWOODLEWIX]\[tom]@[KRIKKIT]
[2010/05/26 11:00:17, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/05/26 11:00:17, 3] smbd/uid.c:428(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/05/26 11:00:17, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/05/26 11:00:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/26 11:00:17, 3] auth/auth_sam.c:282(check_sam_security)
check_sam_security: Couldn't find user 'tom' in passdb.
[2010/05/26 11:00:17, 3] auth/auth_winbind.c:54(check_winbind_security)
check_winbind_security: Not using winbind, requested domain
[FINTLEWOODLEWIX] was for this SAM.
[2010/05/26 11:00:17, 2] auth/auth.c:320(check_ntlm_password)
check_ntlm_password: Authentication for user [tom] -> [tom] FAILED
with error NT_STATUS_NO_SUCH_USER
[2010/05/26 11:00:17, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

The same user can directly connect to IO with not problems. Sending
"OBEL\tom" as user instead gives the following error:
[2010/05/26 11:08:17, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[OBEL]\[tom]@[KRIKKIT] with the new password interface
[2010/05/26 11:08:17, 3] auth/auth.c:225(check_ntlm_password)
check_ntlm_password: mapped user is: [FINTLEWOODLEWIX]\[tom]@[KRIKKIT]
[2010/05/26 11:08:17, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/05/26 11:08:17, 3] smbd/uid.c:428(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/05/26 11:08:17, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/05/26 11:08:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/26 11:08:17, 3] auth/auth_sam.c:282(check_sam_security)
check_sam_security: Couldn't find user 'tom' in passdb.
[2010/05/26 11:08:17, 3] auth/auth_winbind.c:54(check_winbind_security)
check_winbind_security: Not using winbind, requested domain
[FINTLEWOODLEWIX] was for this SAM.
[2010/05/26 11:08:17, 2] auth/auth.c:320(check_ntlm_password)
check_ntlm_password: Authentication for user [tom] -> [tom] FAILED
with error NT_STATUS_NO_SUCH_USER
[2010/05/26 11:08:17, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

Here is the output from testparm:
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
workgroup = OBEL
server string = %h file server
security = DOMAIN
map to guest = Bad Uid
password server = 130.95.136.177
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
panic action = /usr/share/samba/panic-action %d
invalid users = root

[data]
comment = valuable not backed up research data
path = /home/fintlewoodlewix/data
read only = No
create mask = 0644
force create mode = 0644
force directory mode = 0755
guest ok = Yes

I also set guest account = nobody in the global section which isn't
listed by testparm; maybe because it's the default.

net rpc testjoin reports: Join to 'OBEL' is OK

pdbedit -L only shows the 'nobody' account

Any suggestions how to fix this?

Cheers,
Tom
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: smbd start trouble - CentOS 5.4
Next: Error joining domain "The specified account already exists"