Public share demands password! - SMB

This is a discussion on Public share demands password! - SMB ; Hi - A customer has a number of systems each consisting of a Win NT4SP6 server and an AIX4.3 server running samba 2.0.7. Smb.conf contains security = server password server = hosts allow = 127. guest account = nobody (this ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Public share demands password!

  1. Public share demands password!

    Hi -

    A customer has a number of systems each consisting of a Win NT4SP6
    server and an AIX4.3 server running samba 2.0.7. Smb.conf contains

    security = server
    password server =
    hosts allow = 127.
    guest account = nobody (this account exists ok)
    plus the usual stuff

    A public share is declared with
    writeable = yes
    guest ok = yes

    (There's also a private share that I won't go into. Let's fix the
    public one.)

    All had been working fine for a couple of years until recently, on one
    system, NT users could no longer connect to the public share (or the
    private share), but were asked for a "connect as" and a password, no
    values of which would work.

    Nobody can think of anything that's changed, though logic strongly
    suggests that something must have (apart from the weather).

    I've checked that smb.conf is identical to a working system (except
    for ip addresses, which are correct), and the user map (which does get
    edited by a script) is valid. Both servers have been rebooted, and
    Samba must be getting sick of kill -1's. From the AIX server, I *can*
    connect to the share at localhost with smbclient. Also, if I change
    "security" to "share", I can then connect from NT.

    Turning debug level up to 3 shows different patterns on the faulty and
    a working system. Though not easy to reconcile, they seem to show a
    working system granting access to the share without reference to the
    password server, whereas the faulty system seems to make an
    unsuccessful password server call.

    I've run out of things to try. Any suggestions?

    Thanks in advance - Philip

  2. Re: Public share demands password!

    Still struggling with this. The NT security event log shows a password
    failure event saying "User not granted requested logon type at this
    machine". Yet this is a domain user who can do the same at other
    sites. Why won't NT validate him? The logfile is appended (IP
    addresses etc altered).

    Ta - Philip

    [2004/01/28 11:55:09, 1] smbd/server.c:main(641)
    smbd version 2.0.7 started.
    Copyright Andrew Tridgell 1992-1998
    doing parameter max log size = 50
    doing parameter security = server
    doing parameter password server = 10.0.4.28
    doing parameter socket options = TCP_NODELAY
    doing parameter follow symlinks = no
    doing parameter username map = /usr/local/lib/smb.usermap
    [2004/01/28 11:55:09, 2] param/loadparm.c:do_section(2481)
    Processing section "[logfiles]"
    doing parameter comment = log files
    doing parameter path = /user/logs
    doing parameter writeable = yes
    doing parameter guest ok = yes
    [2004/01/28 11:55:09, 2] param/loadparm.c:do_section(2481)
    Processing section "[archive]"
    doing parameter comment = Audit archive share
    doing parameter path = /archive
    doing parameter valid users = archive
    doing parameter writeable = yes
    doing parameter public = no
    [2004/01/28 11:55:09, 3] param/loadparm.c:lp_load(2805)
    pm_process() returned Yes
    [2004/01/28 11:55:09, 3] param/loadparm.c:lp_add_ipc(1594)
    adding IPC service
    [2004/01/28 11:55:09, 2] lib/interface.c:add_interface(83)
    added interface ip=10.0.4.27 bcast=10.0.31.255 nmask=255.255.224.0
    [2004/01/28 11:55:09, 3] lib/interface.c:add_interface(63)
    not adding duplicate interface 10.0.4.27
    [2004/01/28 11:55:09, 3] lib/interface.c:add_interface(63)
    not adding duplicate interface 10.0.4.27
    [2004/01/28 11:55:09, 3] lib/interface.c:add_interface(63)
    not adding duplicate interface 10.0.4.27
    [2004/01/28 11:55:09, 3] smbd/server.c:main(704)
    loaded services
    [2004/01/28 11:55:09, 3] smbd/server.c:main(712)
    Becoming a daemon.
    [2004/01/28 11:55:09, 3] lib/util_sock.cpen_socket_in(875)
    bind succeeded on port 139
    [2004/01/28 11:55:09, 2] smbd/server.cpen_sockets(181)
    waiting for a connection

