[Samba] smb_auth problem

Hi samba community.

I'm having a problem with the smb_auth authentication method. Everything
looks like normal, but everytime I try to use smb_auth it returns ERR.

I will show here some commands output to secure that all configuration is
correct, and if anyone can help me to investigate what's happend I'll
thanks.


I'm using: Debian lenny, updated.

ii samba 2:3.2.3-1
ii squid 2.7.STABLE3-1

XXXXXXXXXX its the correct password.

8<----------------------------------
sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
vinicius XXXXXXXXXXX
Domain name: SEKPLASTICOS
Pass-through authentication: no
Query address options: -U 127.0.0.1 -R
Domain controller IP address: 10.0.0.1
Domain controller NETBIOS name: SEK
Contents of //SEK/NETLOGON/proxyauth:
ERR
8<----------------------------------

But, look at the smbclient command.

vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth -"
Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
allow
getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)

Running smb_auth with user "vinicius" don't work too.
8<----------------------------------

Some permission and configs:

8<----------------------------------
The smb_auth permissions

sek:/usr/lib/squid# ls -l /usr/lib/squid/
total 284
-rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth
-rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon
-rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth
-rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check
-rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth
-rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon
-rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth
-rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth
-rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth
-rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth
-rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth
-rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh
-rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth
-rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group
-rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session
-rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group
-rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd
-rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl
-rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth


8<----------------------------------
The SMB configuration

sek:/usr/lib/squid# cat /etc/samba/smb.conf
# Samba config file created using SWAT
# from 192.168.0.2 (192.168.0.2)
# Date: 2008/04/04 23:07:20

[global]
workgroup = sekplasticos
netbios name = sek
server string = sek
security = user
null passwords = No
encrypt passwords = true
unix password sync = No
unix charset = iso8859-1
display charset = cp850
log level = 3
log file = /var/log/samba_log.%u
keepalive = 20
socket options = IPTOS_LOWDELAY TCP_NODELAY
logon path = \\sek\sysvol\%U
logon drive = P
domain logons = Yes
os level = 100
preferred master = Yes
domain master = Yes
local master = Yes
wins support = Yes
ldap ssl = no
comment = Servidor Sek
admin users = vinicius
time server = Yes
hosts allow = 127., 192.168.0., 10.0.0.

[homes]
comment = Pastas dos Usuarios
browseable = No
writable = Yes
create mask = 0600
directory mask = 0700
valid users = %S

[netlogon]
comment = Compartilhamento de Scripts
path = /home/netlogon
public = Yes
browseable = Yes
writable = Yes

[sysvol]
comment = System Volume
path = /home/sysvol
writable = Yes
guest ok = Yes
share modes = No
browseable = No
hide files = /desktop.ini/ntuser.ini/NTUSER.*/

[publico]
comment = publico
path = /home/publico
guest ok = No
writable = Yes
create mask = 0644
directory mask = 0777
public = Yes

[aplicativos]
comment = aplicativos
path = /home/aplicativos
guest ok = No
writable = Yes
browseable = Yes
create mask = 0600
directory mask = 0700
valid users = gilberto
sek:/usr/lib/squid#

8<----------------------------------
The NETLOGON permissions and proxyauth

sek:/home/netlogon# ls -l
total 4
-rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
sek:/home/netlogon# ls -ld
drwxrwxrwx 2 root root 22 Ago 31 17:35 .
sek:/home/netlogon# cat proxyauth
allow
8<----------------------------------


Really thanks if someone could help me.

--
Vinicius Ruoso - vkr07@c3sl.ufpr.br
C3SL: http://www.c3sl.ufpr.br

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Since upgrading to 3.2.x I had to enable

lanman auth = yes

in my smb.conf

(thats from memory - you may want to check the man page)

It fixed it for me.

