Prev: printer "Advanced tab" grayed
Next: mounting as cifs not working in Debian, works in Windows though
From: grant little on 30 Jul 2010 01:20 On Sun, Feb 21, 2010 at 2:32 AM, grant little <grantliddle(a)gmail.com> wrote: > ~:=) woohoo! I am pleased to report, that samba 3.5.0rc3, just released > yesterday for debian, appears to have fixed this problem. > I just installed the experimental version of that and at least on the > initial test I just did, I can now login to the same share from both > windows clients and OS X with winbind not running on the samba server. I > have more tests to do but it is looking good so far. Thanks to all the samba > and debian teams for making my life a little easier. > > I was previously stuck in a rut between using centos 5.4 with samba 3.0.33 > that worked from both clients but centos 5.4 would not support having the > operating system on GPT hard drives and ubuntu 9.10 which would support GPT > hard drives but had a buggy version of samba as previously described. > So thanks for lifting me out of the rut and I look forward to the 3.5.0 > final release version. > > > On Sat, Feb 20, 2010 at 1:31 PM, grant little <grantliddle(a)gmail.com>wrote: > >> Thanks Alex. >> I'm not using winbind, just kerberos and LDAP and I have in all cases >> tried both domain\username as well as username. >> >> Here's a better dump of the ip log that appens on a failed login attempt >> that seems to show that the authentication is OK from os x: >> [2010/02/20 13:13:17, 3] smbd/process.c:1453(process_smb) >> Transaction 2 of length 366 (0 toread) >> [2010/02/20 13:13:17, 3] smbd/process.c:1272(switch_message) >> switch message SMBsesssetupX (pid 6039) conn 0x0 >> [2010/02/20 13:13:17, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/02/20 13:13:17, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X) >> wct=12 flg2=0xc801 >> [2010/02/20 13:13:17, 3] >> smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego) >> Doing spnego session setup >> [2010/02/20 13:13:17, 3] >> smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego) >> NativeOS=[Mac OS X 10.6] NativeLanMan=[SMBFS 1.6.0] PrimaryDomain=[] >> [2010/02/20 13:13:17, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth) >> Got user=[grant] domain=[AD] workstation=[GRANT] len1=24 len2=126 >> [2010/02/20 13:13:19, 3] smbd/oplock.c:911(init_oplocks) >> init_oplocks: initializing messages. >> [2010/02/20 13:13:19, 3] >> smbd/oplock_linux.c:219(linux_init_kernel_oplocks) >> Linux kernel oplocks enabled >> [2010/02/20 13:13:19, 3] smbd/process.c:1453(process_smb) >> >> Transaction 0 of length 51 (0 toread) >> [2010/02/20 13:13:19, 3] smbd/process.c:1272(switch_message) >> switch message SMBnegprot (pid 6040) conn 0x0 >> [2010/02/20 13:13:19, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/02/20 13:13:19, 3] smbd/negprot.c:567(reply_negprot) >> >> Requested protocol [NT LM 0.12] >> [2010/02/20 13:13:19, 3] smbd/negprot.c:387(reply_nt1) >> using SPNEGO >> [2010/02/20 13:13:19, 3] smbd/negprot.c:672(reply_negprot) >> >> Selected protocol NT LM 0.12 >> [2010/02/20 13:13:21, 3] smbd/sec_ctx.c:310(set_sec_ctx) >> >> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >> [2010/02/20 13:13:21, 3] smbd/connection.c:31(yield_connection) >> Yielding connection to >> [2010/02/20 13:13:21, 3] smbd/server.c:848(exit_server_common) >> >> Server exit (failed to receive smb request) >> ------ >> what's weird is that there's no sign of the login in auth.log only the >> test via windows cleint a few seconds before: >> Feb 20 13:12:14 servername smbd[6033]: pam_unix(samba:session): session >> opened for user grant by (uid=0) >> Feb 20 13:12:24 servername smbd[6033]: pam_unix(samba:session): session >> closed for user grant >> after that nothing... >> >> >> On Sat, Feb 20, 2010 at 11:17 AM, Alex Ferrara <alex(a)receptiveit.com.au>wrote: >> >>> I have seen this behaviour recently using Samba 3.4.5 from the Lucid tree >>> on Ubuntu 9.10 >>> >>> Try using domain\username for the username >>> >>> To me, it appears to be a bug in winbind not using the default domain, >>> but I could