TamMcLaughlin
Technical User
Hello,
I need to migrate my samba 2.2 server to a new server currently running samba 3.0.30 but having authentication problems while testing which I will explain below.
The current config uses SECURITY=share and to make the migration easier, I was planning on sticking with this.
I have users connecting as follows:
1. Unix users access their home directories (mounted via NIS) from a Terminal Services session.
2. Unix and Windows users can access shares from local XP or from a TS session.
The problem I have is this:
1. I can map a drive from within TS to my home directory using the username format as nsuk_unixnew\username and can get access to the share or my home directory.
When I log out and back in again, it tries to map the drive using administrator and I am prompted for a username and password. Incidentally, I had tried this on another samba server running 3.0.10 which did not prompt for a username but connected as guest. I seems that it has forgotten my connection details such as samba domian and tried nobody and then the domain for the older samba server, which does remap drives ok.
You can see my smb.conf file and log extract below but I also wanted to know if there was an easier way set this up, bearing in mind that I have x Gb data to migrate with only a small possibility of some downtime.
So, my requirements are:
1. Data to be shared via NIS
2. Data and home directories to be shared to XP users and users connected to a Terminal Server session.
3. Unix users to have access vi TS and unix
4. Users have a mix of different accounts from ldap, unxix and windows
5. Active Directory has recently been implemented.
In the past I have mapped user IDs from windows->unix but not sure if this would mess up permissions and I have used security = AD.
Would it be possible to use security = AD and authenticate the user with thier windows account and then map those windows users with unix accounts to their unix accounts which would preserve permissions between editing files between unix and windows sessions?
I would love to start again and use ldap ids but my priority is to get the data off an unstable cluster!
Can anyone suggest a stragedy?
samba.conf
-----------
netbios name = tamsbox
security = SHARE
domain master = no
domain logons = no
os level = 33
preferred master = no
wins support = no
wins server = ukwins01
encrypt passwords = no
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
log file:
----------
Domain=[] NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2008/10/15 14:31:59, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1417)
sesssetupX:name=[]\[]@[x.x.x.x]
[2008/10/15 14:31:59, 3] smbd/sesssetup.c:check_guest_password(142)
Got anonymous request
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: []\[]@[]
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: guest authentication for user [] succeeded
get_privileges: No privileges assigned to SID [S-1-5-21-1924543650-2594920533-1176567163-501]
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[nobody]@[x.x.x.x] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[nobody]@[x.x.x.x]
[2008/10/15 14:31:59, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/10/15 14:31:59, 3] smbd/password.c:authorise_login(837)
authorise_login: ACCEPTED: guest account and guest ok (nobody)
[2008/10/15 14:31:59, 3] smbd/service.c:find_service(286)
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:31:59, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:31:59, 3] smbd/msdfs.c:get_referred_path(636)
get_referred_path: |bthmuk| in dfs path \uklnxws01\bthmuk is not a dfs root.
[2008/10/15 14:31:59, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/trans2.c(6307) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
Domain=[NSUK] NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
sesssetupX:name=[NSUK]\[bthmuk]@[x.x.x.x]
[2008/10/15 14:31:59, 3] smbd/sesssetup.c:check_guest_password(142)
Got anonymous request
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: []\[]@[]
check_ntlm_password: guest authentication for user [] succeeded
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:31:59, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[bthmuk]@[x.x.x.x] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[bthmuk]@[x.x.x.x]
[2008/10/15 14:31:59, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [bthmuk] -> [bthmuk] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/10/15 14:31:59, 2] smbd/service.c:make_connection_snum(638)
Invalid username/password for [bthmuk]
[2008/10/15 14:31:59, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[nobody]@[x.x.x.x] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[nobody]@[x.x.x.x]
check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/10/15 14:32:06, 3] smbd/password.c:authorise_login(837)
authorise_login: ACCEPTED: guest account and guest ok (nobody)
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:32:06, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:32:06, 3] smbd/msdfs.c:get_referred_path(636)
get_referred_path: |bthmuk| in dfs path \uklnxws01\bthmuk is not a dfs root.
[2008/10/15 14:32:06, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/trans2.c(6307) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2008/10/15 14:32:06, 3] smbd/oplock.c:init_oplocks(863)
Domain=[NSUK] NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
[2008/10/15 14:32:06, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1417)
sesssetupX:name=[NSUK]\[bthmuk]@[x.x.x.x]
[2008/10/15 14:32:06, 3] smbd/sesssetup.c:check_guest_password(142)
Got anonymous request
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: []\[]@[]
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: guest authentication for user [] succeeded
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:32:06, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[bthmuk]@[x.x.x.x] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[bthmuk]@[x.x.x.x]
check_ntlm_password: authentication for user [bthmuk] -> [bthmuk] -> [bthmuk] succeeded
[2008/10/15 14:32:06, 3] smbd/password.c:authorise_login(787)
authorise_login: ACCEPTED: session list username (bthmuk) and given password ok
Connect path is '/home/bthmuk' for service [bthmuk]
I need to migrate my samba 2.2 server to a new server currently running samba 3.0.30 but having authentication problems while testing which I will explain below.
The current config uses SECURITY=share and to make the migration easier, I was planning on sticking with this.