Jon


2008/8/31 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:
> Hi samba community.
>
> I'm having a problem with the smb_auth authentication method. Everything
> looks like normal, but everytime I try to use smb_auth it returns ERR.
>
> I will show here some commands output to secure that all configuration is
> correct, and if anyone can help me to investigate what's happend I'll
> thanks.
>
>
> I'm using: Debian lenny, updated.
>
> ii samba 2:3.2.3-1
> ii squid 2.7.STABLE3-1
>
> XXXXXXXXXX its the correct password.
>
> 8<----------------------------------
> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
> vinicius XXXXXXXXXXX
> Domain name: SEKPLASTICOS
> Pass-through authentication: no
> Query address options: -U 127.0.0.1 -R
> Domain controller IP address: 10.0.0.1
> Domain controller NETBIOS name: SEK
> Contents of //SEK/NETLOGON/proxyauth:
> ERR
> 8<----------------------------------
>
> But, look at the smbclient command.
>
> vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth -"
> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
> allow
> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
>
> Running smb_auth with user "vinicius" don't work too.
> 8<----------------------------------
>
> Some permission and configs:
>
> 8<----------------------------------
> The smb_auth permissions
>
> sek:/usr/lib/squid# ls -l /usr/lib/squid/
> total 284
> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth
> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon
> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth
> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check
> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth
> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon
> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth
> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth
> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth
> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth
> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth
> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh
> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth
> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group
> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session
> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group
> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd
> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl
> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth
>
>
> 8<----------------------------------
> The SMB configuration
>
> sek:/usr/lib/squid# cat /etc/samba/smb.conf
> # Samba config file created using SWAT
> # from 192.168.0.2 (192.168.0.2)
> # Date: 2008/04/04 23:07:20
>
> [global]
> workgroup = sekplasticos
> netbios name = sek
> server string = sek
> security = user
> null passwords = No
> encrypt passwords = true
> unix password sync = No
> unix charset = iso8859-1
> display charset = cp850
> log level = 3
> log file = /var/log/samba_log.%u
> keepalive = 20
> socket options = IPTOS_LOWDELAY TCP_NODELAY
> logon path = \\sek\sysvol\%U
> logon drive = P
> domain logons = Yes
> os level = 100
> preferred master = Yes
> domain master = Yes
> local master = Yes
> wins support = Yes
> ldap ssl = no
> comment = Servidor Sek
> admin users = vinicius
> time server = Yes
> hosts allow = 127., 192.168.0., 10.0.0.
>
> [homes]
> comment = Pastas dos Usuarios
> browseable = No
> writable = Yes
> create mask = 0600
> directory mask = 0700
> valid users = %S
>
> [netlogon]
> comment = Compartilhamento de Scripts
> path = /home/netlogon
> public = Yes
> browseable = Yes
> writable = Yes
>
> [sysvol]
> comment = System Volume
> path = /home/sysvol
> writable = Yes
> guest ok = Yes
> share modes = No
> browseable = No
> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>
> [publico]
> comment = publico
> path = /home/publico
> guest ok = No
> writable = Yes
> create mask = 0644
> directory mask = 0777
> public = Yes
>
> [aplicativos]
> comment = aplicativos
> path = /home/aplicativos
> guest ok = No
> writable = Yes
> browseable = Yes
> create mask = 0600
> directory mask = 0700
> valid users = gilberto
> sek:/usr/lib/squid#
>
> 8<----------------------------------
> The NETLOGON permissions and proxyauth
>
> sek:/home/netlogon# ls -l
> total 4
> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
> sek:/home/netlogon# ls -ld
> drwxrwxrwx 2 root root 22 Ago 31 17:35 .
> sek:/home/netlogon# cat proxyauth
> allow
> 8<----------------------------------
>
>
> Really thanks if someone could help me.
>
> --
> Vinicius Ruoso - vkr07@c3sl.ufpr.br
> C3SL: http://www.c3sl.ufpr.br
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Hi Jon Wilson,

Really thanks for your fast response. But the "lanman auth = yes" added
to global directive of my smb.conf don't make any effect on smb_auth
authentication process. The response still the same. :(

Do you have any other idea of what can be done to fix it?
Any hope is very welcome. I'm trying to get this work a long time.

