NT_STATUS_LOGON_FAILURE
Honza Novacek
konference na cimboraservis.cz
Čtvrtek Duben 28 10:01:24 CEST 2005
Dobrý den,
uspesne jsem z WinNT PDC vampiroval ucty do samby.
Stanice se bez problemu prihlasi na Sambu PDC.
Problem je, ze prihlaseny uzivatel se nedostane do zadneho
sdileneho adresare, ani do sveho domovskeho.
#smbclient -L localhost -U pepa
Password:
Domain=[HKEL] OS=[Unix] Server=[Samba 3.0.10-1.4E]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server 3.0.10-1.4E)
ADMIN$ IPC IPC Service (Samba Server 3.0.10-1.4E)
pepa Disk Home directory of pepa
Domain=[HKEL] OS=[Unix] Server=[Samba 3.0.10-1.4E]
#smbclient //127.0.0.1/pepa -U pepa
spletu heslo
session setup failed: NT_STATUS_LOGON_FAILURE
dam spravne heslo
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
v logu vidim:
[2005/04/28 06:21:56, 0] smbd/service.c:make_connection_snum(620)
'/home/pepa' does not exist or is not a directory, when connecting to [pepa]
Adresar /home/pepa existuje, a ma spravna prava.
ls -l /home/ | grep pepa
drwxrwx--- 2 pepa pepa 4096 dub 27 15:41 pepa
Takto na tom jsou vsichni uzivatele, krome administratora.
[root na linux log]# smbclient //127.0.0.1/administrator -U administrator
Password:
Domain=[HKEL] OS=[Unix] Server=[Samba 3.0.10-1.4E]
smb: \> dir
. D 0 Tue Apr 26 17:49:08 2005
.. D 0 Wed Apr 27 17:36:24 2005
.emacs AH 383 Mon Apr 25 18:31:18 2005
.zshrc AH 658 Mon Apr 25 18:31:18 2005
profile D 0 Tue Apr 26 17:53:47 2005
.bashrc AH 124 Mon Apr 25 18:31:18 2005
.bash_profile AH 191 Mon Apr 25 18:31:18 2005
.bash_logout AH 304 Mon Apr 25 18:31:18 2005
54140 blocks of size 1048576. 48200 blocks available
smb: \>
Toto se mi zacalo dit, kdyz jsem zmenil "passdb backend = tdbsam" z
smbpasswd a provedl vampirovani.
#pdbedit -Lw pepa
pepa:516:D1A9....
#cat /etc/passwd | grep pepa
pepa:x:516:516::/home/pepa:/sbin/nologin
#net groupmap list
smazal jsem duplicitní "Domain Admins", "Domain Users"
a podle SID nechal ty spravne.
#net groupmap modify ntgroup="Domain Admins" unixgroup=root
#net groupmap modify ntgroup="Domain Users" unixgroup=dusers
V /etc/group mam skupinu dusers obsahujici vsechny uzivatele,
a do skupiny root jsem pridal uzivatele administrator
Vyzkousel jsem nasdilet adresar, kteremu jsem na stavil chmod 777,
ale stejne se do nej uzivatel pepa nedostane.
Jeste pridam smb.conf
[global]
workgroup = HKEL
netbios name = LINUX
server string = Samba Server %v
passdb backend = tdbsam
log file = /var/log/samba.%m
max log size = 50
encrypt passwords = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
security = user
domain logons = yes
# Home directories
[homes]
comment = Home Directories
browseable = no
writable = yes
Netusite kde by mohl byt zakopany pes?
Diky,
Honza Novacek
Další informace o konferenci Linux