My global session of smb.conf is as follows:
[global]
dos charset = UTF8
display charset = UTF8
unix charset = UTF8
server schannel=auto
netbios name = NSA1129
write ok = yes
guest account = smbguest
map to guest = bad user
encrypt passwords = yes
map archive = no
client use spnego = no
auth methods = guest sam_ignoredomain winbind:ntdomain
host msdfs = yes
winbind use default domain = yes
workgroup = NAS
security = ads
password server = 172.23.26.204 *
realm = NAS.LOCAL
idmap uid = 100000-500000
idmap gid = 100000-500000
winbind cache time = 15
template homedir = /tmp/users/home/%D/%U
template shell = /bin/bash
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Latrell Wang 王獻綱
Sent: Wednesday, December 13, 2006 1:56 PM
To: [email protected]
Subject: RE: [Samba] Null session problem when mounting share using
domainuseraccount
In samba 3.0.14a, I noticed one item:
* Disable schannel on the LSA and SAMR pipes in winbindd client 1190 code to
deal with Windows 2003 SP1 and Windows 2000 SP4 SR1.
Does the fix related directly to my problem. The detailed debug message of
smbmount is as follows:
[EMAIL PROTECTED]:~# smbmount //localhost/dd /mnt -o
username=latrell1,password=1234qwer,debug=9
mount.smbfs started (version 3.0.21c)
added interface ip=172.23.26.67 bcast=172.23.26.255 nmask=255.255.255.0
Opening cache file at /etc/zyxel/samba/gencache.tdb
name localhost#20 found.
Connecting to 127.0.0.1 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option TCP_KEEPCNT = 9
socket option TCP_KEEPIDLE = 7200
socket option TCP_KEEPINTVL = 75
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 50160
socket option SO_RCVBUF = 87378
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
24240: session request ok
write_socket(4,183)
write_socket(4,183) wrote 183
size=85
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=24240
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=45312 (0xB100)
smb_vwv[ 8]= 94 (0x5E)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=32768 (0x8000)
smb_vwv[12]=17990 (0x4646)
smb_vwv[13]=31267 (0x7A23)
smb_vwv[14]=50974 (0xC71E)
smb_vwv[15]= 1 (0x1)
smb_vwv[16]= 2048 (0x800)
smb_bcc=16
size=85
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=24240
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=45312 (0xB100)
smb_vwv[ 8]= 94 (0x5E)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=32768 (0x8000)
smb_vwv[12]=17990 (0x4646)
smb_vwv[13]=31267 (0x7A23)
smb_vwv[14]=50974 (0xC71E)
smb_vwv[15]= 1 (0x1)
smb_vwv[16]= 2048 (0x800)
smb_bcc=16
write_socket(4,137)
write_socket(4,137) wrote 137
size=64
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=16385
smb_tid=0
smb_pid=24240
smb_uid=100
smb_mid=2
smt_wct=3
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 1 (0x1)
smb_bcc=23
24240: session setup ok
write_socket(4,69)
write_socket(4,69) wrote 69
size=35
smb_com=0x75
smb_rcls=1
smb_reh=0
smb_err=5
smb_flg=136
smb_flg2=1
smb_tid=0
smb_pid=24240
smb_uid=100
smb_mid=3
smt_wct=0
smb_bcc=0
24240: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed
Latrell.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Latrell Wang 王獻綱
Sent: Tuesday, December 12, 2006 7:12 PM
To: [email protected]
Subject: [Samba] Null session problem when mounting share using domain
useraccount
Hi all:
As far as I know, windows 2003 sp1 restricts anonymous access to samr and
lsarpc. On windows 2003, everyone group does not include anonymous logon, thus
anonymous enumeration can’t be achieved unless anonymous logon is a member of
pre-windows 2000 compatible group. I think this is the reason why smbmount
using domain user account failed. The error message is as follows:
26520: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed
The packets showed that “STATUS_ACCESS_DENIED” in SamrConnect2 request and
reply. If anonymous logon belongs to pre-windows 2000 compatible group,
smbmount ran successfully.
Will samba work around this issue?
Thanks for the replies.
Latrell.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