8<-------------------------------------------------------------------
The following are the man entry to lanman auth:
It looks like that this option don't affect smbclient requests.

lanman auth (G)

This parameter determines whether or not smbd(8) will attempt to
authenticate users or permit password changes using the LANMAN
password hash. If disabled, only clients which support NT password
hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows
95/98 or the MS DOS network client) will be able to connect to the
Samba host.

The LANMAN encrypted response is easily broken, due to it´s
case-insensitive nature, and the choice of algorithm. Servers
without Windows 95/98/ME or MS DOS clients are advised to disable
this option.

Unlike the encrypt passwords option, this parameter cannot alter
client behaviour, and the LANMAN response will still be sent over
the network. See the client lanman auth to disable this for
Samba´s
clients (such as smbclient)

If this option, and ntlm auth are both disabled, then only NTLMv2
logins will be permited. Not all clients support NTLMv2, and most
will require special configuration to use it.

Default: lanman auth = no

8<-------------------------------------------------------------------



> Since upgrading to 3.2.x I had to enable
>
> lanman auth = yes
>
> in my smb.conf
>
> (thats from memory - you may want to check the man page)
>
> It fixed it for me.
>
> Jon
>
>
> 2008/8/31 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:
>> Hi samba community.
>>
>> I'm having a problem with the smb_auth authentication method. Everything
>> looks like normal, but everytime I try to use smb_auth it returns ERR.
>>
>> I will show here some commands output to secure that all configuration
>> is
>> correct, and if anyone can help me to investigate what's happend I'll
>> thanks.
>>
>>
>> I'm using: Debian lenny, updated.
>>
>> ii samba 2:3.2.3-1
>> ii squid 2.7.STABLE3-1
>>
>> XXXXXXXXXX its the correct password.
>>
>> 8<----------------------------------
>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
>> vinicius XXXXXXXXXXX
>> Domain name: SEKPLASTICOS
>> Pass-through authentication: no
>> Query address options: -U 127.0.0.1 -R
>> Domain controller IP address: 10.0.0.1
>> Domain controller NETBIOS name: SEK
>> Contents of //SEK/NETLOGON/proxyauth:
>> ERR
>> 8<----------------------------------
>>
>> But, look at the smbclient command.
>>
>> vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth
>> -"
>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
>> allow
>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
>>
>> Running smb_auth with user "vinicius" don't work too.
>> 8<----------------------------------
>>
>> Some permission and configs:
>>
>> 8<----------------------------------
>> The smb_auth permissions
>>
>> sek:/usr/lib/squid# ls -l /usr/lib/squid/
>> total 284
>> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth
>> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon
>> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth
>> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check
>> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth
>> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon
>> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth
>> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth
>> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth
>> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth
>> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth
>> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh
>> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth
>> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group
>> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session
>> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group
>> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd
>> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl
>> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth
>>
>>
>> 8<----------------------------------
>> The SMB configuration
>>
>> sek:/usr/lib/squid# cat /etc/samba/smb.conf
>> # Samba config file created using SWAT
>> # from 192.168.0.2 (192.168.0.2)
>> # Date: 2008/04/04 23:07:20
>>
>> [global]
>> workgroup = sekplasticos
>> netbios name = sek
>> server string = sek
>> security = user
>> null passwords = No
>> encrypt passwords = true
>> unix password sync = No
>> unix charset = iso8859-1
>> display charset = cp850
>> log level = 3
>> log file = /var/log/samba_log.%u
>> keepalive = 20
>> socket options = IPTOS_LOWDELAY TCP_NODELAY
>> logon path = \\sek\sysvol\%U
>> logon drive = P
>> domain logons = Yes
>> os level = 100
>> preferred master = Yes
>> domain master = Yes
>> local master = Yes
>> wins support = Yes
>> ldap ssl = no
>> comment = Servidor Sek
>> admin users = vinicius
>> time server = Yes
>> hosts allow = 127., 192.168.0., 10.0.0.
>>
>> [homes]
>> comment = Pastas dos Usuarios
>> browseable = No
>> writable = Yes
>> create mask = 0600
>> directory mask = 0700
>> valid users = %S
>>
>> [netlogon]
>> comment = Compartilhamento de Scripts
>> path = /home/netlogon
>> public = Yes
>> browseable = Yes
>> writable = Yes
>>
>> [sysvol]
>> comment = System Volume
>> path = /home/sysvol
>> writable = Yes
>> guest ok = Yes
>> share modes = No
>> browseable = No
>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>>
>> [publico]
>> comment = publico
>> path = /home/publico
>> guest ok = No
>> writable = Yes
>> create mask = 0644
>> directory mask = 0777
>> public = Yes
>>
>> [aplicativos]
>> comment = aplicativos
>> path = /home/aplicativos
>> guest ok = No
>> writable = Yes
>> browseable = Yes
>> create mask = 0600
>> directory mask = 0700
>> valid users = gilberto
>> sek:/usr/lib/squid#
>>
>> 8<----------------------------------
>> The NETLOGON permissions and proxyauth
>>
>> sek:/home/netlogon# ls -l
>> total 4
>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
>> sek:/home/netlogon# ls -ld
>> drwxrwxrwx 2 root root 22 Ago 31 17:35 .
>> sek:/home/netlogon# cat proxyauth
>> allow
>> 8<----------------------------------
>>
>>
>> Really thanks if someone could help me.
>>
>> --
>> Vinicius Ruoso - vkr07@c3sl.ufpr.br
>> C3SL: http://www.c3sl.ufpr.br
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>


