Announcement

Collapse
No announcement yet.

Samba simple setup - Authentication Fail

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Samba simple setup - Authentication Fail

    Hello
    Samba seems to fail when authenticating only under one unique circumstance.

    The sudo user of the server machine is 'vcandy'.

    User vcandy is the only user that fails authentication. I have 4 other users and all work according to plan, both on linux and windows machines.

    User vcandy will work under the following circumstances. If vcandy client side (Linux) machine is powered up, upon first attempt to access Samba shares user vcandy does indeed work.

    Any subsequent attempts to get back to the same Samba shares using vcandy fails. Windows user vcandy on a client machine does also work all the time.

    The fail here is user vcandy, attempting to login using a Linux client and only after the first attempt. Thanks for any help..

    My smb.conf file:

    Code:
    [global]
    workgroup = workgroup
    security = auto
    server role = standalone
    username map = /etc/samba/smb.user.map
    log file = /var/log/samba/smb.log
    max log size = 5000
    log level = 2
    
    
    [mp3]
    path = /home/myUserName/mp3
    browseable = yes
    write list = myUserName
    force user = myUserName​

    #2
    The first idea I have for you is to look into the log file entries and perhaps post them here…

    PS: Did you try setting security = user ? And is this the whole smb.conf or is there something else in it?
    Last edited by Schwarzer Kater; Dec 02, 2022, 02:43 PM. Reason: added PS
    Debian KDE & LXQt • Kubuntu & Lubuntu • openSUSE KDE • Windows • macOS X
    Desktop: Lenovo ThinkCentre M75s • Laptop: Apple MacBook Pro 13" • and others

    get rid of Snap scriptreinstall Snap for release-upgrade scriptinstall traditional Firefox script

    Comment


      #3
      Originally posted by Schwarzer Kater View Post
      The first idea I have for you is to look into the log file entries and perhaps post them here…
      Right!

      Here you go, and thanks for the help.

