Hi, I posted a similar question a few days before. I'm still confused what might be wrong with my config. Setup: - update from Samaba 2.2.12 to 3.0.10 - Solaris 8 Server - server is not a domain (EMEA) member, and it's not possible to add the server to the EMEA domain :(- server is only in workgroup ERS (our department, no DC, only a few hosts). - no winbind - authentification happens agains the EMEA domain password server, where each local unix user has a valid account- mapping of some unix accounts via username map
Extract of the smb.conf [global] workgroup = ERS netbios name = SAMBASERVER encrypt passwords = Yes username map = /etc/samba/smbusers security = server password server = PASSWORDSERVER smbusers file rg=ralfgro This worked without a problem till 2.2.12. Since 3.0.10 (tried 3.0.11.pre1 too) the 'wrong' domain/workgroup is passed to the password server for authentification. I tried smbclient //sambaserver/ralfgro -U RALFGRO -W EMEA part of the smbd debug output: ... Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [MICROSOFT NETWORKS 1.03] Requested protocol [MICROSOFT NETWORKS 3.0] Requested protocol [LANMAN1.0] Requested protocol [LM1.2X002] Requested protocol [DOS LANMAN2.1] Requested protocol [Samba] using SPNEGO Selected protocol NT LANMAN 1.0 Transaction 1 of length 164 switch message SMBsesssetupX (pid 26508) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc801 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 44 Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH Connecting to PASSWORDSERVERIP at port 445 error connecting to PASSWORDSERVERIP:445 (Verbindungsaufbau abgelehnt) Connecting to PASSWORDSERVERIP at port 139 connected to password server PASSWORDSERVER got session password server OK using password server validation Transaction 2 of length 264 switch message SMBsesssetupX (pid 26508) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 wct=12 flg2=0xc801 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] Got user=[ralfgro] domain=[EMEA] workstation=[CLIENT] len1=24 len2=24 Scanning username map /etc/samba/smbusers Mapped user ralfgro to rg get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: PASSWORDSERVER:0 enumerate_domain_trusts: can't locate a DC for domain ERS check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interfacecheck_ntlm_password: mapped user is: [EMAIL PROTECTED] password server PASSWORDSERVER rejected the password check_ntlm_password: Authentication for user [ralfgro] -> [rg] FAILED with error NT_STATUS_LOGON_FAILUREtimeout_processing: End of file from client (client has disconnected). ... ethereal trace ---> Samba 2.2.12 Session Setup AndX Request, User: EMEA\RALFGRO Account: RALFGRO Primary Domain: EMEA ---> Samba 3.0.10 Session Setup AndX Request, User: ERS\RALFGRO Account: RALFGRO Primary Domain: ERS I can see that the mapping via the smbuser file is working, but why is samba 3.0.10 passing domain ERS insted of EMEA to the password server? Is it not possible to do these things in 3.0.10? What do I have to change to get this working in samba 3.x? Any ideas? I'm a bit lost at the moment. Our samba 2.x config was nice, simple and just working. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
