Samba authentication mystery?

[mauricioramos]

---

List,

things are strange here. We have a PDC (Windows based) that is out from our office and in our local network we have machines (windows xp, some with SP2 and others with SP3) that log in the domain and others don´t. We´ve been using samba just to share some directories in our internal development server. The mystery is that some users have access while others don´t, although they are all created using the same commands/configuration...

useradd -d /home/someuser -g users -m -s /bin/bash someuser smbpasswd -L -a someuser

We can check that they are created in both linux and samba: home directory is there, ssh logins are possible but mapping the shares...no way. Issuing a smbclient command like...

smbclient -L fpwdev04 -U someuser

...shows the expected output (listing of shares defined).

By how far we investigated, things do not seem much logical, since we have Windows XP SP2 in which things work and others not. The same for machines with SP3. This also applies to machines logging or not in the domain.

Actually, we have 4 servers, all running their own samba, with a very similar configuration. The main differences are attributes like "server string", "force user", "guest ok" and the shares themselves. Let´s call it "our main samba" has its "force user" set to "samba" and "guest ok" to "no". The others, have "force user" to "%U" and "guest ok", some to "yes" and others to "no". Since in the "global" section they are all set to...

local master = no
prefered master = no
domain master = no
domain logons = no
wins proxy = no
dns proxy = no
os level = 0

...and we specify the server when we map a share, I do not believe they are competing with each other and causing this behavior.

Have you ever experienced something like that?

Below I paste our smb.conf. If you can help us in anyway, it would be very appreciated! Thanks you all in advance.

[global]

workgroup = workgroup
server string = Development 4 Server
local master = no
prefered master = no
domain master = no
domain logons = no
wins proxy = no
dns proxy = no
os level = 0
smb ports = 139
security = user
passdb backend = smbpasswd:/etc/samba/smbpasswd
encrypt passwords = yes

invalid users = root bin daemon adm lp sync shutdown halt mail news uucp operator games gopher ftp nobody rpm dbus nscd vcsa pcap rpc mailnull smmsp avahi sshd rpcuser nfsnobody haldaemon distcache apache postgres mysql webalizer squid ntp xfs gdm sabayon ais pegasus piranha luci ricci cvs oracle10 ldap ra ca_admin gpo avahi-autoipd csvn trainee vpndial oraclebpa intranet

force user = samba
force group = users
guest ok = no
create mode = 0770
directory mode = 0770
force create mode = 0770
force directory mode = 0770

wins server = 172.26.129.25

load printers = no
guest account = nobody
printcap name = /etc/printcap

username map = /etc/samba/smbusers

[VM]
comment = Virtual Machines Files
path = /data1/home/samba/repository/VM
writeable = yes
browseable = yes
valid users = users (the group users. Had to remove the 'at' to post)
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[Projects]
comment = Projects
path = /data1/home/samba/repository/Projects
writeable = yes
browseable = yes
valid users = users (the group users. Had to remove the 'at' to post)
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[scathefire]

anything in your logs? you may need to add the following line as well to smb.conf:

Code:

log level = 2

its on a scale from 1 to 10. You don't want go higher than 3 really. by not mapping is it saying 'Access Denied' or 'Timeout' or just give you the authentication box over and over again?

alos if you want to see individual hosts, i usually put this line in:

Code:

log file = /var/log/samba/log-%m

[mauricioramos]

Hello Scathefire,

the login box keep on showing again and again and nothing is wrote on the logs. Now, almost all people are able to map and use the shares and the problem seems to be vanished. As there is still one login that is not working, I applied your tips and will be checking the results. Thanks for you feedback!