I have seen this behaviour recently using Samba 3.4.5 from the Lucid
tree on Ubuntu 9.10
Try using domain\username for the username
To me, it appears to be a bug in winbind not using the default domain,
but I could be wrong.
Sent from my iPhone
On 20/02/2010, at 8:29 PM, grant little <[email protected]> wrote:
Hello,
having spent many hours scouring archives, docs, books and googling
without
finding an answer I need to ask your help on this.
running samba 3.4.0-3ubuntu5.3 on ubuntu 9.10 server, client users
can login
to the share from windows clients but the same users is denied
access when
connecting from OS X via GO/Connect To Server in format
smb://fqdnofserver
user authentication is to active directory using kerberos and LDAP
and am
not running winbind
pam.d/samba is set to allow smb logins, that is shell logins are not
permitted for active directory authenticated users. here's that
snippet:
# /etc/pam.d/samba
auth sufficient pam_krb5.so minimum_uid=1000 use_first_pass
account sufficient pam_ldap.so use_first_pass
session sufficient pam_ldap.so
I have tested my configs on samba 3.0.33 on CENTOS and it works fine
there
for both OS X and windows
the share is setup on
/shares/asgs
with these permissions:
drwxrwsrwx 8 root root 87 2010-02-20 00:17 shares
drwxrws--- 2 grant ASGSFileUsers 18 2010-02-20 00:21 asgs
here's smb.conf:
[global]
unix extensions = no
disable spoolss = Yes
disable netbios = yes
name resolve order = hosts
workgroup = AD
realm = AD.UCSD.EDU
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
log level = 3
panic action = /usr/share/samba/panic-action %d
security = ads
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
pam password change = no
map to guest = bad user
usershare allow guests = no
[asgs]
comment = ASGS
path = /shares/asgs
browsable = Yes
valid users = @ad\ASGSFileUsers
write list = @ad\ASGSFileUsers
create mask = 2660
directory mask = 2770
The tail n20 of the log of the conecting ip shows this for an OS X
attempt:
[2010/02/20 00:56:16, 3] smbd/oplock_linux.c:219
(linux_init_kernel_oplocks)
Linux kernel oplocks enabled
[2010/02/20 00:56:16, 3] smbd/process.c:1453(process_smb)
Transaction 0 of length 51 (0 toread)
[2010/02/20 00:56:16, 3] smbd/process.c:1272(switch_message)
switch message SMBnegprot (pid 5658) conn 0x0
[2010/02/20 00:56:16, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/20 00:56:16, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [NT LM 0.12]
[2010/02/20 00:56:16, 3] smbd/negprot.c:387(reply_nt1)
using SPNEGO
[2010/02/20 00:56:16, 3] smbd/negprot.c:672(reply_negprot)
Selected protocol NT LM 0.12
[2010/02/20 00:56:18, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/20 00:56:18, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2010/02/20 00:56:18, 3] smbd/server.c:848(exit_server_common)
Server exit (failed to receive smb request)
Hope someone can give me a pointer where to look next or what to
tweak. Let
me know if you need other log snippets.
Thanks,
Grant
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