    [2004/01/28 11:55:57, 4] locking/shmem_sysv.c:sysv_shm_open(547)
    Trying sysv shmem open of size 1048576
    [2004/01/28 11:55:57, 3] locking/shmem_sysv.c:sysv_shm_open(707)
    Initialised IPC area of size 1048576
    [2004/01/28 11:55:57, 2] smbd/server.c:main(746)
    Changed root to /
    [2004/01/28 11:55:57, 3] smbd/oplock.cpen_oplock_ipc(86)
    open_oplock_ipc: opening loopback UDP socket.
    [2004/01/28 11:55:58, 3] lib/util_sock.cpen_socket_in(875)
    bind succeeded on port 0
    [2004/01/28 11:55:58, 3] smbd/oplock.cpen_oplock_ipc(114)
    open_oplock ipc: pid = 24016, global_oplock_port = 32811
    [2004/01/28 11:55:58, 4] lib/time.c:TimeInit(110)
    Serverzone is 0
    [2004/01/28 11:55:58, 2] lib/access.c:check_access(258)
    Allowed connection from WOTUSERS2 (10.0.4.28)
    [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    Transaction 0 of length 72
    [2004/01/28 11:55:58, 2] smbd/reply.c:reply_special(97)
    netbios connect: name1=WOTUSERS1 name2=WOTUSERS2
    [2004/01/28 11:55:58, 2] smbd/connection.c:utmp_claim(560)
    utmp_claim: conn NULL
    [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    Transaction 1 of length 174
    [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    switch message SMBnegprot (pid 24016)
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [PC NETWORK PROGRAM 1.0]
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [XENIX CORE]
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [MICROSOFT NETWORKS 1.03]
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [LANMAN1.0]
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [Windows for Workgroups 3.1a]
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [LM1.2X002]
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [LANMAN2.1]
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    Requested protocol [NT LM 0.12]
    [2004/01/28 11:55:58, 3] lib/util_sock.cpen_socket_out(907)
    Connecting to 10.0.4.28 at port 139
    [2004/01/28 11:55:58, 3] smbd/password.c:server_cryptkey(1018)
    connected to password server 10.0.4.28
    [2004/01/28 11:55:58, 3] smbd/password.c:server_cryptkey(1033)
    got session
    [2004/01/28 11:55:58, 3] smbd/password.c:server_cryptkey(1048)
    password server OK
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_nt1(184)
    using password server validation
    [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(424)
    Selected protocol NT LM 0.12
    [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    Transaction 2 of length 136
    [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    switch message SMBsesssetupX (pid 24016)
    [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(805)
    Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[]
    [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(809)
    sesssetupX:name=[]
    [2004/01/28 11:55:58, 4] lib/username.c:map_username(91)
    Scanning username map /usr/local/lib/smb.usermap
    [2004/01/28 11:55:58, 3] smbd/password.c:setup_groups(192)
    nobody is in 1 groups: -2
    [2004/01/28 11:55:58, 3] smbd/password.c:register_vuid(270)
    uid -2 registered to name nobody
    [2004/01/28 11:55:58, 3] smbd/password.c:register_vuid(272)
    Clearing default real name
    [2004/01/28 11:55:58, 3] smbd/process.c:chain_reply(775)
    Chained message
    [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    switch message SMBtconX (pid 24016)
    [2004/01/28 11:55:58, 4] smbd/reply.c:reply_tcon_and_X(311)
    Got device type ?????
    [2004/01/28 11:55:58, 2] lib/access.c:check_access(258)
    Allowed connection from WOTUSERS2 (10.0.4.28)
    [2004/01/28 11:55:58, 3] smbd/password.c:authorise_login(816)
    ACCEPTED: guest account and guest ok
    [2004/01/28 11:55:58, 3] smbd/service.c:make_connection(441)
    Connect path is /tmp
    [2004/01/28 11:55:58, 3] lib/doscalls.c:dos_ChDir(342)
    dos_ChDir to /tmp
    [2004/01/28 11:55:58, 3] smbd/service.c:make_connection(550)
    WOTUSERs2 (10.0.4.28) connect to service IPC$ as user nobody
    (uid=-2, gid=-2) (pid 24016)
    [2004/01/28 11:55:58, 3] lib/doscalls.c:dos_ChDir(342)
    dos_ChDir to /usr/local/lib
    [2004/01/28 11:55:58, 3] smbd/reply.c:reply_tcon_and_X(358)
    tconX service=ipc$ user=nobody
    [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    Transaction 3 of length 197
    [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    switch message SMBsesssetupX (pid 24016)
    [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(805)
    Domain=[USASII] NativeOS=[Windows NT 1381] NativeLanMan=[]
    [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(809)
    sesssetupX:name=[gw20644]
    [2004/01/28 11:55:58, 4] lib/username.c:map_username(91)
    Scanning username map /usr/local/lib/smb.usermap
    [2004/01/28 11:55:58, 3] lib/username.c:map_username(124)
    Mapped user gw20644 to archive
    [2004/01/28 11:56:01, 1] smbd/password.c:server_validate(1137)
    password server 10.0.4.28 rejected the password
    [2004/01/28 11:56:01, 4] passdb/smbpass.c:getsmbfilepwent(254)
    getsmbfilepwent: end of file reached
    [2004/01/28 11:56:01, 1] smbd/password.cass_check_smb(500)
    Couldn't find user 'archive' in smb_passwd file.
    [2004/01/28 11:56:01, 2] smbd/reply.c:reply_sesssetup_and_X(914)
    NT Password did not match for user 'archive' ! Defaulting to Lanman
    [2004/01/28 11:56:01, 4] passdb/smbpass.c:getsmbfilepwent(254)
    getsmbfilepwent: end of file reached
    [2004/01/28 11:56:01, 1] smbd/password.cass_check_smb(500)
    Couldn't find user 'archive' in smb_passwd file.
    [2004/01/28 11:56:01, 1] smbd/reply.c:reply_sesssetup_and_X(925)
    Rejecting user 'archive': authentication failed
    [2004/01/28 11:56:01, 3] smbd/error.c:error_packet(127)
    32 bit error packet at line 639 cmd=115 (SMBsesssetupX)
    eclass=c000006d [Error: Unknown error (109,49152)]
    [2004/01/28 11:56:01, 3] smbd/error.c:error_packet(143)
    error string = Result too large