--
Vinicius Ruoso - vkr07@c3sl.ufpr.br
C3SL: http://www.c3sl.ufpr.br

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Sorry for the misleading information.

I use censornet and that stopped authenticating to the domain when I
did the upgrade to 3.2.x - I thought you might be suffering the same
issue.

Jon


2008/9/1 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:
> Hi Jon Wilson,
>
> Really thanks for your fast response. But the "lanman auth = yes" added
> to global directive of my smb.conf don't make any effect on smb_auth
> authentication process. The response still the same. :(
>
> Do you have any other idea of what can be done to fix it?
> Any hope is very welcome. I'm trying to get this work a long time.
>
> 8<-------------------------------------------------------------------
> The following are the man entry to lanman auth:
> It looks like that this option don't affect smbclient requests.
>
> lanman auth (G)
>
> This parameter determines whether or not smbd(8) will attempt to
> authenticate users or permit password changes using the LANMAN
> password hash. If disabled, only clients which support NT password
> hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows
> 95/98 or the MS DOS network client) will be able to connect to the
> Samba host.
>
> The LANMAN encrypted response is easily broken, due to it´s
> case-insensitive nature, and the choice of algorithm. Servers
> without Windows 95/98/ME or MS DOS clients are advised to disable
> this option.
>
> Unlike the encrypt passwords option, this parameter cannot alter
> client behaviour, and the LANMAN response will still be sent over
> the network. See the client lanman auth to disable this for
> Samba´s
> clients (such as smbclient)
>
> If this option, and ntlm auth are both disabled, then only NTLMv2
> logins will be permited. Not all clients support NTLMv2, and most
> will require special configuration to use it.
>
> Default: lanman auth = no
>
> 8<-------------------------------------------------------------------
>
>
>
>> Since upgrading to 3.2.x I had to enable
>>
>> lanman auth = yes
>>
>> in my smb.conf
>>
>> (thats from memory - you may want to check the man page)
>>
>> It fixed it for me.
>>
>> Jon
>>
>>
>> 2008/8/31 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:
>>> Hi samba community.
>>>
>>> I'm having a problem with the smb_auth authentication method. Everything
>>> looks like normal, but everytime I try to use smb_auth it returns ERR.
>>>
>>> I will show here some commands output to secure that all configuration
>>> is
>>> correct, and if anyone can help me to investigate what's happend I'll
>>> thanks.
>>>
>>>
>>> I'm using: Debian lenny, updated.
>>>
>>> ii samba 2:3.2.3-1
>>> ii squid 2.7.STABLE3-1
>>>
>>> XXXXXXXXXX its the correct password.
>>>
>>> 8<----------------------------------
>>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
>>> vinicius XXXXXXXXXXX
>>> Domain name: SEKPLASTICOS
>>> Pass-through authentication: no
>>> Query address options: -U 127.0.0.1 -R
>>> Domain controller IP address: 10.0.0.1
>>> Domain controller NETBIOS name: SEK
>>> Contents of //SEK/NETLOGON/proxyauth:
>>> ERR
>>> 8<----------------------------------
>>>
>>> But, look at the smbclient command.
>>>
>>> vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth
>>> -"
>>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
>>> allow
>>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
>>>
>>> Running smb_auth with user "vinicius" don't work too.
>>> 8<----------------------------------
>>>
>>> Some permission and configs:
>>>
>>> 8<----------------------------------
>>> The smb_auth permissions
>>>
>>> sek:/usr/lib/squid# ls -l /usr/lib/squid/
>>> total 284
>>> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth
