Good evening again,
Increasing the log level I found that the expansion is not made because the empty user: [2007/04/27 19:26:57, 3] smbd/process.c:process_smb(1110) Transaction 89 of length 290 [2007/04/27 19:26:57, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 221358) conn 0x0 [2007/04/27 19:26:57, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/27 19:26:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) wct=12 flg2=0xc807 [2007/04/27 19:26:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) Doing spnego session setup [2007/04/27 19:26:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2007/04/27 19:26:57, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[] domain=[] workstation=[BROM900LMLY7HA] len1=1 len2=0 [2007/04/27 19:26:57, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/04/27 19:26:57, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/04/27 19:26:57, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/04/27 19:26:57, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/04/27 19:26:57, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/04/27 19:26:57, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/04/27 19:26:57, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER [2007/04/27 19:26:57, 3] smbd/error.c:error_packet(146) error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2007/04/27 19:26:57, 3] smbd/process.c:process_smb(1110) Transaction 90 of length 90 Could it be a bug in the check_ntlm_password function? Thank you. FlorinT ----- Original Message ---- From: Mauricio Silveira <[EMAIL PROTECTED]> To: Tiucra-Popa Florin Catalin <[EMAIL PROTECTED]> Cc: sambalist <[email protected]> Sent: Friday, April 27, 2007 3:34:01 PM Subject: Re: [Samba] Option valid user not expanded for groups I believe this won't be possible via smb.conf. As far as I know, group names with spaces are invalid under *nix. Try to gather some more information about the use of the net command such as "net groupmap list". I guess you will have to try some ohter way. I've got small knowledge about ADS and SAMBA as BDC. Maybe this auth should be performed by the ADS server or should you try further help about "net ads". Mauricio Tiucra-Popa Florin Catalin wrote: > Hi, > > I have a AIX 5.3 machine with Samba 3.0.24c joined into one Windows 2003 ADS > server OK. > I can request basic information, user lookup, domain lookup(wbinfo, id, net > groupmap). > > When I want to acces the share \\node05\brom from one Windows station I > receive a popup window password. > > In the log of the samba for that machine I found: > > [2007/04/27 10:48:27, 2] auth/auth.c:check_ntlm_password(319) > check_ntlm_password: Authentication for user [] -> [] FAILED with error > NT_ST > ATUS_NO_SUCH_USER > [2007/04/27 10:48:28, 2] auth/auth.c:check_ntlm_password(319) > check_ntlm_password: Authentication for user [] -> [] FAILED with error > NT_ST > ATUS_NO_SUCH_USER > [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old > resources. > [2007/04/27 10:48:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old > resources. > [2007/04/27 10:48:29, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [node05] -> [node05] -> > [TPDCBR+ > node05] succeeded > [2007/04/27 10:48:29, 2] smbd/service.c:make_connection_snum(580) > user 'TPDCBR+node05' (from session setup) not permitted to access this > share ( > brom) > [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(319) > check_ntlm_password: Authentication for user [] -> [] FAILED with error > NT_STATUS_NO_SUCH_USER > [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old resources. > [2007/04/27 10:48:53, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old resources. > [2007/04/27 10:48:53, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [node05] -> [node05] -> > [TPDCBR+node05] succeeded > [2007/04/27 10:48:53, 2] smbd/service.c:make_connection_snum(580) > user 'TPDCBR+node05' (from session setup) not permitted to access this > share (brom) > > My smb.conf looks like: > > [global] > unix charset = LOCALE > workgroup = TPDCBR > realm = TPDCBR.ROM > netbios name = NODE05 > dns proxy = No > server string = NODE05 AIX > security = ads > password server = 10.99.0.4 > encrypt passwords = yes > name resolve order = host > log level = 10 > syslog = 0 > username map = /samba/private/smbusers > log file = /samba/var/log/%m > max log size = 5000 > ldap ssl = no > winbind uid = 10000-59999 > winbind gid = 10000-59999 > idmap uid = 10000-60000 > idmap gid = 10000-60000 > template shell = /bin/ksh > winbind use default domain = Yes > winbind enum users = Yes > winbind enum groups = Yes > winbind nested groups = Yes > winbind separator = + > auth methods = winbind > acl compatibility = win2k > winbind cache time = 10 > bind interfaces only = yes > client use spnego = no > socket address = 10.99.0.201 > allow trusted domains = no > #use kerberos keytab = yes > socket options = TCP_NODELAY > #map acl inherit = Yes > [brom] > comment = inhouse brom > path = /u09/inhouse/brom > read only = No > browseable = yes > #valid users =@"Computers", @"domain users" > valid users = @"domain users" > create mask = 0777 > directory mask = 0777 > force create mode = 0777 > force directory mode = 0777 > > > I also made a test with only one user valid like this: > valid users = TPDCBR.ROM+node05 > and this is working ok. > > Thank you. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