    p.j.le.r@virgin.net (Philip Le Riche) wrote in message news:<705712dd.0401260836.11a14150@posting.google.com>...
    > Hi -
    >
    > A customer has a number of systems each consisting of a Win NT4SP6
    > server and an AIX4.3 server running samba 2.0.7. Smb.conf contains
    >
    > security = server
    > password server =
    > hosts allow = 127.
    > guest account = nobody (this account exists ok)
    > plus the usual stuff
    >
    > A public share is declared with
    > writeable = yes
    > guest ok = yes
    >
    > (There's also a private share that I won't go into. Let's fix the
    > public one.)
    >
    > All had been working fine for a couple of years until recently, on one
    > system, NT users could no longer connect to the public share (or the
    > private share), but were asked for a "connect as" and a password, no
    > values of which would work.
    >
    > Nobody can think of anything that's changed, though logic strongly
    > suggests that something must have (apart from the weather).
    >
    > I've checked that smb.conf is identical to a working system (except
    > for ip addresses, which are correct), and the user map (which does get
    > edited by a script) is valid. Both servers have been rebooted, and
    > Samba must be getting sick of kill -1's. From the AIX server, I *can*
    > connect to the share at localhost with smbclient. Also, if I change
    > "security" to "share", I can then connect from NT.
    >
    > Turning debug level up to 3 shows different patterns on the faulty and
    > a working system. Though not easy to reconcile, they seem to show a
    > working system granting access to the share without reference to the
    > password server, whereas the faulty system seems to make an
    > unsuccessful password server call.
    >
    > I've run out of things to try. Any suggestions?
    >
    > Thanks in advance - Philip


  3. Re: Public share demands password!

    Sorted!

