Web lists-archives.com

Re: [Samba] User mapping/login issue




On 23/04/19 18:01, Rowland Penny wrote:
On Tue, 23 Apr 2019 15:01:24 +0930
Stephen Davies via samba <samba@xxxxxxxxxxxxxxx> wrote:

There is no ntlm auth entry in smb.conf

Just because you do not have an 'ntlm auth' line in your visible
smb.conf, this does not mean you do not have one, it defaults to 'ntlm
auth = no' which turns off NTLMv1


[global]
      workgroup = BENPARTS
      netbios name = server
      server string = Samba Server %v
      printcap name = cups
      load printers = yes
      printing = cups
      log file = /var/log/samba/log.%m
      max log size = 50
      log level = 4
      guest account = benparts

Do you actually have a user called 'benparts' (which incidentally is
the same as your workgroup) ?

      # Allow users to map to guest:
      map to guest = baduser

It is 'Bad User' not 'baduser'

      security = user
      username level = 8
      preferred master = yes
      name resolve order = host lmhosts wins bcast
      wins support = yes
      preserve case = yes
      dos charset = 850
      unix charset = ISO8859-1
      domain master = yes
      domain logons = yes

Ah, it is a PDC

You could try adding 'server max protocol = NT1'

Rowland


The baduser entry was a recent change where I got confused with my attempts to reconfigure Sendmail to use baduser. Spotted "bad user" in smb.conf and thought it was the same thing. Now fixed.

I have added ntlm auth and server max protocol entries as suggested but now get:

[2019/04/24 11:03:05.885593,  3] ../source3/smbd/negprot.c:419(reply_nt1)
  using SPNEGO
[2019/04/24 11:03:05.885624,  3] ../source3/smbd/negprot.c:761(reply_negprot)
  Selected protocol NT LM 0.12
[2019/04/24 11:03:06.087417,  1] ../source3/smbd/process.c:554(receive_smb_talloc)
receive_smb_raw_talloc failed for client ipv4:10.55.66.82:59271 read error = NT_STATUS_CONNECTION_RESET.

where 10.55.66.82 is the VPN-assigned IP of the windows client.
The firewall accepts all protocols from the VPN.

--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba