1

I am attempting to configure a Samba server to allow access to a service (Oracle) running on a windows server. At one point I have tested this and it worked without an issue so I didn't backup my conf file (grrr). Now I have been fighting with it and nothing I try will work.

I have my windows service setup to login as a domain user and I am logged into the server as that user and can connect to the samba server without it prompting me for a password; however when I run my service is gets a Logon failure: unknown user name or bad password.

Edit #1 9-Dec-2010 1654 GMT/ 0954 MST

I upgraded to Samba v3.3.8-0.52.el5_5.2 and was able to finally get some useful logs, however no matter what I do I can not get a user to map and correctly authenticate.

Log file:

[2010/12/09 09:57:52, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [NATRONA]\[Administrator]@[NATRONA17] with the new password interface [2010/12/09 09:57:52, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [RMAN]\[Administrator]@[NATRONA17] [2010/12/09 09:57:52, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/12/09 09:57:52, 3] smbd/uid.c:push_conn_ctx(440) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/12/09 09:57:52, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/12/09 09:57:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/12/09 09:57:52, 3] auth/auth_sam.c:check_sam_security(282) check_sam_security: Couldn't find user 'Administrator' in passdb. [2010/12/09 09:57:52, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER

I have setup mappings in my smbusers file:

root = administrator admin Administrator [NATRONA]\[Administrator] [RMAN]\[Administrator] nobody = guest pcguest smbguest

And I think I have my share configured correctly:

[recovery] comment = Recovery Catalog Data writeable = yes public = yes guest only = no valid users = oracle,root,[NATRONA]\[Administrator]@[NATRONA17]

Obviously there is a mismatch between the username that the Windows server is sending and the mapping on the samba server, I even tried guest only = yes to attempt to force guest and it did not work.

Some Samba guru please point me in the correct direction. path = /db/recovery

Improve this question

1 Answer 1

Reset to default
2

Turns out samba was not looking at my user map file. The correct configuration is shown below:

[global] log file = /var/log/samba/log.%m cups options = raw load printers = no guest account = oracle printing = bsd server string = Oracle Recovery Server workgroup = UNIX debug level = 5 username map = /etc/samba/smbusers null passwords = yes encrypt passwords = yes security = user passdb backend = tdbsam max log size = 50 [recovery] comment = Recovery Catalog Data writeable = yes public = yes guest only = yes guest ok = yes valid users = oracle,root path = /var/oracle_recovery_catalog

I also had to set my oracle user to a null password: smbpasswd -an oracle.

This configuration does not even require me to change the service to run under another account. WOO HOO!

WARNING: Doing this allows anyone to read/write to the specified share. I am handling security at the firewall level; however if you are implementing this solution you should use something, samba supports a hosts allow directive that may be worth your efforts.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.