Solved

Samba works for everyone but one user

Posted on 2006-07-18
3
770 Views
Last Modified: 2013-11-13
Hi there,

I've got a headscratcher.  Everyone else using Samba works, except for one person.  We all use an Active Directory domain to verify our authentication.  All users that have been added after the non-working userid, well they all work fine and can use Windows Explorer to get to the server without getting prompted for their network login / password combo.

I'm administering a RHEL 3 server running Samba:

# uname -a
Linux tempest 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004 i686 i686 i386 GNU/Linux

Here are my Samba versions:
# rpm -qa | grep -i samba
redhat-config-samba-1.0.4-1
samba-common-2.2.7a-8.9.0
samba-2.2.7a-8.9.0
samba-client-2.2.7a-8.9.0

Here's my smb.conf:
# cat smb.conf
#======================= Global Settings =======================
[global]
   netbios name = tempest
   username map = /etc/samba/user.map
   workgroup = WSON
   server string = %h server (Samba %v)
   log file = /var/log/samba/log.%m
   max log size = 1000
   security = domain
   password server = PW1INFRA11 PW1INFRA10
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF SO_SNDBUF=8192
   local master = no
   read only = no
   preserve case = yes
   short preserve case = no
   dos filetime resolution = yes
   syslog = 0
   wins server = 10.0.0.XX 10.0.0.XX
   dns proxy = no
   lanman auth = yes

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

#======Share Definitions======#

[hotlist]
        comment = hotlist
        path = /hotlist
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[performance]
        comment = performance
        path = /hotlist/html/performance
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[intentia]
        comment = intentia
        path = /intentia
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[www]
        comment = www
        path = /www
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[www-ssl]
        comment = www-ssl
        path = /www-ssl
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[Websphere]
        comment = Websphere-InstalledApps
        path = /opt/web/WebSphere
        read only = yes
        browsable = yes
        create mask = 0444
        force create mode = 0444

Here's my user.map
# cat user.map
## Admin group
timo = 4455             #Tim
ryandu = 2525           #Ryan
cjh = 4918              #Chris

## Webdeveloper group
jroos = 4931     #Jennifer
annefr = 4407    #Anne
robb = 5099      #Rob
bobni = 4268     #Bob
u5185 = 5185     #Bill
garyj = 1494     #Gary
u7547 = 7547     #Brian
u7355 = 5314     # Andrea
u5550 = 5550     # Josh                            #USER LOGIN THAT DOESN"T WORK
u5273 = 5273     # Jason             #These IDs were added after Josh and work fine
u5314 = 5314     # Andrea

Here's the user's error log:

log.lxpp05550:

[2006/07/18 08:14:34, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
  cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2006/07/18 08:14:34, 0] smbd/password.c:domain_client_validate(1619)
  domain_client_validate: unable to validate password for user 5550 in domain
WSON to Domain controller PWMN1INFRA11. Error was NT_STATUS_WRONG_PASSWORD.
[2006/07/18 08:14:36, 0] passdb/pampass.c:smb_pam_passcheck(827)
  smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User u5550 !
[2006/07/18 08:14:36, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
0
Comment
Question by:LawsonITS
3 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 17132304
Looking at the log, it appears that the person is unable to validate either with the AD(which it should?). With your config, you'd expect smb_pamto fail. This implies that the username or password is wrong!

Therefore, I presume that you have checked that the username is exactly the same as the AD one, and I presume that you have tried resetting the password concerned? Once you've reset the password, try restarting samba to clear out any 'cached' passwords.

(   (()
(`-' _\
 ''  ''

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now