Re: Samba problems sharing a drive to W2000 (with usermap and SHARE security)

From: Alan Johnson (adjtech_at_ulster.net)
Date: 08/27/03

  • Next message: Will Cardwell: "Slight Correction- sftp batched command gets mangled" 
    Date: Wed, 27 Aug 2003 16:46:50 -0400

    banzai wrote:
    > Hi Alan
    >
    > Thanks for your response - security - can you tell me where this is set in
    > win2000 ? - I don't think this is the problem as I can map to other samba
    > shares (tru64 unix) with the same client.
    >
    > Correct hashes - can you explain please, I've set smbpasswd up for both
    > users - is this sufficient ?
    >
    >
    > "Alan Johnson" <adjtech@ulster.net> wrote in message
    > news:EJucnbFaopnFdNWiU-KYgg@thebiz.net...
    >
    >>banzai wrote:
    >>
    >>
    >>>Hello
    >>>
    >>>Can anybody help on this one ?
    >>>I'm trying to share a HP-UX filesystem to W2000 clients with SAMBA.
    >>>
    >>>Here is the samba conf file (I'm trying to share out the /support area
    >
    > where
    >
    >>>access is granted only to local user 'support') :
    >>>
    >>># Global parameters
    >>>[global]
    >>> workgroup = EMEA
    >>> netbios name = HPTEMIP1
    >>> server string = Samba Server
    >>> security = SHARE
    >>> username map = /etc/opt/samba/usermap
    >>> log level = 4
    >>> log file = /smblog
    >>> max log size = 1000
    >>> local master = No
    >>> guest account =
    >>> read only = No
    >>> short preserve case = No
    >>> dos filetime resolution = Yes
    >>>
    >>>[support]
    >>> path = /support
    >>> valid users = support
    >>> browseable = No
    >>>
    >>>I want several defined users to be able to come in on the support
    >
    > account so
    >
    >>>I am using a usermap file (at the moment there is just one account
    >
    > 'dasp'
    >
    >>>defined on the remote (win 2000) side to map to 'support' on the hp-ux
    >
    > side.
    >
    >>>( If I can get it to work then I will ad more):
    >>>
    >>># cat usermap
    >>>support = dasp
    >>>#
    >>>
    >>>>From the log file it looks as though the account mapping is working (see
    >>>[2003/08/22 16:00:02, 3] below).
    >>>
    >>>But it then goes on to report:
    >>>
    >>>[2003/08/22 16:00:02, 2] smbd/reply.c:(1016)
    >>> Defaulting to Lanman password for support
    >>>[2003/08/22 16:00:02, 4] smbd/password.c:(593)
    >>> Null passwords not allowed.
    >>>
    >>>The HP-UX node has a local 'support' account and smb account both with
    >
    > the
    >
    >>>same password. As can bee seen from below, authentication is failing
    >
    > from
    >
    >>>'dasp' but I'm not sure of the exact reason why..
    >>>
    >>>TIA
    >>>
    >>>
    >>>
    >>>
    >>>[2003/08/22 16:00:01, 2] smbd/server.c:(907)
    >>> Changed root to /
    >>>[2003/08/22 16:00:01, 3] smbd/oplock.c:(1214)
    >>> open_oplock_ipc: opening loopback UDP socket.
    >>>[2003/08/22 16:00:01, 3] lib/util_sock.c:(813)
    >>> bind succeeded on port 0
    >>>[2003/08/22 16:00:01, 3] smbd/oplock.c:(1244)
    >>> open_oplock ipc: pid = 13958, global_oplock_port = 64352
    >>>[2003/08/22 16:00:01, 4] lib/time.c:(114)
    >>> Serverzone is -3600
    >>>[2003/08/22 16:00:01, 3] smbd/process.c:(846)
    >>> Transaction 0 of length 72
    >>>[2003/08/22 16:00:01, 2] smbd/reply.c:(91)
    >>> netbios connect: name1=HPTEMIP1 name2=DASP01
    >>>[2003/08/22 16:00:01, 2] smbd/reply.c:(110)
    >>> netbios connect: local=hptemip1 remote=dasp01
    >>>[2003/08/22 16:00:01, 3] smbd/process.c:(846)
    >>> Transaction 1 of length 137
    >>>[2003/08/22 16:00:01, 3] smbd/process.c:(685)
    >>> switch message SMBnegprot (pid 13958)
    >>>[2003/08/22 16:00:01, 3] smbd/sec_ctx.c:(328)
    >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >>>[2003/08/22 16:00:01, 3] smbd/negprot.c:(342)
    >>> Requested protocol [PC NETWORK PROGRAM 1.0]