    For the record, the NT security event log entry was the clue. In User
    Manager for Domains, under Policies - User Rights, the policy "Access
    this computer from the network" should have been assigned to groups
    including the user that Samba was trying to validate. These groups had
    somehow got lost. Without this, NT was rightly refusing to validate
    users for network access.

    - Philip

    p.j.le.r@virgin.net (Philip Le Riche) wrote in message news:<705712dd.0401280649.44c6b1ef@posting.google.com>...
    > Still struggling with this. The NT security event log shows a password
    > failure event saying "User not granted requested logon type at this
    > machine". Yet this is a domain user who can do the same at other
    > sites. Why won't NT validate him? The logfile is appended (IP
    > addresses etc altered).
    >
    > Ta - Philip
    >
    > [2004/01/28 11:55:09, 1] smbd/server.c:main(641)
    > smbd version 2.0.7 started.
    > Copyright Andrew Tridgell 1992-1998
    > doing parameter max log size = 50
    > doing parameter security = server
    > doing parameter password server = 10.0.4.28
    > doing parameter socket options = TCP_NODELAY
    > doing parameter follow symlinks = no
    > doing parameter username map = /usr/local/lib/smb.usermap
    > [2004/01/28 11:55:09, 2] param/loadparm.c:do_section(2481)
    > Processing section "[logfiles]"
    > doing parameter comment = log files
    > doing parameter path = /user/logs
    > doing parameter writeable = yes
    > doing parameter guest ok = yes
    > [2004/01/28 11:55:09, 2] param/loadparm.c:do_section(2481)
    > Processing section "[archive]"
    > doing parameter comment = Audit archive share
    > doing parameter path = /archive
    > doing parameter valid users = archive
    > doing parameter writeable = yes
    > doing parameter public = no
    > [2004/01/28 11:55:09, 3] param/loadparm.c:lp_load(2805)
    > pm_process() returned Yes
    > [2004/01/28 11:55:09, 3] param/loadparm.c:lp_add_ipc(1594)
    > adding IPC service
    > [2004/01/28 11:55:09, 2] lib/interface.c:add_interface(83)
    > added interface ip=10.0.4.27 bcast=10.0.31.255 nmask=255.255.224.0
    > [2004/01/28 11:55:09, 3] lib/interface.c:add_interface(63)
    > not adding duplicate interface 10.0.4.27
    > [2004/01/28 11:55:09, 3] lib/interface.c:add_interface(63)
    > not adding duplicate interface 10.0.4.27
    > [2004/01/28 11:55:09, 3] lib/interface.c:add_interface(63)
    > not adding duplicate interface 10.0.4.27
    > [2004/01/28 11:55:09, 3] smbd/server.c:main(704)
    > loaded services
    > [2004/01/28 11:55:09, 3] smbd/server.c:main(712)
    > Becoming a daemon.
    > [2004/01/28 11:55:09, 3] lib/util_sock.cpen_socket_in(875)
    > bind succeeded on port 139
    > [2004/01/28 11:55:09, 2] smbd/server.cpen_sockets(181)
    > waiting for a connection
    >
    > [2004/01/28 11:55:57, 4] locking/shmem_sysv.c:sysv_shm_open(547)
    > Trying sysv shmem open of size 1048576
    > [2004/01/28 11:55:57, 3] locking/shmem_sysv.c:sysv_shm_open(707)
    > Initialised IPC area of size 1048576
    > [2004/01/28 11:55:57, 2] smbd/server.c:main(746)
    > Changed root to /
    > [2004/01/28 11:55:57, 3] smbd/oplock.cpen_oplock_ipc(86)
    > open_oplock_ipc: opening loopback UDP socket.
    > [2004/01/28 11:55:58, 3] lib/util_sock.cpen_socket_in(875)
    > bind succeeded on port 0
    > [2004/01/28 11:55:58, 3] smbd/oplock.cpen_oplock_ipc(114)
    > open_oplock ipc: pid = 24016, global_oplock_port = 32811
    > [2004/01/28 11:55:58, 4] lib/time.c:TimeInit(110)
    > Serverzone is 0
    > [2004/01/28 11:55:58, 2] lib/access.c:check_access(258)
    > Allowed connection from WOTUSERS2 (10.0.4.28)
