samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] Non-domain MFPs cannot access server

[Samba] Non-domain MFPs cannot access server

From: Matt Everson <matt.everson_at_nospam>
Date: Thu Aug 19 2010 - 21:20:32 GMT
To: <samba@lists.samba.org>

I have a Samba 3.4.7 server with ADS authentication. Windows clients
have no issues, but non-domain MFPs cannot access shares, even with
guest ok = yes.

 

The MFPs can scan to a Samba 3.2.7 server, configured with Openfiler.

 

This line is the same on both servers

Got user=[printers] domain=[] workstation=[RNPE96472] len1=24 len2=24

 

This is what comes next on the working, 3.2.7 server:

check_ntlm_password: Checking password for unmapped user
[WCNB]\[printers]@[RNPE96472] with the new password interface

 

This is what comes next from the failing server:

 check_ntlm_password: Checking password for unmapped user
[]\[printers]@[RNPE96472] with the new password interface

 

I have turned on winbind use default domain = yes, as the working server
has.

 

I have tried various username permutations - WCNB\printers,
printers@WCNB. Those names remain whole in the logs, rather than being
split.

 

The printers account appears in getent passwd. The MFPs are Ricoh/Aficio
MP 5000.

 

 

Portion of log level 3 for the device on failing server:

2010/08/19 14:47:03, 3]
smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)

  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]

[2010/08/19 14:47:03, 3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)

  Got user=[printers] domain=[] workstation=[RNPE96472] len1=24 len2=24

[2010/08/19 14:47:03, 3] auth/auth.c:222(check_ntlm_password)

  check_ntlm_password: Checking password for unmapped user
[]\[printers]@[RNPE96472] with the new password interface

[2010/08/19 14:47:03, 3] auth/auth.c:225(check_ntlm_password)

  check_ntlm_password: mapped user is:
[DATASVR2]\[printers]@[RNPE96472]

[2010/08/19 14:47:03, 3] smbd/sec_ctx.c:210(push_sec_ctx)

  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1

[2010/08/19 14:47:03, 3] smbd/uid.c:428(push_conn_ctx)

  push_conn_ctx(0) : conn_ctx_stack_ndx = 0

[2010/08/19 14:47:03, 3] smbd/sec_ctx.c:310(set_sec_ctx)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1

[2010/08/19 14:47:03, 3] smbd/sec_ctx.c:418(pop_sec_ctx)

  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0

[2010/08/19 14:47:03, 3] auth/auth_sam.c:282(check_sam_security)

  check_sam_security: Couldn't find user 'printers' in passdb.

[2010/08/19 14:47:03, 3] auth/auth_winbind.c:54(check_winbind_security)

  check_winbind_security: Not using winbind, requested domain [DATASVR2]
was for this SAM.

[2010/08/19 14:47:03, 2] auth/auth.c:320(check_ntlm_password)

  check_ntlm_password: Authentication for user [printers] -> [printers]
FAILED with error NT_STATUS_NO_SUCH_USER

 

Globals from smb.conf on failing server:

# Samba config file created using SWAT

# from UNKNOWN (192.168.0.23)

# Date: 2010/08/19 14:37:44

 

[global]

        workgroup = WCNB

        realm = WCNB.LOCAL

        server string = Data Server

        security = ADS

        map to guest = Bad User

        obey pam restrictions = Yes

        password server = dc.wcnb.local, *

        pam password change = Yes

        passwd program = /usr/bin/passwd %u

        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

        unix password sync = Yes

        log level = 3

        syslog = 0

        log file = /var/log/samba/log.%m

        max log size = 1000

        server signing = auto

        load printers = No

        local master = No

        domain master = No

        dns proxy = No

        usershare allow guests = Yes

        panic action = /usr/share/samba/panic-action %d

        idmap uid = 1000000-2000000

        idmap gid = 1000000-2000000

        template homedir = /mnt/users/homes/%U

        winbind cache time = 15

        winbind enum users = Yes

        winbind enum groups = Yes

        winbind refresh tickets = Yes

This e-mail and attachment(s) may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copy of this message is strictly prohibited. If received in error, please notify the sender immediately and delete/destroy the message and any copies thereof.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba