Prev: [Samba] Getent passwd and getent group fail / Samba 3.5.2
Next: Getent passwd and getent group fail / Samba 3.5.2
From: Jeremy Allison on 4 May 2010 05:50
On Mon, May 03, 2010 at 08:26:41PM -1000, Gary Dunn wrote:
> This is a repost. Original sent last Friday afternoon received no
> response. Any ideas would be appreciated. Should I try Samba 4?
>
> =-=-=-=-=
>
> I have a server which will accept a file sharing connection from a
> FreeBSD workstation using smbclient, but not from a Vista workstation.
> The server also performs as a NAT gateway. Upstream network
> configuration is by DHCP (dhclient), the downstream side is assigned
> 10.0.1.0. All Samba clients will be on the downstream side. The NAT
> portion is working fine. By design the Vista clients will be members of
> domains which have nothing to do with this internal network, or each
> other. Assume client users do not have elevated privileges and that
> Vista is highly locked down by GPO. Network connections to servers in
> the domain are allowed.
>
> Currently the printer sharing is not working because CUPS has not be set
> up. This should be irrelevant to this issue.
>
> I did not see anything useful with debug levels less than three, and
> even at three I cannot determine the problem. Hopefully someone here
> can. Sorry about the long post.
>
> Log file for Vista connect, workstation name WK102123. Command line was
>
> net use x: \\g8dr01\work-clear /user:g8dr01\g8team
>
> Result is Error 67, network name not found.
>
> 1 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(220)
> 2 check_ntlm_password: Checking password for unmapped user
> [g8dr01]\[g8team]@[WK102123] with the new password interface
> 3 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(223)
> 4 check_ntlm_password: mapped user is:
> [g8dr01]\[g8team]@[WK102123]
> 5 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 6 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> 7 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 8 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> 9 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 10 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> 11 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 12 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 13 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 14 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 15 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 16 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 17 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 18 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 19 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 20 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 21 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 22 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 23 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 24 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 25 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 26 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 27 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 28 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 29 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 30 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 31 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 32 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 33 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 34 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 35 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 36 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 37 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 38 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 39 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 40 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 41 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 42 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 43 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 44 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> 45 [2010/04/29 15:06:36, 3]
> libsmb/ntlm_check.c:ntlm_password_check(319)
> 46 ntlm_password_check: NTLMv2 password check failed
> 47 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 48 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> 49 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 50 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> 51 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 52 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> 53 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 54 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 55 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 56 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 57 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 58 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 59 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 60 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 61 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 62 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> 63 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 64 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> 65 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 66 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> 67 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 68 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> 69 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 70 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 71 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 72 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 73 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 74 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 75 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 76 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 77 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 78 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 79 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 80 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 81 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 82 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 83 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 84 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 85 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:push_sec_ctx(224)
> 86 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> 87 [2010/04/29 15:06:36, 3] smbd/uid.c:push_conn_ctx(440)
> 88 push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> 89 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 90 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> 91 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 92 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> 93 [2010/04/29 15:06:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
> 94 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> 95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
> 96 check_ntlm_password: Authentication for user [g8team] ->
> [g8team]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> 97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
> 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE

This is the problem. You're getting NT_STATUS_WRONG_PASSWORD.
I'm assuming the password is correct you're typing here ?

Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: osp on 4 May 2010 16:30
On Tue, 4 May 2010 02:42:37 -0700 Jeremy Allison <jra(a)samba.org> wrote:
> On Mon, May 03, 2010 at 08:26:41PM -1000, Gary Dunn wrote:
> > This is a repost. Original sent last Friday afternoon received no
> > response. Any ideas would be appreciated. Should I try Samba 4?
> >

[snip]

> > 95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
> > 96 check_ntlm_password: Authentication for user [g8team] ->
> > [g8team]
> > FAILED with error NT_STATUS_WRONG_PASSWORD
> > 97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
> > 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
> > NT_STATUS_LOGON_FAILURE
>
> This is the problem. You're getting NT_STATUS_WRONG_PASSWORD.
> I'm assuming the password is correct you're typing here ?
>
> Jeremy.
>

Thanks Jeremy for taking a look at this. I do not know enough to say
whether or not you are correct. I can say that I am as certain as anyone
could be that I entered the correct password, but that is always an issue.I
will test again just to be sure, after I set up my test LAN.