>>> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon
>>> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth
>>> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check
>>> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth
>>> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon
>>> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth
>>> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth
>>> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth
>>> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth
>>> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth
>>> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh
>>> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth
>>> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group
>>> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session
>>> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group
>>> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd
>>> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl
>>> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth
>>>
>>>
>>> 8<----------------------------------
>>> The SMB configuration
>>>
>>> sek:/usr/lib/squid# cat /etc/samba/smb.conf
>>> # Samba config file created using SWAT
>>> # from 192.168.0.2 (192.168.0.2)
>>> # Date: 2008/04/04 23:07:20
>>>
>>> [global]
>>> workgroup = sekplasticos
>>> netbios name = sek
>>> server string = sek
>>> security = user
>>> null passwords = No
>>> encrypt passwords = true
>>> unix password sync = No
>>> unix charset = iso8859-1
>>> display charset = cp850
>>> log level = 3
>>> log file = /var/log/samba_log.%u
>>> keepalive = 20
>>> socket options = IPTOS_LOWDELAY TCP_NODELAY
>>> logon path = \\sek\sysvol\%U
>>> logon drive = P
>>> domain logons = Yes
>>> os level = 100
>>> preferred master = Yes
>>> domain master = Yes
>>> local master = Yes
>>> wins support = Yes
>>> ldap ssl = no
>>> comment = Servidor Sek
>>> admin users = vinicius
>>> time server = Yes
>>> hosts allow = 127., 192.168.0., 10.0.0.
>>>
>>> [homes]
>>> comment = Pastas dos Usuarios
>>> browseable = No
>>> writable = Yes
>>> create mask = 0600
>>> directory mask = 0700
>>> valid users = %S
>>>
>>> [netlogon]
>>> comment = Compartilhamento de Scripts
>>> path = /home/netlogon
>>> public = Yes
>>> browseable = Yes
>>> writable = Yes
>>>
>>> [sysvol]
>>> comment = System Volume
>>> path = /home/sysvol
>>> writable = Yes
>>> guest ok = Yes
>>> share modes = No
>>> browseable = No
>>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>>>
>>> [publico]
>>> comment = publico
>>> path = /home/publico
>>> guest ok = No
>>> writable = Yes
>>> create mask = 0644
>>> directory mask = 0777
>>> public = Yes
>>>
>>> [aplicativos]
>>> comment = aplicativos
>>> path = /home/aplicativos
>>> guest ok = No
>>> writable = Yes
>>> browseable = Yes
>>> create mask = 0600
>>> directory mask = 0700
>>> valid users = gilberto
>>> sek:/usr/lib/squid#
>>>
>>> 8<----------------------------------
>>> The NETLOGON permissions and proxyauth
>>>
>>> sek:/home/netlogon# ls -l
>>> total 4
>>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
>>> sek:/home/netlogon# ls -ld
>>> drwxrwxrwx 2 root root 22 Ago 31 17:35 .
>>> sek:/home/netlogon# cat proxyauth
>>> allow
>>> 8<----------------------------------
>>>
>>>
>>> Really thanks if someone could help me.
>>>
>>> --
>>> Vinicius Ruoso - vkr07@c3sl.ufpr.br
>>> C3SL: http://www.c3sl.ufpr.br
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>>
>>
>
>
> --
> Vinicius Ruoso - vkr07@c3sl.ufpr.br
> C3SL: http://www.c3sl.ufpr.br
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

I don't know what I'm doing wrong. I configured this authentication correctly
some time before, but this time it's not working.

