how are you supplying the server with the username from the failing client the username should be sambaservername\username so that the samba server can authenticate against it's local sam.
regards -- Damien Dye BSC(hon) On 5 May 2010 03:01, <[email protected]> wrote: > On 2010-05-04 16:16:49 GMT [email protected] (that's me) wrote: > >>> I think I can run a test using plain, out-of-the-box Vista. Maybe even XP. >>> Will post results when I have them. >> >>It works with out-of-the-box Vista. I'll examine the logs and post what >>falls out tomorrow. > > I compared the log from the successful Vista connect to the one from the > failed connect. Below are several excerpts. Lines that begin with "S" are > from the successful log, and lines that begin with "F" are from the failed > log. I can post the entire log if that will help. > > To reiterate, both client computers are running Vista. The one that cannot > connect (F) is a member of a domain and has security settings pushed down > from the domain controller. It can connect to servers in its domain. The > one that can connect (S) is out-of-the-box Vista and is not a member of a > domain ... it is still in the WORKGROUP workgroup. > > The first notable deviation appears at line 99. (I added the asterisks.) > The F log has "smbd/process.c:smbd_process" while the S log has > "smbd/process.c:process_smb." The next line of the F log suggests that it > is out of input, while the S log indicates it has more process. About 60 > lines later both show a successful authentication. About 50 lines later > (F=235, S=261) we see identical entries about SIDs and permissions. A bit > later, while connecting to the IPC$ service, we see a similar divergence as > at line 99, the F client gets "NT_STATUS_END_OF_FILE" while the S client > keeps on going. > > I hope that is enough to shed some light on this issue, and I hope the > result is a way to connect from the F client without having to modify its > security settings. > > Is there a simpler way to connect, one that does not trip over the > authentication step? Username/password accesses control is sort of overkill > given that the hand full of people who connect will be at the same table > working together. Physical security should be enough. > > > F = failed session > S = successful session > > F 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > F 99 [2010/04/29 15:06:48, 3] smbd/process.c:smbd_process(1930) ********* > F 100 receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting > F 101 [2010/04/29 15:06:48, 3] smbd/sec_ctx.c:set_sec_ctx(324) > F 102 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > F 103 [2010/04/29 15:06:48, 3] smbd/connection.c:yield_connection(31) > F 104 Yielding connection to > F 105 [2010/04/29 15:06:48, 3] smbd/server.c:exit_server_common(974) > F 106 Server exit (normal exit) > > S 98 error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE > S 99 [2010/05/04 15:20:57, 3] smbd/process.c:process_smb(1554) *********** > S 100 Transaction 3 of length 142 (0 toread) > S 101 [2010/05/04 15:20:57, 3] smbd/process.c:switch_message(1378) > S 102 switch message SMBsesssetupX (pid 1180) conn 0x0 > S 103 [2010/05/04 15:20:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) > S 104 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > S 105 [2010/05/04 15:20:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1412) > S 106 wct=12 flg2=0xc807 > S 107 [2010/05/04 15:20:57, 2] smbd/sesssetup.c:setup_new_vc_session(1368) > S 108 setup_new_vc_session: New VC == 0, if NT4.x compatible we would > close all old resources. > > ----- > > F 167 [2010/04/29 15:06:56, 3] auth/auth.c:check_ntlm_password(269) > F 168 check_ntlm_password: sam authentication for user [g8team] succeeded > > S 193 [2010/05/04 15:20:57, 3] auth/auth.c:check_ntlm_password(269) > S 194 check_ntlm_password: sam authentication for user [g8team] succeeded > > ----- > > F 235 [2010/04/29 15:06:56, 3] lib/privileges.c:get_privileges(63) > F 236 get_privileges: No privileges assigned to SID > [S-1-5-21-1265442170-81825414-2419232721-501] > F 237 [2010/04/29 15:06:56, 3] lib/privileges.c:get_privileges(63) > F 238 get_privileges: No privileges assigned to SID [S-1-22-2-1002] > F 239 [2010/04/29 15:06:56, 3] lib/privileges.c:get_privileges(63) > F 240 get_privileges: No privileges assigned to SID [S-1-5-2] > F 241 [2010/04/29 15:06:56, 3] lib/privileges.c:get_privileges(63) > F 242 get_privileges: No privileges assigned to SID [S-1-5-11] > > S 261 [2010/05/04 15:20:57, 3] lib/privileges.c:get_privileges(63) > S 262 get_privileges: No privileges assigned to SID > [S-1-5-21-1265442170-81825414-2419232721-501] > S 263 [2010/05/04 15:20:57, 3] lib/privileges.c:get_privileges(63) > S 264 get_privileges: No privileges assigned to SID [S-1-22-2-1002] > S 265 [2010/05/04 15:20:57, 3] lib/privileges.c:get_privileges(63) > S 266 get_privileges: No privileges assigned to SID [S-1-5-2] > S 267 [2010/05/04 15:20:57, 3] lib/privileges.c:get_privileges(63) > S 268 get_privileges: No privileges assigned to SID [S-1-5-11] > > ----- > > F 346 shafp09wk102123 (10.0.1.10) connect to service IPC$ initially as > user g8team (uid=1002, gid=1002) (pid 1224) > F 347 [2010/04/29 15:06:56, 3] smbd/sec_ctx.c:set_sec_ctx(324) > F 348 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > F 349 [2010/04/29 15:06:56, 3] smbd/reply.c:reply_tcon_and_X(794) > F 350 tconX service=IPC$ > F 351 [2010/04/29 15:06:56, 3] smbd/process.c:smbd_process(1930) > ************* > F 352 receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting > > S 372 g864001 (10.0.1.12) connect to service IPC$ initially as user > g8team (uid=1002, gid=1002) (pid 1180) > S 373 [2010/05/04 15:20:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) > S 374 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > S 375 [2010/05/04 15:20:57, 3] smbd/reply.c:reply_tcon_and_X(794) > S 376 tconX service=IPC$ > S 377 [2010/05/04 15:20:57, 3] smbd/process.c:process_smb(1554) > ************** > S 378 Transaction 6 of length 112 (0 toread) > S 379 [2010/05/04 15:20:57, 3] smbd/process.c:switch_message(1378) > S 380 switch message SMBtrans2 (pid 1180) conn 0x21d66330 > S 381 [2010/05/04 15:20:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) > S 382 setting sec ctx (1002, 1002) - sec_ctx_stack_ndx = 0 > > > > Gary Dunn > Open Slate > Project > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