The thing is, there are other lines in this log file that tell a different
story. As you noticed, things begin badly:

1 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(220)
2 check_ntlm_password: Checking password for unmapped user
[g8dr01]\[g8team]@[SHAFP09WK102123] with the new password interface
3 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(223)
4 check_ntlm_password: mapped user is:
[g8dr01]\[g8team]@[SHAFP09WK102123]
...
95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
96 check_ntlm_password: Authentication for user [g8team] -> [g8team]
FAILED with error NT_STATUS_WRONG_PASSWORD
97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
99 [2010/04/29 15:06:48, 3] smbd/process.c:smbd_process(1930)
100 receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
101 [2010/04/29 15:06:48, 3] smbd/sec_ctx.c:set_sec_ctx(324)
102 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
103 [2010/04/29 15:06:48, 3] smbd/connection.c:yield_connection(31)
104 Yielding connection to
105 [2010/04/29 15:06:48, 3] smbd/server.c:exit_server_common(974)
106 Server exit (normal exit)

then, during the same connection attempt we see "sam authentication":

107 [2010/04/29 15:06:56, 3] auth/auth.c:check_ntlm_password(220)
108 check_ntlm_password: Checking password for unmapped user
[g8dr01]\[g8team]@[SHAFP09WK102123] with the new password interface
109 [2010/04/29 15:06:56, 3] auth/auth.c:check_ntlm_password(223)
110 check_ntlm_password: mapped user is:
[g8dr01]\[g8team]@[SHAFP09WK102123]
...
167 [2010/04/29 15:06:56, 3] auth/auth.c:check_ntlm_password(269)
168 check_ntlm_password: sam authentication for user [g8team] succeeded
...
177 [2010/04/29 15:06:56, 2] auth/auth.c:check_ntlm_password(308)
178 check_ntlm_password: authentication for user [g8team] -> [g8team]
-> [g8team] succeeded
...
271 [2010/04/29 15:06:56, 3] smbd/password.c:register_existing_vuid(289)
272 register_existing_vuid: User name: g8team Real name: G8 Down Range Team
273 [2010/04/29 15:06:56, 3] smbd/password.c:register_existing_vuid(299)
274 register_existing_vuid: UNIX uid 1002 is UNIX user g8team, and will
be vuid 100
275 [2010/04/29 15:06:56, 3] smbd/password.c:register_homes_share(231)
276 Adding homes service for user 'g8team' using home directory:
'/home/g8team'

The real name, uid and home folder path are all correct, taken from
/etc/passwd.

...

283 [2010/04/29 15:06:56, 3] lib/access.c:only_ipaddrs_in_list(362)
284 only_ipaddrs_in_list: list has non-ip address (10.0.1.)
285 [2010/04/29 15:06:56, 3] lib/access.c:check_access(396)
286 check_access: hostnames in host allow/deny list.
287 [2010/04/29 15:06:56, 2] lib/access.c:check_access(406)
288 Allowed connection from 10.0.1.10 (10.0.1.10)

this is correct, connections are limited to the 10.0.1.0 public network,
client is 10.0.1.10.

...
345 [2010/04/29 15:06:56, 3] smbd/service.c:make_connection_snum(1115)
346 shafp09wk102123 (10.0.1.10) connect to service IPC$ initially as
user g8team (uid=1002, gid=1002) (pid 1224)

this all looks correct, but things start to go wrong with the IPC$ share

347 [2010/04/29 15:06:56, 3] smbd/sec_ctx.c:set_sec_ctx(324)
348 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
349 [2010/04/29 15:06:56, 3] smbd/reply.c:reply_tcon_and_X(794)
350 tconX service=IPC$
351 [2010/04/29 15:06:56, 3] smbd/process.c:smbd_process(1930)
352 receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting

What follows is another long password authentication step leading to the
requested share, "work-clear." This fails much like the IPC$ share.
...
437 [2010/04/29 15:06:56, 2] auth/auth.c:check_ntlm_password(308)
438 check_ntlm_password: authentication for user [g8team] -> [g8team]
-> [g8team] succeeded
...

590 shafp09wk102123 (10.0.1.10) connect to service work-clear initially
as user g8team (uid=1002, gid=1002) (pid 1225)
591 [2010/04/29 15:06:56, 3] smbd/sec_ctx.c:set_sec_ctx(324)
592 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
593 [2010/04/29 15:06:56, 3] smbd/reply.c:reply_tcon_and_X(794)
594 tconX service=WORK-CLEAR
595 [2010/04/29 15:06:56, 3] smbd/process.c:smbd_process(1930)
596 receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
597 [2010/04/29 15:06:56, 3] smbd/sec_ctx.c:set_sec_ctx(324)
598 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
599 [2010/04/29 15:06:56, 3] smbd/sec_ctx.c:set_sec_ctx(324)
600 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
601 [2010/04/29 15:06:56, 1] smbd/service.c:close_cnum(1327)
602 shafp09wk102123 (10.0.1.10) closed connection to service work-clear
603 [2010/04/29 15:06:56, 3] smbd/connection.c:yield_connection(31)
604 Yielding connection to work-clear
605 [2010/04/29 15:06:56, 3] smbd/sec_ctx.c:set_sec_ctx(324)
606 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
607 [2010/04/29 15:06:56, 3] smbd/connection.c:yield_connection(31)
608 Yielding connection to
609 [2010/04/29 15:06:56, 3] smbd/server.c:exit_server_common(974)
610 Server exit (normal exit)


In a few minutes I'll redo the test, and if I managed to bungle the
password I'll post a follow up. In the meantime, assume the password is
correct.