    > [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    > Transaction 0 of length 72
    > [2004/01/28 11:55:58, 2] smbd/reply.c:reply_special(97)
    > netbios connect: name1=WOTUSERS1 name2=WOTUSERS2
    > [2004/01/28 11:55:58, 2] smbd/connection.c:utmp_claim(560)
    > utmp_claim: conn NULL
    > [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    > Transaction 1 of length 174
    > [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    > switch message SMBnegprot (pid 24016)
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [PC NETWORK PROGRAM 1.0]
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [XENIX CORE]
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [MICROSOFT NETWORKS 1.03]
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [LANMAN1.0]
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [Windows for Workgroups 3.1a]
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [LM1.2X002]
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [LANMAN2.1]
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(341)
    > Requested protocol [NT LM 0.12]
    > [2004/01/28 11:55:58, 3] lib/util_sock.cpen_socket_out(907)
    > Connecting to 10.0.4.28 at port 139
    > [2004/01/28 11:55:58, 3] smbd/password.c:server_cryptkey(1018)
    > connected to password server 10.0.4.28
    > [2004/01/28 11:55:58, 3] smbd/password.c:server_cryptkey(1033)
    > got session
    > [2004/01/28 11:55:58, 3] smbd/password.c:server_cryptkey(1048)
    > password server OK
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_nt1(184)
    > using password server validation
    > [2004/01/28 11:55:58, 3] smbd/negprot.c:reply_negprot(424)
    > Selected protocol NT LM 0.12
    > [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    > Transaction 2 of length 136
    > [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    > switch message SMBsesssetupX (pid 24016)
    > [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(805)
    > Domain=[] NativeOS=[Windows NT 1381] NativeLanMan=[]
    > [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(809)
    > sesssetupX:name=[]
    > [2004/01/28 11:55:58, 4] lib/username.c:map_username(91)
    > Scanning username map /usr/local/lib/smb.usermap
    > [2004/01/28 11:55:58, 3] smbd/password.c:setup_groups(192)
    > nobody is in 1 groups: -2
    > [2004/01/28 11:55:58, 3] smbd/password.c:register_vuid(270)
    > uid -2 registered to name nobody
    > [2004/01/28 11:55:58, 3] smbd/password.c:register_vuid(272)
    > Clearing default real name
    > [2004/01/28 11:55:58, 3] smbd/process.c:chain_reply(775)
    > Chained message
    > [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    > switch message SMBtconX (pid 24016)
    > [2004/01/28 11:55:58, 4] smbd/reply.c:reply_tcon_and_X(311)
    > Got device type ?????
    > [2004/01/28 11:55:58, 2] lib/access.c:check_access(258)
    > Allowed connection from WOTUSERS2 (10.0.4.28)
    > [2004/01/28 11:55:58, 3] smbd/password.c:authorise_login(816)
    > ACCEPTED: guest account and guest ok
    > [2004/01/28 11:55:58, 3] smbd/service.c:make_connection(441)
    > Connect path is /tmp
    > [2004/01/28 11:55:58, 3] lib/doscalls.c:dos_ChDir(342)
    > dos_ChDir to /tmp
    > [2004/01/28 11:55:58, 3] smbd/service.c:make_connection(550)
    > WOTUSERs2 (10.0.4.28) connect to service IPC$ as user nobody
    > (uid=-2, gid=-2) (pid 24016)
    > [2004/01/28 11:55:58, 3] lib/doscalls.c:dos_ChDir(342)
    > dos_ChDir to /usr/local/lib
    > [2004/01/28 11:55:58, 3] smbd/reply.c:reply_tcon_and_X(358)
    > tconX service=ipc$ user=nobody
    > [2004/01/28 11:55:58, 3] smbd/process.crocess_smb(618)
    > Transaction 3 of length 197
