First of all, I am not familiar with using Samba with AD so none of this
my apply
- Should security = domain ?
- technically, I think the Windows clients in the domain are
authenticating against the AD DC not the samba server. If the client
machine is not in the domain you would have provide user id and password
when connecting to the samba server.
I noticed with Windows 2008 (presumably the same with Windows 7) that
the network settings for browsing the network neighborhood are a lot
more locked down. I don't think this is a samba issue. On Windows
2008, "Network and Sharing" control panel there is an option for
"network discovery." On of my colleagues reported that he had to make
a similar change at home so his Vista PC could see XP machines.
On 02/25/2010 12:33 PM, Clif Smith wrote:
I'm running 3.4.6 (was running 3.0.28a but upgraded in hopes to fix this issue). Clients
running Windows 7 that are NOT joined to the AD domain (samba authenticates against it
via "security = server") cannot authenticate to access the server. Clients
running Windows 7 that are on the domain as well as Windows XP, Windows 2003 on and off
the domain work as expected.
Any help would be greatly appreciated!
Thanks, Clif
smb.conf:
========================
[global]
workgroup = XXXXXX
netbios name = XXXXXX
security = server
password server = XXXXXX
wins server = XXXXXX
smb passwd file = /etc/samba/smbpasswd
server string = ausfs1
smb ports = 139
lanman auth = no
ntlm auth = no
client ntlmv2 auth = yes
client lanman auth = no
client plaintext auth = no
max protocol = smb2
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
restrict anonymous = 2
local master = no
domain master = no
dns proxy = no
log file = /var/log/samba/%m.log
max log size = 500
log level = 3
syslog = 1
veto files = /.DS_Store/Thumbs.db/
Debug log:
========================
[2010/02/25 11:23:41, 3] smbd/process.c:1459(process_smb)
Transaction 0 of length 159 (0 toread)
[2010/02/25 11:23:41, 3] smbd/process.c:1273(switch_message)
switch message SMBnegprot (pid 3179) conn 0x0
[2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [LANMAN1.0]
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [LM1.2X002]
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [LANMAN2.1]
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [NT LM 0.12]
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [SMB 2.002]
[2010/02/25 11:23:41, 3] smbd/negprot.c:567(reply_negprot)
Requested protocol [SMB 2.???]
[2010/02/25 11:23:41, 3] smbd/negprot.c:387(reply_nt1)
using SPNEGO
[2010/02/25 11:23:41, 3] smbd/negprot.c:672(reply_negprot)
Selected protocol NT LM 0.12
[2010/02/25 11:23:41, 3] smbd/process.c:1459(process_smb)
Transaction 1 of length 142 (0 toread)
[2010/02/25 11:23:41, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 3179) conn 0x0
[2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2010/02/25 11:23:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2010/02/25 11:23:41, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2010/02/25 11:23:41, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2010/02/25 11:23:41, 3] smbd/sesssetup.c:786(reply_spnego_negotiate)
reply_spnego_negotiate: Got secblob of size 40
[2010/02/25 11:23:41, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
[2010/02/25 11:23:41, 3] lib/util_sock.c:1033(open_socket_out_send)
Connecting to XXXXXX at port 445
[2010/02/25 11:23:41, 3] auth/auth_server.c:86(server_cryptkey)
connected to password server XXXXXX
[2010/02/25 11:23:41, 3] auth/auth_server.c:113(server_cryptkey)
got session
[2010/02/25 11:23:41, 3] auth/auth_server.c:149(server_cryptkey)
password server OK
[2010/02/25 11:23:41, 3] auth/auth_server.c:233(auth_get_challenge_server)
using password server validation
[2010/02/25 11:23:41, 3] smbd/process.c:1459(process_smb)
Transaction 2 of length 592 (0 toread)
[2010/02/25 11:23:41, 3] smbd/process.c:1273(switch_message)
switch message SMBsesssetupX (pid 3179) conn 0x0
[2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41, 3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2010/02/25 11:23:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2010/02/25 11:23:41, 3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2010/02/25 11:23:41, 3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2010/02/25 11:23:41, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
Got user=[XXXXXX] domain=[XXXXXX] workstation=[WIN7] len1=24 len2=330
[2010/02/25 11:23:41, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[xxxxxx]\[xxxx...@[win7] with the new password interface
[2010/02/25 11:23:41, 3] auth/auth.c:225(check_ntlm_password)
check_ntlm_password: mapped user is: [xxxxxx]\[xxxx...@[win7]
[2010/02/25 11:23:41, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/02/25 11:23:41, 3] smbd/uid.c:428(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/02/25 11:23:41, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/02/25 11:23:41, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:41, 3] auth/auth_sam.c:282(check_sam_security)
check_sam_security: Couldn't find user 'XXXXXX' in passdb.
[2010/02/25 11:23:41, 3] libsmb/cliconnect.c:1187(cli_session_setup)
cli_session_setup: NT1 session setup failed: NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41, 3] libsmb/cliconnect.c:1187(cli_session_setup)
cli_session_setup: NT1 session setup failed: NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41, 1] auth/auth_server.c:413(check_smbserver_security)
password server XXXXXX rejected the password: NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41, 2] auth/auth.c:320(check_ntlm_password)
check_ntlm_password: Authentication for user [XXXXXX] -> [XXXXXX] FAILED
with error NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:41, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2010/02/25 11:23:54, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/02/25 11:23:54, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2010/02/25 11:23:54, 3] smbd/server.c:845(exit_server_common)
Server exit (failed to receive smb request)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