An I missing something crusial here?
For me all looks normal. :(


Thanks a lot

On Mon, Sep 01, 2008 at 12:42:14PM +0100, Jon Wilson wrote:
> Sorry for the misleading information.
>
> I use censornet and that stopped authenticating to the domain when I
> did the upgrade to 3.2.x - I thought you might be suffering the same
> issue.
>
> Jon
>
>
> 2008/9/1 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:
> > Hi Jon Wilson,
> >
> > Really thanks for your fast response. But the "lanman auth = yes" added
> > to global directive of my smb.conf don't make any effect on smb_auth
> > authentication process. The response still the same. :(
> >
> > Do you have any other idea of what can be done to fix it?
> > Any hope is very welcome. I'm trying to get this work a long time.
> >
> > 8<-------------------------------------------------------------------
> > The following are the man entry to lanman auth:
> > It looks like that this option don't affect smbclient requests.
> >
> > lanman auth (G)
> >
> > This parameter determines whether or not smbd(8) will attempt to
> > authenticate users or permit password changes using the LANMAN
> > password hash. If disabled, only clients which support NT password
> > hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows
> > 95/98 or the MS DOS network client) will be able to connect to the
> > Samba host.
> >
> > The LANMAN encrypted response is easily broken, due to it´s
> > case-insensitive nature, and the choice of algorithm. Servers
> > without Windows 95/98/ME or MS DOS clients are advised to disable
> > this option.
> >
> > Unlike the encrypt passwords option, this parameter cannot alter
> > client behaviour, and the LANMAN response will still be sent over
> > the network. See the client lanman auth to disable this for
> > Samba´s
> > clients (such as smbclient)
> >
> > If this option, and ntlm auth are both disabled, then only NTLMv2
> > logins will be permited. Not all clients support NTLMv2, and most
> > will require special configuration to use it.
> >
> > Default: lanman auth = no
> >
> > 8<-------------------------------------------------------------------
> >
> >
> >
> >> Since upgrading to 3.2.x I had to enable
> >>
> >> lanman auth = yes
> >>
> >> in my smb.conf
> >>
> >> (thats from memory - you may want to check the man page)
> >>
> >> It fixed it for me.
> >>
> >> Jon
> >>
> >>
> >> 2008/8/31 Vinicius Ruoso <vkr07@c3sl.ufpr.br>:
> >>> Hi samba community.
> >>>
> >>> I'm having a problem with the smb_auth authentication method. Everything
> >>> looks like normal, but everytime I try to use smb_auth it returns ERR.
> >>>
> >>> I will show here some commands output to secure that all configuration
> >>> is
> >>> correct, and if anyone can help me to investigate what's happend I'll
> >>> thanks.
> >>>
> >>>
> >>> I'm using: Debian lenny, updated.
> >>>
> >>> ii samba 2:3.2.3-1
> >>> ii squid 2.7.STABLE3-1
> >>>
> >>> XXXXXXXXXX its the correct password.
> >>>
> >>> 8<----------------------------------
> >>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d
> >>> vinicius XXXXXXXXXXX
> >>> Domain name: SEKPLASTICOS
> >>> Pass-through authentication: no
> >>> Query address options: -U 127.0.0.1 -R
> >>> Domain controller IP address: 10.0.0.1
> >>> Domain controller NETBIOS name: SEK
> >>> Contents of //SEK/NETLOGON/proxyauth:
> >>> ERR
> >>> 8<----------------------------------
> >>>
> >>> But, look at the smbclient command.
> >>>
> >>> vinicius@sek:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get proxyauth
> >>> -"
> >>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3]
> >>> allow
> >>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s)
> >>>
> >>> Running smb_auth with user "vinicius" don't work too.
> >>> 8<----------------------------------
> >>>
> >>> Some permission and configs:
> >>>
> >>> 8<----------------------------------
> >>> The smb_auth permissions
> >>>
> >>> sek:/usr/lib/squid# ls -l /usr/lib/squid/
> >>> total 284
> >>> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth
