Created attachment 10143 [details] samba.log, global smb.conf, smbusermap script Hi Symptoms: User tries to connect from Windows client, get's a couple failed and eventually some time (1-5 minutes) later succeeds in getting the connection. Happens with users that do often switch the drives in windows (switching drive x: to different samba shares or windows shares for and back randomly. Sorry, did not invent it. but seems to be "works as designed") Background: Users are Windows ADS user and gets authenticated (usually successful) through kerberos. We have them also defined as *nix users, but without a password at all, since they only need the samba shares. Questions: 1) How come auth/token_util.c wants to resolve the user as a user defined in samba trying to get the pw uid? 2) Is it not obvious in the first place, that this is a kerberos authenticated user? 3) Why does samba try in the first place - though defined as ads, samba password evaluation? Or do I missinterpret something? see attached zip file containing log extract generated with auth:10 passdb:10 winbind:10 and follwo user with id = pev where he gets the connection at around "2014/07/22 10:43:50.112735". also in this zip global-config-section of smb.conf as well as for your information smbusermap. any other information needed? Please let me know. Thanks! Regards, Lukas PS: Oh, and by the way: great job you guys are doing here!!!!
Created attachment 10144 [details] Samba.log with log level = 10 samba.log with loglevel 10 showing the unsuccessfull connect..
My guess is your user map script is causing the problem. Are you running winbindd ?
Yes. We're running winbindd in order to authenticate the connecting user against Windows AD. FYI: This error we just started to encounter recently (meaning since a couple of months, increasing now becoming an annoyance to the users), where as we are using samba since a couple of years so far without any problems. Could it be that it started to show up either through our samba upgrade from 3.5.8 to 3.6.16 or through a Windows AD - Upgrade? One never knows... :-) Thanks!
(In reply to comment #3) > Yes. We're running winbindd in order to authenticate the connecting user > against Windows AD. > > FYI: > This error we just started to encounter recently (meaning since a couple of > months, increasing now becoming an annoyance to the users), where as we are > using samba since a couple of years so far without any problems. > Could it be that it started to show up either through our samba upgrade from > 3.5.8 to 3.6.16 or through a Windows AD - Upgrade? One never knows... :-) > > Thanks! Additional INFO: the mapping script: We have this ever since ... because as I remember correctly, we had to do it because not only human users are connecting, but also technical accounts like mfp printer-scanners sending the scaned document to a samba-share for further processing. Would that be not needed anymore?
(In reply to comment #2) > My guess is your user map script is causing the problem. > > Are you running winbindd ? Hi Jeremy To your guess of the mapping script: Since it's production environment not easy to test... still did it without the usermap script just to see... for ... say half a minute ... and ... definitely the script is needed... Oh boy: luckily samba allows the reload ... :-) without it, i get lots of the following messages immediately in the samba.log file "create_connection_session_info failed: NT_STATUS_ACCESS_DENIED" anyhow: Great job you guys are all doing Thanks Lukas
no more feedback and most likely not a generic bug. In any case if you see any issues with 4.9 or 4.10, please open a new bug for that. Thank you!