be wrong. >>> >>> Sent from my iPhone >>> >>> >>> On 20/02/2010, at 8:29 PM, grant little <grantliddle(a)gmail.com> wrote: >>> >>> Hello, >>>> having spent many hours scouring archives, docs, books and googling >>>> without >>>> finding an answer I need to ask your help on this. >>>> >>>> running samba 3.4.0-3ubuntu5.3 on ubuntu 9.10 server, client users can >>>> login >>>> to the share from windows clients but the same users is denied access >>>> when >>>> connecting from OS X via GO/Connect To Server in format >>>> smb://fqdnofserver >>>> >>>> user authentication is to active directory using kerberos and LDAP and >>>> am >>>> not running winbind >>>> >>>> pam.d/samba is set to allow smb logins, that is shell logins are not >>>> permitted for active directory authenticated users. here's that snippet: >>>> # /etc/pam.d/samba >>>> auth sufficient pam_krb5.so minimum_uid=1000 use_first_pass >>>> account sufficient pam_ldap.so use_first_pass >>>> session sufficient pam_ldap.so >>>> >>>> >>>> I have tested my configs on samba 3.0.33 on CENTOS and it works fine >>>> there >>>> for both OS X and windows >>>> >>>> the share is setup on >>>> /shares/asgs >>>> with these permissions: >>>> drwxrwsrwx 8 root root 87 2010-02-20 00:17 shares >>>> drwxrws--- 2 grant ASGSFileUsers 18 2010-02-20 00:21 asgs >>>> >>>> here's smb.conf: >>>> [global] >>>> unix extensions = no >>>> disable spoolss = Yes >>>> disable netbios = yes >>>> name resolve order = hosts >>>> workgroup = AD >>>> realm = AD.UCSD.EDU >>>> server string = %h server (Samba, Ubuntu) >>>> dns proxy = no >>>> log file = /var/log/samba/log.%m >>>> max log size = 1000 >>>> syslog = 0 >>>> log level = 3 >>>> panic action = /usr/share/samba/panic-action %d >>>> security = ads >>>> encrypt passwords = true >>>> passdb backend = tdbsam >>>> obey pam restrictions = yes >>>> unix password sync = yes >>>> pam password change = no >>>> map to guest = bad user >>>> usershare allow guests = no >>>> [asgs] >>>> comment = ASGS >>>> path = /shares/asgs >>>> browsable = Yes >>>> valid users = @ad\ASGSFileUsers >>>> write list = @ad\ASGSFileUsers >>>> create mask = 2660 >>>> directory mask = 2770 >>>> >>>> The tail n20 of the log of the conecting ip shows this for an OS X >>>> attempt: >>>> [2010/02/20 00:56:16, 3] >>>> smbd/oplock_linux.c:219(linux_init_kernel_oplocks) >>>> Linux kernel oplocks enabled >>>> [2010/02/20 00:56:16, 3] smbd/process.c:1453(process_smb) >>>> Transaction 0 of length 51 (0 toread) >>>> [2010/02/20 00:56:16, 3] smbd/process.c:1272(switch_message) >>>> switch message SMBnegprot (pid 5658) conn 0x0 >>>> [2010/02/20 00:56:16, 3] smbd/sec_ctx.c:310(set_sec_ctx) >>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >>>> [2010/02/20 00:56:16, 3] smbd/negprot.c:567(reply_negprot) >>>> Requested protocol [NT LM 0.12] >>>> [2010/02/20 00:56:16, 3] smbd/negprot.c:387(reply_nt1) >>>> using SPNEGO >>>> [2010/02/20 00:56:16, 3] smbd/negprot.c:672(reply_negprot) >>>> Selected protocol NT LM 0.12 >>>> [2010/02/20 00:56:18, 3] smbd/sec_ctx.c:310(set_sec_ctx) >>>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >>>> [2010/02/20 00:56:18, 3] smbd/connection.c:31(yield_connection) >>>> Yielding connection to >>>> [2010/02/20 00:56:18, 3] smbd/server.c:848(exit_server_common) >>>> Server exit (failed to receive smb request) >>>> >>>> >>>> >>>> Hope someone can give me a pointer where to look next or what to tweak. >>>> Let >>>> me know if you need other log snippets. >>>> >>>> Thanks, >>>> Grant >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>> For the record it turns out I was mistaken: samba 3.4.7 works just fine on Ubuntu 9.10 with AD/LDAP/Kerberos as-long-as you have winbind stopped. I guess I must of had winbind stopped on 3.5.x wben it was working as I tried recently with 3.5.4 on Ubuntu and with winbind running it gives the same strange permission errors I previously had with 3.4.7 but once winbind is halted everything comes right. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: printer "Advanced tab" grayed Next: mounting as cifs not working in Debian, works in Windows though |