> >>> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon
> >>> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth
> >>> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check
> >>> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth
> >>> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon
> >>> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth
> >>> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth
> >>> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth
> >>> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth
> >>> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth
> >>> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh
> >>> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth
> >>> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group
> >>> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session
> >>> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group
> >>> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd
> >>> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl
> >>> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth
> >>>
> >>>
> >>> 8<----------------------------------
> >>> The SMB configuration
> >>>
> >>> sek:/usr/lib/squid# cat /etc/samba/smb.conf
> >>> # Samba config file created using SWAT
> >>> # from 192.168.0.2 (192.168.0.2)
> >>> # Date: 2008/04/04 23:07:20
> >>>
> >>> [global]
> >>> workgroup = sekplasticos
> >>> netbios name = sek
> >>> server string = sek
> >>> security = user
> >>> null passwords = No
> >>> encrypt passwords = true
> >>> unix password sync = No
> >>> unix charset = iso8859-1
> >>> display charset = cp850
> >>> log level = 3
> >>> log file = /var/log/samba_log.%u
> >>> keepalive = 20
> >>> socket options = IPTOS_LOWDELAY TCP_NODELAY
> >>> logon path = \\sek\sysvol\%U
> >>> logon drive = P
> >>> domain logons = Yes
> >>> os level = 100
> >>> preferred master = Yes
> >>> domain master = Yes
> >>> local master = Yes
> >>> wins support = Yes
> >>> ldap ssl = no
> >>> comment = Servidor Sek
> >>> admin users = vinicius
> >>> time server = Yes
> >>> hosts allow = 127., 192.168.0., 10.0.0.
> >>>
> >>> [homes]
> >>> comment = Pastas dos Usuarios
> >>> browseable = No
> >>> writable = Yes
> >>> create mask = 0600
> >>> directory mask = 0700
> >>> valid users = %S
> >>>
> >>> [netlogon]
> >>> comment = Compartilhamento de Scripts
> >>> path = /home/netlogon
> >>> public = Yes
> >>> browseable = Yes
> >>> writable = Yes
> >>>
> >>> [sysvol]
> >>> comment = System Volume
> >>> path = /home/sysvol
> >>> writable = Yes
> >>> guest ok = Yes
> >>> share modes = No
> >>> browseable = No
> >>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/
> >>>
> >>> [publico]
> >>> comment = publico
> >>> path = /home/publico
> >>> guest ok = No
> >>> writable = Yes
> >>> create mask = 0644
> >>> directory mask = 0777
> >>> public = Yes
> >>>
> >>> [aplicativos]
> >>> comment = aplicativos
> >>> path = /home/aplicativos
> >>> guest ok = No
> >>> writable = Yes
> >>> browseable = Yes
> >>> create mask = 0600
> >>> directory mask = 0700
> >>> valid users = gilberto
> >>> sek:/usr/lib/squid#
> >>>
> >>> 8<----------------------------------
> >>> The NETLOGON permissions and proxyauth
> >>>
> >>> sek:/home/netlogon# ls -l
> >>> total 4
> >>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth
> >>> sek:/home/netlogon# ls -ld
> >>> drwxrwxrwx 2 root root 22 Ago 31 17:35 .
> >>> sek:/home/netlogon# cat proxyauth
> >>> allow
> >>> 8<----------------------------------
> >>>
> >>>
> >>> Really thanks if someone could help me.
> >>>
> >>> --
> >>> Vinicius Ruoso - vkr07@c3sl.ufpr.br
> >>> C3SL: http://www.c3sl.ufpr.br
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions: https://lists.samba.org/mailman/listinfo/samba
> >>>
> >>
> >
> >
> > --
> > Vinicius Ruoso - vkr07@c3sl.ufpr.br
> > C3SL: http://www.c3sl.ufpr.br
> >
> >

--
---
Vinicius Kwiecien Ruoso - vkr07@c3sl.ufpr.br
C3SL: http://www.c3sl.ufpr.br
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba