Bug 3601 - Cant connect by user that define in Domain Controller but not define in unix
Summary: Cant connect by user that define in Domain Controller but not define in unix
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.20b
Hardware: Sparc Windows XP
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-12 08:41 UTC by Omer Haklay (dead mail address)
Modified: 2006-03-12 13:42 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Omer Haklay (dead mail address) 2006-03-12 08:41:22 UTC
Hi,
I created user in Domain Controller (user1). This user not define in unix

My samba server run in security = domain 

I didn't define map between DC users and unix users

I tried to connect from XP and W2K clients and get error

The smb.conf is 

[global]
	workgroup = CIFS-DOMAIN
	realm = CIFS-DOMAIN.COM
        use kerberos keytab = true
	wins server = 172.16.20.227
	netbios name = aurora
	security = domain
	password server = *
	server string = CLLF
	load printers = no
	socket options = TCP_NODELAY
	local master = no
	domain master = no
	lock directory = /tmp
	name resolve order = lmhosts wins  bcast
	dns proxy = yes
	winbind uid = 1-65535
	winbind gid = 1-65535
	idmap uid = 1-65535
	idmap gid = 1-65535
	log file = /var/tmp/samba_log.%m
	max log size = 100
	syslog = 0
	log level = 10
[cifs1]
	path = /export/cifs1
	read only = No
	guest ok = Yes
	use sendfile = Yes

The log of the client (log level = 10) is
2006/03/12 11:25:10, 5] lib/username.c:(290)
  Finding user CIFS-DOMAIN\user1
[2006/03/12 11:25:10, 5] lib/username.c:(234)
  Trying _Get_Pwnam(), username as lowercase is cifs-domain\user1
[2006/03/12 11:25:10, 5] lib/username.c:(242)
  Trying _Get_Pwnam(), username as given is CIFS-DOMAIN\user1
[2006/03/12 11:25:10, 5] lib/username.c:(252)
  Trying _Get_Pwnam(), username as uppercase is CIFS-DOMAIN\USER1
[2006/03/12 11:25:10, 5] lib/username.c:(261)
  Checking combinations of 0 uppercase letters in cifs-domain\user1
[2006/03/12 11:25:10, 5] lib/username.c:(267)
  Get_Pwnam_internals didn't find user [CIFS-DOMAIN\user1]!
[2006/03/12 11:25:10, 5] lib/username.c:(290)
  Finding user user1
[2006/03/12 11:25:10, 5] lib/username.c:(234)
  Trying _Get_Pwnam(), username as lowercase is user1
[2006/03/12 11:25:10, 5] lib/username.c:(252)
  Trying _Get_Pwnam(), username as uppercase is USER1
[2006/03/12 11:25:10, 5] lib/username.c:(261)
  Checking combinations of 0 uppercase letters in user1
[2006/03/12 11:25:10, 5] lib/username.c:(267)
  Get_Pwnam_internals didn't find user [user1]!
[2006/03/12 11:25:10, 5] lib/username.c:(290)
  Finding user user1
[2006/03/12 11:25:10, 5] lib/username.c:(234)
  Trying _Get_Pwnam(), username as lowercase is user1
[2006/03/12 11:25:10, 5] lib/username.c:(252)
  Trying _Get_Pwnam(), username as uppercase is USER1
[2006/03/12 11:25:10, 5] lib/username.c:(261)
  Checking combinations of 0 uppercase letters in user1
[2006/03/12 11:25:10, 5] lib/username.c:(267)
  Get_Pwnam_internals didn't find user [user1]!
[2006/03/12 11:25:10, 3] auth/auth_util.c:(1282)
  User user1 does not exist, trying to add it
[2006/03/12 11:25:10, 5] lib/username.c:(290)
  Finding user CIFS-DOMAIN\user1
[2006/03/12 11:25:10, 5] lib/username.c:(234)
  Trying _Get_Pwnam(), username as lowercase is cifs-domain\user1
[2006/03/12 11:25:10, 5] lib/username.c:(242)
  Trying _Get_Pwnam(), username as given is CIFS-DOMAIN\user1
[2006/03/12 11:25:10, 5] lib/username.c:(252)
  Trying _Get_Pwnam(), username as uppercase is CIFS-DOMAIN\USER1
[2006/03/12 11:25:10, 5] lib/username.c:(261)
  Checking combinations of 0 uppercase letters in cifs-domain\user1
[2006/03/12 11:25:10, 5] lib/username.c:(267)
  Get_Pwnam_internals didn't find user [CIFS-DOMAIN\user1]!
[2006/03/12 11:25:10, 5] lib/username.c:(290)
  Finding user user1
[2006/03/12 11:25:10, 5] lib/username.c:(234)
  Trying _Get_Pwnam(), username as lowercase is user1
[2006/03/12 11:25:10, 5] lib/username.c:(252)
  Trying _Get_Pwnam(), username as uppercase is USER1
[2006/03/12 11:25:10, 5] lib/username.c:(261)
  Checking combinations of 0 uppercase letters in user1
[2006/03/12 11:25:10, 5] lib/username.c:(267)
  Get_Pwnam_internals didn't find user [user1]!
[2006/03/12 11:25:10, 5] lib/username.c:(290)
  Finding user user1
[2006/03/12 11:25:10, 5] lib/username.c:(234)
  Trying _Get_Pwnam(), username as lowercase is user1
[2006/03/12 11:25:10, 5] lib/username.c:(252)
  Trying _Get_Pwnam(), username as uppercase is USER1
[2006/03/12 11:25:10, 5] lib/username.c:(261)
  Checking combinations of 0 uppercase letters in user1
[2006/03/12 11:25:10, 5] lib/username.c:(267)
  Get_Pwnam_internals didn't find user [user1]!
[2006/03/12 11:25:10, 0] auth/auth_util.c:(1297)
  make_server_info_info3: pdb_init_sam failed!
[2006/03/12 11:25:10, 5] auth/auth.c:(271)
  check_ntlm_password: winbind authentication for user [user1] FAILED with error NT_STATUS_NO_SUCH_USER
[2006/03/12 11:25:10, 2] auth/auth.c:(317)
  check_ntlm_password:  Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_NO_SUCH_USER
[2006/03/12 11:25:10, 5] auth/auth_util.c:(1485)
  attempting to free (and zero) a user_info structure
[2006/03/12 11:25:10, 10] auth/auth_util.c:(1488)
  structure was created for user1
[2006/03/12 11:25:10, 5] lib/util.c:(454)
[2006/03/12 11:25:10, 5] lib/util.c:(464)
  size=114
  smb_com=0x73
  smb_rcls=109
  smb_reh=0
  smb_err=49152
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=65279
  smb_uid=106
  smb_mid=24256
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=    0 (0x0)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    9 (0x9)
  smb_bcc=71
[2006/03/12 11:25:10, 10] lib/util.c:(2058)
  [000] A1 07 30 05 A0 03 0A 01  02 55 00 6E 00 69 00 78  ..0..... .U.n.i.x
Comment 1 Volker Lendecke 2006-03-12 10:58:21 UTC
For every user that is about to connect to your Samba server you need a unix account. You might either define them directly in /etc/passwd (in your case "user1" must exist), or you can use winbind.

Volker
Comment 2 Gerald (Jerry) Carter (dead mail address) 2006-03-12 13:32:51 UTC
or you can use "map to guest = bad uid" to map domain users 
that were validated but have to existing Unix account to the 
guest account.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2006-03-12 13:42:42 UTC
(In reply to comment #2)
> or you can use "map to guest = bad uid" to map domain users 
> that were validated but have to existing Unix account to the 
                          ^^^^^^^
I meant "do not have an"

> guest account.