Sorry for the misleading information. I use censornet and that stopped authenticating to the domain when I did the upgrade to 3.2.x - I thought you might be suffering the same issue.
Jon 2008/9/1 Vinicius Ruoso <[EMAIL PROTECTED]>: > Hi Jon Wilson, > > Really thanks for your fast response. But the "lanman auth = yes" added > to global directive of my smb.conf don't make any effect on smb_auth > authentication process. The response still the same. :( > > Do you have any other idea of what can be done to fix it? > Any hope is very welcome. I'm trying to get this work a long time. > > 8<------------------------------------------------------------------- > The following are the man entry to lanman auth: > It looks like that this option don't affect smbclient requests. > > lanman auth (G) > > This parameter determines whether or not smbd(8) will attempt to > authenticate users or permit password changes using the LANMAN > password hash. If disabled, only clients which support NT password > hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows > 95/98 or the MS DOS network client) will be able to connect to the > Samba host. > > The LANMAN encrypted response is easily broken, due to it´s > case-insensitive nature, and the choice of algorithm. Servers > without Windows 95/98/ME or MS DOS clients are advised to disable > this option. > > Unlike the encrypt passwords option, this parameter cannot alter > client behaviour, and the LANMAN response will still be sent over > the network. See the client lanman auth to disable this for > Samba´s > clients (such as smbclient) > > If this option, and ntlm auth are both disabled, then only NTLMv2 > logins will be permited. Not all clients support NTLMv2, and most > will require special configuration to use it. > > Default: lanman auth = no > > 8<------------------------------------------------------------------- > > > >> Since upgrading to 3.2.x I had to enable >> >> lanman auth = yes >> >> in my smb.conf >> >> (thats from memory - you may want to check the man page) >> >> It fixed it for me. >> >> Jon >> >> >> 2008/8/31 Vinicius Ruoso <[EMAIL PROTECTED]>: >>> Hi samba community. >>> >>> I'm having a problem with the smb_auth authentication method. Everything >>> looks like normal, but everytime I try to use smb_auth it returns ERR. >>> >>> I will show here some commands output to secure that all configuration >>> is >>> correct, and if anyone can help me to investigate what's happend I'll >>> thanks. >>> >>> >>> I'm using: Debian lenny, updated. >>> >>> ii samba 2:3.2.3-1 >>> ii squid 2.7.STABLE3-1 >>> >>> XXXXXXXXXX its the correct password. >>> >>> 8<---------------------------------- >>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d >>> vinicius XXXXXXXXXXX >>> Domain name: SEKPLASTICOS >>> Pass-through authentication: no >>> Query address options: -U 127.0.0.1 -R >>> Domain controller IP address: 10.0.0.1 >>> Domain controller NETBIOS name: SEK >>> Contents of //SEK/NETLOGON/proxyauth: >>> ERR >>> 8<---------------------------------- >>> >>> But, look at the smbclient command. >>> >>> [EMAIL PROTECTED]:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get >>> proxyauth >>> -" >>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3] >>> allow >>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s) >>> >>> Running smb_auth with user "vinicius" don't work too. >>> 8<---------------------------------- >>> >>> Some permission and configs: >>> >>> 8<---------------------------------- >>> The smb_auth permissions >>> >>> sek:/usr/lib/squid# ls -l /usr/lib/squid/ >>> total 284 >>> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth >>> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon >>> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth >>> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check >>> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth >>> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon >>> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth >>> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth >>> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth >>> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth >>> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth >>> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh >>> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth >>> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group >>> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session >>> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group >>> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd >>> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl >>> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth >>> >>> >>> 8<---------------------------------- >>> The SMB configuration >>> >>> sek:/usr/lib/squid# cat /etc/samba/smb.conf >>> # Samba config file created using SWAT >>> # from 192.168.0.2 (192.168.0.2) >>> # Date: 2008/04/04 23:07:20 >>> >>> [global] >>> workgroup = sekplasticos >>> netbios name = sek >>> server string = sek >>> security = user >>> null passwords = No >>> encrypt passwords = true >>> unix password sync = No >>> unix charset = iso8859-1 >>> display charset = cp850 >>> log level = 3 >>> log file = /var/log/samba_log.%u >>> keepalive = 20 >>> socket options = IPTOS_LOWDELAY TCP_NODELAY >>> logon path = \\sek\sysvol\%U >>> logon drive = P >>> domain logons = Yes >>> os level = 100 >>> preferred master = Yes >>> domain master = Yes >>> local master = Yes >>> wins support = Yes >>> ldap ssl = no >>> comment = Servidor Sek >>> admin users = vinicius >>> time server = Yes >>> hosts allow = 127., 192.168.0., 10.0.0. >>> >>> [homes] >>> comment = Pastas dos Usuarios >>> browseable = No >>> writable = Yes >>> create mask = 0600 >>> directory mask = 0700 >>> valid users = %S >>> >>> [netlogon] >>> comment = Compartilhamento de Scripts >>> path = /home/netlogon >>> public = Yes >>> browseable = Yes >>> writable = Yes >>> >>> [sysvol] >>> comment = System Volume >>> path = /home/sysvol >>> writable = Yes >>> guest ok = Yes >>> share modes = No >>> browseable = No >>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/ >>> >>> [publico] >>> comment = publico >>> path = /home/publico >>> guest ok = No >>> writable = Yes >>> create mask = 0644 >>> directory mask = 0777 >>> public = Yes >>> >>> [aplicativos] >>> comment = aplicativos >>> path = /home/aplicativos >>> guest ok = No >>> writable = Yes >>> browseable = Yes >>> create mask = 0600 >>> directory mask = 0700 >>> valid users = gilberto >>> sek:/usr/lib/squid# >>> >>> 8<---------------------------------- >>> The NETLOGON permissions and proxyauth >>> >>> sek:/home/netlogon# ls -l >>> total 4 >>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth >>> sek:/home/netlogon# ls -ld >>> drwxrwxrwx 2 root root 22 Ago 31 17:35 . >>> sek:/home/netlogon# cat proxyauth >>> allow >>> 8<---------------------------------- >>> >>> >>> Really thanks if someone could help me. >>> >>> -- >>> Vinicius Ruoso - [EMAIL PROTECTED] >>> C3SL: http://www.c3sl.ufpr.br >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/listinfo/samba >>> >> > > > -- > Vinicius Ruoso - [EMAIL PROTECTED] > C3SL: http://www.c3sl.ufpr.br > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