Could this be a permissions issue? Does Vista think that g8team, which it
knows nothing about, has no rights on the client? I assume the command

net use x: \\server\share /user:auser

would give the current Vista user access to the server on behalf of auser.
I am not logged onto the Vista client as auser. Would that explain why
authentication eventually succeeds, but the connection is refused?

Is error 67 the usual message?

Thanks again.

Gary Dunn
Open Slate Project



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: osp on 4 May 2010 17:20
On Tue, 4 May 2010 10:27:35 HST osp(a)aloha.com (that's me) wrote:
> On Tue, 4 May 2010 02:42:37 -0700 Jeremy Allison <jra(a)samba.org> wrote:
> > On Mon, May 03, 2010 at 08:26:41PM -1000, Gary Dunn wrote:
> > > This is a repost. Original sent last Friday afternoon received no
> > > response. Any ideas would be appreciated. Should I try Samba 4?
> > >
>
> [snip]
>
> > > 95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
> > > 96 check_ntlm_password: Authentication for user [g8team] ->
> > > [g8team]
> > > FAILED with error NT_STATUS_WRONG_PASSWORD
> > > 97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
> > > 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
> > > NT_STATUS_LOGON_FAILURE
> >
> > This is the problem. You're getting NT_STATUS_WRONG_PASSWORD.
> > I'm assuming the password is correct you're typing here ?
> >
> > Jeremy.
> >
>
> Thanks Jeremy for taking a look at this. I do not know enough to say
> whether or not you are correct. I can say that I am as certain as anyone
> could be that I entered the correct password, but that is always an issue.I
> will test again just to be sure, after I set up my test LAN.

Did the test. Same result. I even logged onto the Vista client with admin
privleges and cleared the setting that requires authentication by
smartcard, namely

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\scforceoption

Exact same result. No progress.

Gary Dunn
Open Slate Project


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Jeremy Allison on 4 May 2010 18:30
On Tue, May 04, 2010 at 10:27:35AM +0000, osp(a)aloha.com wrote:
> On Tue, 4 May 2010 02:42:37 -0700 Jeremy Allison <jra(a)samba.org> wrote:
> > On Mon, May 03, 2010 at 08:26:41PM -1000, Gary Dunn wrote:
> > > This is a repost. Original sent last Friday afternoon received no
> > > response. Any ideas would be appreciated. Should I try Samba 4?
> > >
>
> [snip]
>
> > > 95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
> > > 96 check_ntlm_password: Authentication for user [g8team] ->
> > > [g8team]
> > > FAILED with error NT_STATUS_WRONG_PASSWORD
> > > 97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
> > > 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
> > > NT_STATUS_LOGON_FAILURE
> >
> > This is the problem. You're getting NT_STATUS_WRONG_PASSWORD.
> > I'm assuming the password is correct you're typing here ?
> >
> > Jeremy.
> >
>
> Thanks Jeremy for taking a look at this. I do not know enough to say
> whether or not you are correct. I can say that I am as certain as anyone
> could be that I entered the correct password, but that is always an issue.I
> will test again just to be sure, after I set up my test LAN.
>
> The thing is, there are other lines in this log file that tell a different
> story. As you noticed, things begin badly:
>
> 1 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(220)
> 2 check_ntlm_password: Checking password for unmapped user
> [g8dr01]\[g8team]@[SHAFP09WK102123] with the new password interface
> 3 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(223)
> 4 check_ntlm_password: mapped user is:
> [g8dr01]\[g8team]@[SHAFP09WK102123]
> ..
> 95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
> 96 check_ntlm_password: Authentication for user [g8team] -> [g8team]
> FAILED with error NT_STATUS_WRONG_PASSWORD
> 97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
> 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> 99 [2010/04/29 15:06:48, 3] smbd/process.c:smbd_process(1930)
> 100 receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
> 101 [2010/04/29 15:06:48, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> 102 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> 103 [2010/04/29 15:06:48, 3] smbd/connection.c:yield_connection(31)
> 104 Yielding connection to
> 105 [2010/04/29 15:06:48, 3] smbd/server.c:exit_server_common(974)
> 106 Server exit (normal exit)
>
> then, during the same connection attempt we see "sam authentication":

What are the domain names (or NBT names) of the client
and server ? Are both the client and server in a domain,
or are they standalone ? Or is one in a domain and the
other not ?

Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: osp on 4 May 2010 20:50
On Tue, 4 May 2010 15:28:38 -0700 Jeremy Allison <jra(a)samba.org> wrote:
> On Tue, May 04, 2010 at 10:27:35AM +0000, osp(a)aloha.com wrote:
> > On Tue, 4 May 2010 02:42:37 -0700 Jeremy Allison <jra(a)samba.org> wrote:
> > > On Mon, May 03, 2010 at 08:26:41PM -1000, Gary Dunn wrote:
> > > > This is a repost. Original sent last Friday afternoon received no
> > > > response. Any ideas would be appreciated. Should I try Samba 4?
> > > >
> >
> > [snip]
> >
> > > > 95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
> > > > 96 check_ntlm_password: Authentication for user [g8team] ->
> > > > [g8team]
> > > > FAILED with error NT_STATUS_WRONG_PASSWORD
> > > > 97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
> > > > 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
> > > > NT_STATUS_LOGON_FAILURE
> > >
> > > This is the problem. You're getting NT_STATUS_WRONG_PASSWORD.
> > > I'm assuming the password is correct you're typing here ?
> > >
> > > Jeremy.
> > >
> >
> > Thanks Jeremy for taking a look at this. I do not know enough to say
> > whether or not you are correct. I can say that I am as certain as anyone
> > could be that I entered the correct password, but that is always an issue.I
> > will test again just to be sure, after I set up my test LAN.
> >
> > The thing is, there are other lines in this log file that tell a different
> > story. As you noticed, things begin badly:
> >
> > 1 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(220)
> > 2 check_ntlm_password: Checking password for unmapped user
> > [g8dr01]\[g8team]@[SHAFP09WK102123] with the new password interface
> > 3 [2010/04/29 15:06:36, 3] auth/auth.c:check_ntlm_password(223)
> > 4 check_ntlm_password: mapped user is:
> > [g8dr01]\[g8team]@[SHAFP09WK102123]
> > ..
> > 95 [2010/04/29 15:06:36, 2] auth/auth.c:check_ntlm_password(318)
> > 96 check_ntlm_password: Authentication for user [g8team] -> [g8team]
> > FAILED with error NT_STATUS_WRONG_PASSWORD
> > 97 [2010/04/29 15:06:36, 3] smbd/error.c:error_packet_set(61)
> > 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX)
> > NT_STATUS_LOGON_FAILURE
> > 99 [2010/04/29 15:06:48, 3] smbd/process.c:smbd_process(1930)
> > 100 receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
> > 101 [2010/04/29 15:06:48, 3] smbd/sec_ctx.c:set_sec_ctx(324)
> > 102 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> > 103 [2010/04/29 15:06:48, 3] smbd/connection.c:yield_connection(31)
> > 104 Yielding connection to
> > 105 [2010/04/29 15:06:48, 3] smbd/server.c:exit_server_common(974)
> > 106 Server exit (normal exit)
> >
> > then, during the same connection attempt we see "sam authentication":
>
> What are the domain names (or NBT names) of the client
> and server ? Are both the client and server in a domain,
> or are they standalone ? Or is one in a domain and the
> other not ?

The Vista clients will be members of some domain. In use they will not be
connected to their domain. "Off Site" or "On the Road" if you will. Users
authenticate with a smartcard, so they will really be using the local copy
of their credentials. The server is not in any domain.

During these tests the upstream network was connected to the organizational
network, so the domain controllers are reachable through the NAT firewall
and are authenticating Vista user logons.

In smb.conf:

workgroup = G8DOWNRANGE
netbios name = g8dr01
security = user
guest account = g8team
wins support = yes
dns proxy = yes

In /etc/hosts:

10.0.1.1 g8dr01 g8dr01.g8dr

In /etc/rc.conf:

hostname="g8dr01"

From /usr/local/etc/dhcpd.conf:

option domain-name "g8dr";
option netbios-name-servers 10.0.1.1;
option domain-name-servers 10.0.1.1;

The server is running dnsmasq and will resolve g8dr01 as 10.0.1.1 and
forward unknown names upstream to the ISP DNS. I can google from the Vista
client just fine.

Naturally these entries are incomplete, I am including only what I think is
relevant. Let me know what else might help.

I think I can run a test using plain, out-of-the-box Vista. Maybe even XP.
Will post results when I have them.

Gary Dunn
Open Slate Project


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 |  Next  |  Last
Pages: 1 2 3
Prev: [Samba] Getent passwd and getent group fail / Samba 3.5.2
Next: Getent passwd and getent group fail / Samba 3.5.2