    >>>[2003/08/22 16:00:01, 3] smbd/negprot.c:(342)
    >>> Requested protocol [LANMAN1.0]
    >>>[2003/08/22 16:00:01, 3] smbd/negprot.c:(342)
    >>> Requested protocol [Windows for Workgroups 3.1a]
    >>>[2003/08/22 16:00:01, 3] smbd/negprot.c:(342)
    >>> Requested protocol [LM1.2X002]
    >>>[2003/08/22 16:00:01, 3] smbd/negprot.c:(342)
    >>> Requested protocol [LANMAN2.1]
    >>>[2003/08/22 16:00:01, 3] smbd/negprot.c:(342)
    >>> Requested protocol [NT LM 0.12]
    >>>[2003/08/22 16:00:01, 3] smbd/negprot.c:(426)
    >>> Selected protocol NT LM 0.12
    >>>[2003/08/22 16:00:02, 3] smbd/process.c:(846)
    >>> Transaction 2 of length 155
    >>>[2003/08/22 16:00:02, 3] smbd/process.c:(685)
    >>> switch message SMBsesssetupX (pid 13958)
    >>>[2003/08/22 16:00:02, 3] smbd/sec_ctx.c:(328)
    >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >>>[2003/08/22 16:00:02, 3] smbd/reply.c:(888)
    >>> Domain=[] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000
    >
    > 5.0]
    >
    >>>[2003/08/22 16:00:02, 3] smbd/reply.c:(899)
    >>> sesssetupX:name=[]
    >>>[2003/08/22 16:00:02, 3] smbd/reply.c:(1079)
    >>> No such user [] - using guest account
    >>>[2003/08/22 16:00:02, 1] smbd/reply.c:(1113)
    >>> Username is invalid on this system
    >>>[2003/08/22 16:00:02, 3] smbd/error.c:(94)
    >>> error string = No such file or directory
    >>>[2003/08/22 16:00:02, 3] smbd/error.c:(109)
    >>> error packet at smbd/reply.c(1115) cmd=115 (SMBsesssetupX)
    >>>NT_STATUS_LOGON_FAILURE
    >>>[2003/08/22 16:00:02, 3] smbd/process.c:(846)
    >>> Transaction 3 of length 166
    >>>[2003/08/22 16:00:02, 3] smbd/process.c:(685)
    >>> switch message SMBsesssetupX (pid 13958)
    >>>[2003/08/22 16:00:02, 3] smbd/sec_ctx.c:(328)
    >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >>>[2003/08/22 16:00:02, 3] smbd/reply.c:(888)
    >>> Domain=[EMEA] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000
    >>>5.0]
    >>>[2003/08/22 16:00:02, 3] smbd/reply.c:(899)
    >>> sesssetupX:name=[DasP]
    >>>[2003/08/22 16:00:02, 4] lib/username.c:(139)
    >>> Scanning username map /etc/opt/samba/usermap
    >>>[2003/08/22 16:00:02, 3] lib/username.c:(173)
    >>> Mapped user DasP to support
    >>>[2003/08/22 16:00:02, 2] smbd/reply.c:(1016)
    >>> Defaulting to Lanman password for support
    >>>[2003/08/22 16:00:02, 4] smbd/password.c:(593)
    >>> Null passwords not allowed.
    >>>[2003/08/22 16:00:02, 3] smbd/reply.c:(1073)
    >>> Registered username support for guest access
    >>>[2003/08/22 16:00:02, 3] smbd/process.c:(991)
    >>> Chained message
    >>>[2003/08/22 16:00:02, 3] smbd/process.c:(685)
    >>> switch message SMBtconX (pid 13958)
    >>>[2003/08/22 16:00:02, 3] smbd/sec_ctx.c:(328)
    >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    >>>[2003/08/22 16:00:02, 4] smbd/reply.c:(334)
    >>> Got device type ?????
    >>>[2003/08/22 16:00:02, 4] smbd/password.c:(593)
    >>> Null passwords not allowed.
    >>>[2003/08/22 16:00:02, 2] smbd/service.c:(331)
    >>> Invalid username/password for support []
    >>>[2003/08/22 16:00:02, 3] smbd/error.c:(109)
    >>> error packet at smbd/reply.c(166) cmd=117 (SMBtconX)
    >>>NT_STATUS_WRONG_PASSWORD
    >>>[2003/08/22 16:01:02, 3] smbd/sec_ctx.c:(328)
    >>>
    >>>
    >>>
    >>
    >>You should check to see if in Security settings on the W2000 system "
    >>allow 3rd party SMB servers to use unencrypted passwds" is checked. Do
    >>you have an smbpasswd file with the correct hashes in it?
    >>
    >
    >
    >
    By hashes I mean the correct encrypted passwds, the crypt algorithms are
    not the same for Win as they are for HP. If you can mount up from other
    systems you should be OK. Looking back through the logfile it does not
    look like you have the user in /etc/passwd.

  • Next message: Will Cardwell: "Slight Correction- sftp batched command gets mangled"