Solved

Samba works for everyone but one user

Posted on 2006-07-18
3
773 Views
Last Modified: 2013-11-13
Hi there,

I've got a headscratcher.  Everyone else using Samba works, except for one person.  We all use an Active Directory domain to verify our authentication.  All users that have been added after the non-working userid, well they all work fine and can use Windows Explorer to get to the server without getting prompted for their network login / password combo.

I'm administering a RHEL 3 server running Samba:

# uname -a
Linux tempest 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004 i686 i686 i386 GNU/Linux

Here are my Samba versions:
# rpm -qa | grep -i samba
redhat-config-samba-1.0.4-1
samba-common-2.2.7a-8.9.0
samba-2.2.7a-8.9.0
samba-client-2.2.7a-8.9.0

Here's my smb.conf:
# cat smb.conf
#======================= Global Settings =======================
[global]
   netbios name = tempest
   username map = /etc/samba/user.map
   workgroup = WSON
   server string = %h server (Samba %v)
   log file = /var/log/samba/log.%m
   max log size = 1000
   security = domain
   password server = PW1INFRA11 PW1INFRA10
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF SO_SNDBUF=8192
   local master = no
   read only = no
   preserve case = yes
   short preserve case = no
   dos filetime resolution = yes
   syslog = 0
   wins server = 10.0.0.XX 10.0.0.XX
   dns proxy = no
   lanman auth = yes

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

#======Share Definitions======#

[hotlist]
        comment = hotlist
        path = /hotlist
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[performance]
        comment = performance
        path = /hotlist/html/performance
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[intentia]
        comment = intentia
        path = /intentia
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[www]
        comment = www
        path = /www
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[www-ssl]
        comment = www-ssl
        path = /www-ssl
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[Websphere]
        comment = Websphere-InstalledApps
        path = /opt/web/WebSphere
        read only = yes
        browsable = yes
        create mask = 0444
        force create mode = 0444

Here's my user.map
# cat user.map
## Admin group
timo = 4455             #Tim
ryandu = 2525           #Ryan
cjh = 4918              #Chris

## Webdeveloper group
jroos = 4931     #Jennifer
annefr = 4407    #Anne
robb = 5099      #Rob
bobni = 4268     #Bob
u5185 = 5185     #Bill
garyj = 1494     #Gary
u7547 = 7547     #Brian
u7355 = 5314     # Andrea
u5550 = 5550     # Josh                            #USER LOGIN THAT DOESN"T WORK
u5273 = 5273     # Jason             #These IDs were added after Josh and work fine
u5314 = 5314     # Andrea

Here's the user's error log:

log.lxpp05550:

[2006/07/18 08:14:34, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
  cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2006/07/18 08:14:34, 0] smbd/password.c:domain_client_validate(1619)
  domain_client_validate: unable to validate password for user 5550 in domain
WSON to Domain controller PWMN1INFRA11. Error was NT_STATUS_WRONG_PASSWORD.
[2006/07/18 08:14:36, 0] passdb/pampass.c:smb_pam_passcheck(827)
  smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User u5550 !
[2006/07/18 08:14:36, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
0
Comment
Question by:LawsonITS
3 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 17132304
Looking at the log, it appears that the person is unable to validate either with the AD(which it should?). With your config, you'd expect smb_pamto fail. This implies that the username or password is wrong!

Therefore, I presume that you have checked that the username is exactly the same as the AD one, and I presume that you have tried resetting the password concerned? Once you've reset the password, try restarting samba to clear out any 'cached' passwords.

(   (()
(`-' _\
 ''  ''

0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installations often have prerequisites, such as “Microsoft .Net framework is required for this product”. The usual implementation in MSI installations is system search for a particular registry setting representing the required prerequisite, followe…
Monitor input from a computer is usually nothing special.  In this instance it prevented anyone from using the computer.  This was a preconfiguration that didn't work.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question