I have users connecting as follows:
1. Unix users access their home directories (mounted via NIS) from a Terminal Services session.
2. Unix and Windows users can access shares from local XP or from a TS session.
The problem I have is this:
1. I can map a drive from within TS to my home directory using the username format as nsuk_unixnew\username and can get access to the share or my home directory.
When I log out and back in again, it tries to map the drive using administrator and I am prompted for a username and password. Incidentally, I had tried this on another samba server running 3.0.10 which did not prompt for a username but connected as guest. I seems that it has forgotten my connection details such as samba domian and tried nobody and then the domain for the older samba server, which does remap drives ok.
You can see my smb.conf file and log extract below but I also wanted to know if there was an easier way set this up, bearing in mind that I have x Gb data to migrate with only a small possibility of some downtime.
So, my requirements are:
1. Data to be shared via NIS
2. Data and home directories to be shared to XP users and users connected to a Terminal Server session.
3. Unix users to have access vi TS and unix
4. Users have a mix of different accounts from ldap, unxix and windows
5. Active Directory has recently been implemented.
In the past I have mapped user IDs from windows->unix but not sure if this would mess up permissions and I have used security = AD.
Would it be possible to use security = AD and authenticate the user with thier windows account and then map those windows users with unix accounts to their unix accounts which would preserve permissions between editing files between unix and windows sessions?
I would love to start again and use ldap ids but my priority is to get the data off an unstable cluster!
Can anyone suggest a stragedy?
samba.conf
-----------
netbios name = tamsbox
security = SHARE
domain master = no
domain logons = no
os level = 33
preferred master = no
wins support = no
wins server = ukwins01
encrypt passwords = no
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
log file:
----------
Domain=[] NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2008/10/15 14:31:59, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1417)
sesssetupX:name=[]\[]@[x.x.x.x]
[2008/10/15 14:31:59, 3] smbd/sesssetup.c:check_guest_password(142)
Got anonymous request
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: []\[]@[]
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: guest authentication for user [] succeeded
get_privileges: No privileges assigned to SID [S-1-5-21-1924543650-2594920533-1176567163-501]
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[nobody]@[x.x.x.x] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[nobody]@[x.x.x.x]
[2008/10/15 14:31:59, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/10/15 14:31:59, 3] smbd/password.c:authorise_login(837)
authorise_login: ACCEPTED: guest account and guest ok (nobody)
[2008/10/15 14:31:59, 3] smbd/service.c:find_service(286)
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:31:59, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:31:59, 3] smbd/msdfs.c:get_referred_path(636)
get_referred_path: |bthmuk| in dfs path \uklnxws01\bthmuk is not a dfs root.
[2008/10/15 14:31:59, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/trans2.c(6307) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
Domain=[NSUK] NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
sesssetupX:name=[NSUK]\[bthmuk]@[x.x.x.x]
[2008/10/15 14:31:59, 3] smbd/sesssetup.c:check_guest_password(142)
Got anonymous request
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: []\[]@[]
check_ntlm_password: guest authentication for user [] succeeded
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:31:59, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[bthmuk]@[x.x.x.x] with the new password interface
[2008/10/15 14:31:59, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[bthmuk]@[x.x.x.x]
[2008/10/15 14:31:59, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [bthmuk] -> [bthmuk] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/10/15 14:31:59, 2] smbd/service.c:make_connection_snum(638)
Invalid username/password for [bthmuk]
[2008/10/15 14:31:59, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[nobody]@[x.x.x.x] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[nobody]@[x.x.x.x]
check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_LOGON_FAILURE
[2008/10/15 14:32:06, 3] smbd/password.c:authorise_login(837)
authorise_login: ACCEPTED: guest account and guest ok (nobody)
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:32:06, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:32:06, 3] smbd/msdfs.c:get_referred_path(636)
get_referred_path: |bthmuk| in dfs path \uklnxws01\bthmuk is not a dfs root.
[2008/10/15 14:32:06, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/trans2.c(6307) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2008/10/15 14:32:06, 3] smbd/oplock.c:init_oplocks(863)
Domain=[NSUK] NativeOS=[Windows Server 2003 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2]
[2008/10/15 14:32:06, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1417)
sesssetupX:name=[NSUK]\[bthmuk]@[x.x.x.x]
[2008/10/15 14:32:06, 3] smbd/sesssetup.c:check_guest_password(142)
Got anonymous request
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: []\[]@[]
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(270)
check_ntlm_password: guest authentication for user [] succeeded
checking for home directory bthmuk gave /home/bthmuk
[2008/10/15 14:32:06, 3] param/loadparm.c:lp_add_home(2686)
adding home's share [bthmuk] for user 'bthmuk' at '/home/bthmuk'
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user [NSUK_UNIXNEW]\[bthmuk]@[x.x.x.x] with the new password interface
[2008/10/15 14:32:06, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [TAMSBOX]\[bthmuk]@[x.x.x.x]
check_ntlm_password: authentication for user [bthmuk] -> [bthmuk] -> [bthmuk] succeeded
[2008/10/15 14:32:06, 3] smbd/password.c:authorise_login(787)
authorise_login: ACCEPTED: session list username (bthmuk) and given password ok
Connect path is '/home/bthmuk' for service [bthmuk]