      Code:
      [[2022/12/01 10:54:58.173932, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:54:58.175475, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.175855, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:54:58.176030, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:54:58.176195, 2] ../../source3/smbd/reply.c:707(reply_special)
      netbios connect: name1=myHostName.LOCAL 0x20 name2= 0x0
      [2022/12/01 10:54:58.176245, 2] ../../source3/smbd/reply.c:747(reply_special)
      netbios connect: local=myHostName.local remote=, name type = 0
      [2022/12/01 10:54:58.177476, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.178020, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:54:58.178186, 2] ../../source3/smbd/reply.c:707(reply_special)
      netbios connect: name1=myHostName.LOCAL 0x20 name2= 0x0
      [2022/12/01 10:54:58.178235, 2] ../../source3/smbd/reply.c:747(reply_special)
      netbios connect: local=myHostName.local remote=, name type = 0
      [2022/12/01 10:54:58.189100, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.190789, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
      check_ntlm_password: authentication for user [myUserName] -> [myUserName] -> [myUserName] succeeded
      [2022/12/01 10:54:58.191014, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.192263, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.192334, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.194072, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
      check_ntlm_password: authentication for user [myUserName] -> [myUserName] -> [myUserName] succeeded
      [2022/12/01 10:54:58.194214, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.195061, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.198158, 1] ../../source3/auth/token_util.c:1171(create_token_from_username)
      lookup_name_smbconf for failed
      [2022/12/01 10:54:58.234447, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:54:58.235891, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.236434, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:54:58.248865, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.250386, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
      check_ntlm_password: authentication for user [myUserName] -> [myUserName] -> [myUserName] succeeded
      [2022/12/01 10:54:58.250525, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.251387, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.264565, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.266391, 2] ../../source3/smbd/service.c:852(make_connection_snum)
      my-PC-Name (ipv4:192.168.X.X:XXXXX) connect to service mp3 initially as user myUserName (uid=1000, gid=1000) (pid 16489)
      [2022/12/01 10:54:58.800907, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:54:58.802328, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.802864, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:54:58.816655, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.818909, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
      check_ntlm_password: authentication for user [myUserName] -> [myUserName] -> [myUserName] succeeded
      [2022/12/01 10:54:58.819132, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:58.820318, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.834110, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:58.835797, 2] ../../source3/smbd/service.c:852(make_connection_snum)
      my-PC-Name (ipv4:192.168.X.X:XXXXX) connect to service mp3 initially as user myUserName (uid=1000, gid=1000) (pid 16490)
      [2022/12/01 10:54:59.822376, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:54:59.823753, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:59.824286, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:54:59.839320, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:59.841053, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
      check_ntlm_password: authentication for user [myUserName] -> [myUserName] -> [myUserName] succeeded
      [2022/12/01 10:54:59.841223, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:54:59.842131, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:59.853775, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:54:59.855485, 2] ../../source3/smbd/service.c:852(make_connection_snum)
      my-PC-Name (ipv4:192.168.X.X:XXXXX) connect to service mp3 initially as user myUserName (uid=1000, gid=1000) (pid 16491)
      [2022/12/01 10:54:59.865371, 2] ../../source3/smbd/open.c:1524(open_file)
      myUserName opened file myMusicFile.mp3 read=No write=No (numopen=1)
      [2022/12/01 10:54:59.907143, 2] ../../source3/smbd/close.c:824(close_normal_file)
      myUserName closed file myMusicFile.mp3 (numopen=0) NT_STATUS_OK
      [2022/12/01 10:55:01.426010, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:55:01.427401, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:55:01.427944, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:55:01.448149, 1] ../../source3/auth/token_util.c:1171(create_token_from_username)
      lookup_name_smbconf for failed
      [2022/12/01 10:55:01.453876, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:55:01.463786, 1] ../../source3/smbd/service.c:353(create_connection_session_info)
      create_connection_session_info: guest user (from session setup) not permitted to access this share (mp3)
      [2022/12/01 10:55:01.463825, 1] ../../source3/smbd/service.c:543(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2022/12/01 10:55:19.916114, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:55:19.917614, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:55:19.918170, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:55:19.931599, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:55:19.932478, 2] ../../source3/auth/auth.c:344(auth_check_ntlm_password)
      check_ntlm_password: Authentication for user [myUserName] -> [myUserName] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
      [2022/12/01 10:55:19.932513, 2] ../../auth/auth_log.c:635(log_authentication_event_human_read able)
      Auth: [SMB2,(null)] user [WORKGROUP]\[myUserName] at [Thu, 01 Dec 2022 10:55:19.932501 EST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [MY-PC-NAME] remote host [ipv4:192.168.X.X:XXXXX] mapped to [WORKGROUP]\[myUserName]. local host [ipv4:192.168.X.X:XXX]
      {"timestamp": "2022-12-01T10:55:19.932570-0500", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.X.X:XXX", "remoteAddress": "ipv4:192.168.X.X:XXXXX", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "myUserName", "workstation": "MY-PC-NAME", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "myUserName", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 5062}}
      [2022/12/01 10:55:19.938246, 1] ../../source3/auth/token_util.c:1171(create_token_from_username)
      lookup_name_smbconf for failed
      [2022/12/01 10:55:19.942701, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:55:19.951429, 1] ../../source3/smbd/service.c:353(create_connection_session_info)
      create_connection_session_info: guest user (from session setup) not permitted to access this share (mp3)
      [2022/12/01 10:55:19.951460, 1] ../../source3/smbd/service.c:543(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2022/12/01 10:55:23.671421, 2] ../../source3/smbd/service.c:1123(close_cnum)
      my-PC-Name (ipv4:192.168.X.X:XXXXX) closed connection to service mp3
      [2022/12/01 10:55:25.277926, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
      Registered MSG_REQ_POOL_USAGE
      [2022/12/01 10:55:25.279351, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:55:25.279900, 2] ../../source3/lib/interface.c:343(add_interface)
      added interface enp3s0 ip=192.168.X.X bcast=192.168.1.255 netmask=255.255.255.0
      [2022/12/01 10:55:25.292451, 1] ../../source3/param/loadparm.c:2519(lp_idmap_range)
      idmap range not specified for domain '*'
      [2022/12/01 10:55:25.293367, 2] ../../source3/auth/auth.c:344(auth_check_ntlm_password)
      check_ntlm_password: Authentication for user [myUserName] -> [myUserName] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
      [2022/12/01 10:55:25.293403, 2] ../../auth/auth_log.c:635(log_authentication_event_human_read able)
      Auth: [SMB2,(null)] user [WORKGROUP]\[myUserName] at [Thu, 01 Dec 2022 10:55:25.293391 EST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [MY-PC-NAME] remote host [ipv4:192.168.X.X:XXXXX] mapped to [WORKGROUP]\[myUserName]. local host [ipv4:192.168.X.X:XXX]
      {"timestamp": "2022-12-01T10:55:25.293458-0500", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.X.X:XXX", "remoteAddress": "ipv4:192.168.X.X:XXXXX", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "WORKGROUP", "clientAccount": "myUserName", "workstation": "MY-PC-NAME", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "myUserName", "mappedDomain": "WORKGROUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 4542}}
      [2022/12/01 10:55:25.299435, 1] ../../source3/auth/token_util.c:1171(create_token_from_username)
      lookup_name_smbconf for failed
      [2022/12/01 10:55:25.303909, 2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[mp3]"
      [2022/12/01 10:55:25.313673, 1] ../../source3/smbd/service.c:353(create_connection_session_info)
      create_connection_session_info: guest user (from session setup) not permitted to access this share (mp3)
      [2022/12/01 10:55:25.313732, 1] ../../source3/smbd/service.c:543(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED​

      Comment


        #4
        Also, per your suggestion on 'security = user' I have been through this https://www.samba.org/samba/docs/man/ and it is a lot of information. Many settings are not geared for my simple environment. However, I feel I have identified most settings that are pertinent to my situation and can apply when needed.

        This setup did work at one point with a few more additions to my [global] and more additions to my [shares]. Not sure at what point it broke, but my main user (sudo user) 'vcandy' on the Samba server/linux box, which is constantly logged in, when trying to login with the same username and same password on a client linux machine fails, only after the first attempt. First attempt meaning that it works the first time I try when I reboot the client machine. If that makes sense.

        Comment


          #5
          Well, got it to work it in pretty much the fashion I want.

          Purged Samba then reinstalled. I think this was unnecessary due to the issue still happening after the reinstall.

          I simply changed my Samba Password to something other than my Unix password. I just never tried this before I purged Samba.

          This creates more of a puzzle than anything. Although my issue is resolved would really like to know what is causing this conflict. I'd prefer to have one less password in my life and also thought the basis of a 'Standalone server' setup was in fact using identical username/password parameters for both Samba/Unix/Windows, no? All my other users are setup like this and it works for them.

          Appreciate you chiming in Schwarzer, and if you have anything to add by all means. Thanks vcandy50
          Last edited by vcandy50; Dec 04, 2022, 08:31 AM.

          Comment

          Working...
          X