    > [2004/01/28 11:55:58, 3] smbd/process.c:switch_message(448)
    > switch message SMBsesssetupX (pid 24016)
    > [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(805)
    > Domain=[USASII] NativeOS=[Windows NT 1381] NativeLanMan=[]
    > [2004/01/28 11:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(809)
    > sesssetupX:name=[gw20644]
    > [2004/01/28 11:55:58, 4] lib/username.c:map_username(91)
    > Scanning username map /usr/local/lib/smb.usermap
    > [2004/01/28 11:55:58, 3] lib/username.c:map_username(124)
    > Mapped user gw20644 to archive
    > [2004/01/28 11:56:01, 1] smbd/password.c:server_validate(1137)
    > password server 10.0.4.28 rejected the password
    > [2004/01/28 11:56:01, 4] passdb/smbpass.c:getsmbfilepwent(254)
    > getsmbfilepwent: end of file reached
    > [2004/01/28 11:56:01, 1] smbd/password.cass_check_smb(500)
    > Couldn't find user 'archive' in smb_passwd file.
    > [2004/01/28 11:56:01, 2] smbd/reply.c:reply_sesssetup_and_X(914)
    > NT Password did not match for user 'archive' ! Defaulting to Lanman
    > [2004/01/28 11:56:01, 4] passdb/smbpass.c:getsmbfilepwent(254)
    > getsmbfilepwent: end of file reached
    > [2004/01/28 11:56:01, 1] smbd/password.cass_check_smb(500)
    > Couldn't find user 'archive' in smb_passwd file.
    > [2004/01/28 11:56:01, 1] smbd/reply.c:reply_sesssetup_and_X(925)
    > Rejecting user 'archive': authentication failed
    > [2004/01/28 11:56:01, 3] smbd/error.c:error_packet(127)
    > 32 bit error packet at line 639 cmd=115 (SMBsesssetupX)
    > eclass=c000006d [Error: Unknown error (109,49152)]
    > [2004/01/28 11:56:01, 3] smbd/error.c:error_packet(143)
    > error string = Result too large
    >
    >
    >
    > p.j.le.r@virgin.net (Philip Le Riche) wrote in message news:<705712dd.0401260836.11a14150@posting.google.com>...
    > > Hi -
    > >
    > > A customer has a number of systems each consisting of a Win NT4SP6
    > > server and an AIX4.3 server running samba 2.0.7. Smb.conf contains
    > >
    > > security = server
    > > password server =
    > > hosts allow = 127.
    > > guest account = nobody (this account exists ok)
    > > plus the usual stuff
    > >
    > > A public share is declared with
    > > writeable = yes
    > > guest ok = yes
    > >
    > > (There's also a private share that I won't go into. Let's fix the
    > > public one.)
    > >
    > > All had been working fine for a couple of years until recently, on one
    > > system, NT users could no longer connect to the public share (or the
    > > private share), but were asked for a "connect as" and a password, no
    > > values of which would work.
    > >
    > > Nobody can think of anything that's changed, though logic strongly
    > > suggests that something must have (apart from the weather).
    > >
    > > I've checked that smb.conf is identical to a working system (except
    > > for ip addresses, which are correct), and the user map (which does get
    > > edited by a script) is valid. Both servers have been rebooted, and
    > > Samba must be getting sick of kill -1's. From the AIX server, I *can*
    > > connect to the share at localhost with smbclient. Also, if I change
    > > "security" to "share", I can then connect from NT.
    > >
    > > Turning debug level up to 3 shows different patterns on the faulty and
    > > a working system. Though not easy to reconcile, they seem to show a
    > > working system granting access to the share without reference to the
    > > password server, whereas the faulty system seems to make an
    > > unsuccessful password server call.
    > >
    > > I've run out of things to try. Any suggestions?
    > >
    > > Thanks in advance - Philip


+ Reply to Thread