NT_STATUS_LOGON_FAILURE

Honza Novacek konference na cimboraservis.cz
Čtvrtek Duben 28 10:01:24 CEST 2005 

Dobrý den,
   uspesne jsem z WinNT PDC vampiroval ucty do samby.

   Stanice se bez problemu prihlasi na Sambu PDC.

   Problem je, ze prihlaseny uzivatel se nedostane do zadneho
   sdileneho adresare, ani do sveho domovskeho.

   #smbclient -L localhost -U pepa
   Password:
   Domain=[HKEL] OS=[Unix] Server=[Samba 3.0.10-1.4E]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (Samba Server 3.0.10-1.4E)
        ADMIN$          IPC       IPC Service (Samba Server 3.0.10-1.4E)
        pepa            Disk      Home directory of pepa
   Domain=[HKEL] OS=[Unix] Server=[Samba 3.0.10-1.4E]


   #smbclient //127.0.0.1/pepa -U pepa
   spletu heslo
   session setup failed: NT_STATUS_LOGON_FAILURE

   dam spravne heslo
   tree connect failed: NT_STATUS_BAD_NETWORK_NAME

   v logu vidim:
   [2005/04/28 06:21:56, 0] smbd/service.c:make_connection_snum(620)
  '/home/pepa' does not exist or is not a directory, when connecting to [pepa]

   Adresar /home/pepa existuje, a ma spravna prava.

   ls -l /home/ | grep pepa
   drwxrwx---   2 pepa pepa  4096 dub 27 15:41 pepa


   Takto na tom jsou vsichni uzivatele, krome administratora.

[root na linux log]# smbclient //127.0.0.1/administrator -U administrator
Password:
Domain=[HKEL] OS=[Unix] Server=[Samba 3.0.10-1.4E]
smb: \> dir
  .                                   D        0  Tue Apr 26 17:49:08 2005
  ..                                  D        0  Wed Apr 27 17:36:24 2005
  .emacs                             AH      383  Mon Apr 25 18:31:18 2005
  .zshrc                             AH      658  Mon Apr 25 18:31:18 2005
  profile                             D        0  Tue Apr 26 17:53:47 2005
  .bashrc                            AH      124  Mon Apr 25 18:31:18 2005
  .bash_profile                      AH      191  Mon Apr 25 18:31:18 2005
  .bash_logout                       AH      304  Mon Apr 25 18:31:18 2005

                54140 blocks of size 1048576. 48200 blocks available
smb: \>
   

  Toto se mi zacalo dit, kdyz jsem zmenil "passdb backend = tdbsam" z
  smbpasswd a provedl vampirovani.

  #pdbedit -Lw pepa
  pepa:516:D1A9....

  #cat /etc/passwd | grep pepa
  pepa:x:516:516::/home/pepa:/sbin/nologin

  #net groupmap list
  smazal jsem duplicitní "Domain Admins", "Domain Users"
  a podle SID nechal ty spravne.

  #net groupmap modify ntgroup="Domain Admins" unixgroup=root
  #net groupmap modify ntgroup="Domain Users" unixgroup=dusers

  V /etc/group mam skupinu dusers obsahujici vsechny uzivatele,
  a do skupiny root jsem pridal uzivatele administrator
  
  Vyzkousel jsem nasdilet adresar, kteremu jsem na stavil chmod 777,
  ale stejne se do nej uzivatel pepa nedostane.

  Jeste pridam smb.conf

[global]
        workgroup = HKEL
        netbios name = LINUX
        server string = Samba Server %v
        passdb backend = tdbsam
        log file = /var/log/samba.%m
        max log size = 50
        encrypt passwords = yes
        domain master = yes
        local master = yes
        preferred master = yes
        os level = 65
        security = user
        domain logons = yes
# Home directories
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

  

  Netusite kde by mohl byt zakopany pes?
  Diky,
  
Honza Novacek

Další informace o konferenci Linux