Solved

Samba works for everyone but one user

Posted on 2006-07-18
3
775 Views
Last Modified: 2013-11-13
Hi there,

I've got a headscratcher.  Everyone else using Samba works, except for one person.  We all use an Active Directory domain to verify our authentication.  All users that have been added after the non-working userid, well they all work fine and can use Windows Explorer to get to the server without getting prompted for their network login / password combo.

I'm administering a RHEL 3 server running Samba:

# uname -a
Linux tempest 2.4.20-30.9 #1 Wed Feb 4 20:44:26 EST 2004 i686 i686 i386 GNU/Linux

Here are my Samba versions:
# rpm -qa | grep -i samba
redhat-config-samba-1.0.4-1
samba-common-2.2.7a-8.9.0
samba-2.2.7a-8.9.0
samba-client-2.2.7a-8.9.0

Here's my smb.conf:
# cat smb.conf
#======================= Global Settings =======================
[global]
   netbios name = tempest
   username map = /etc/samba/user.map
   workgroup = WSON
   server string = %h server (Samba %v)
   log file = /var/log/samba/log.%m
   max log size = 1000
   security = domain
   password server = PW1INFRA11 PW1INFRA10
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF SO_SNDBUF=8192
   local master = no
   read only = no
   preserve case = yes
   short preserve case = no
   dos filetime resolution = yes
   syslog = 0
   wins server = 10.0.0.XX 10.0.0.XX
   dns proxy = no
   lanman auth = yes

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

#======Share Definitions======#

[hotlist]
        comment = hotlist
        path = /hotlist
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[performance]
        comment = performance
        path = /hotlist/html/performance
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[intentia]
        comment = intentia
        path = /intentia
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[www]
        comment = www
        path = /www
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[www-ssl]
        comment = www-ssl
        path = /www-ssl
        read only = no
        browsable = yes
        create mask = 0777
        force create mode = 0777
        force directory mode = 0777

[Websphere]
        comment = Websphere-InstalledApps
        path = /opt/web/WebSphere
        read only = yes
        browsable = yes
        create mask = 0444
        force create mode = 0444

Here's my user.map
# cat user.map
## Admin group
timo = 4455             #Tim
ryandu = 2525           #Ryan
cjh = 4918              #Chris

## Webdeveloper group
jroos = 4931     #Jennifer
annefr = 4407    #Anne
robb = 5099      #Rob
bobni = 4268     #Bob
u5185 = 5185     #Bill
garyj = 1494     #Gary
u7547 = 7547     #Brian
u7355 = 5314     # Andrea
u5550 = 5550     # Josh                            #USER LOGIN THAT DOESN"T WORK
u5273 = 5273     # Jason             #These IDs were added after Josh and work fine
u5314 = 5314     # Andrea

Here's the user's error log:

log.lxpp05550:

[2006/07/18 08:14:34, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
  cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD
[2006/07/18 08:14:34, 0] smbd/password.c:domain_client_validate(1619)
  domain_client_validate: unable to validate password for user 5550 in domain
WSON to Domain controller PWMN1INFRA11. Error was NT_STATUS_WRONG_PASSWORD.
[2006/07/18 08:14:36, 0] passdb/pampass.c:smb_pam_passcheck(827)
  smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User u5550 !
[2006/07/18 08:14:36, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(40
6)
0
Comment
Question by:LawsonITS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 17132304
Looking at the log, it appears that the person is unable to validate either with the AD(which it should?). With your config, you'd expect smb_pamto fail. This implies that the username or password is wrong!

Therefore, I presume that you have checked that the username is exactly the same as the AD one, and I presume that you have tried resetting the password concerned? Once you've reset the password, try restarting samba to clear out any 'cached' passwords.

(   (()
(`-' _\
 ''  ''

0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to include conditional log rotate in liunx. 17 103
plsql job on oracle 18 109
Shrink Linux Swap File Size CentOS 10 72
Logrotate Every Saturday 5 43
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question