The Samba-Bugzilla – Bug 4688
user cannot access samba shares
Last modified: 2007-06-27 12:32:44 UTC
Windows user cannot see Samba shares exported from Sun Fire V240 running Solaris 10 with security = DOMAIN in smb.conf file. Same user can access shares from a Sun Fire V480 with identical Solaris 10 and version of Samba and smb.conf file (apart from the name of the shares). /var/samba/log for the windows target shows:
[2007/06/12 09:58:13, 0] rpc_client/cli_pipe.c:(790)
rpc_api_pipe: Remote machine SERVER1 pipe \NETLOGON fnum 0x1003returned critical error. Error was Call timed out: server did
not respond after 10000 milliseconds
[2007/06/12 09:58:13, 5] rpc_parse/parse_prs.c:(84)
[2007/06/12 09:58:13, 0] rpc_parse/parse_prs.c:(558)
prs_mem_get: reading data of size 4 would overrun buffer by 4 bytes.
[2007/06/12 09:58:13, 0] auth/auth_domain.c:(242)
domain_client_validate: unable to validate password for user svc-scielsalldcm001 in domain SCIENCE to Domain controller SERVER1. Error was NT_STATUS_UNSUCCESSFUL.
[2007/06/12 09:58:13, 0] libsmb/clientgen.c:(367)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x1003 to machine SERVER1. Error was Call timed out: server di
d not respond after 10000 milliseconds
[2007/06/12 09:58:13, 5] auth/auth.c:(271)
check_ntlm_password: winbind authentication for user [joebloggs] FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2007/06/12 09:58:13, 2] auth/auth.c:(317)
check_ntlm_password: Authentication for user [joebloggs] -> [joebloggs] FAILED with error NT_STATUS_NO_LOGON
Other users in users.map file on Solaris servers can see and access ALL shares on both Sun boxes
Changing security = SHARE in smb.conf allows visibility of shares from V240 for subject user, but he cannot access them; login box appears prompting for password with unknown username. Previously successful users also get this login box when trying to access shares from V240
Windows user 'joebloggs' is authenticated against unix user 'admin' in users.map file
There's not really enough information here to comment.
Please at least attach your smb.conf and if possible retest
against a newer version of Samba.
(In reply to comment #1)
> There's not really enough information here to comment.
> Please at least attach your smb.conf and if possible retest
> against a newer version of Samba.
It turned out that the problem concerned the Windows username having too many characters. For some reason, the account name worked on one server but not the other. Setting up a new account with a shortened name (by 3 characters) was successful on both boxes
abc-defghijklmno001 was unsuccessful on one of the servers but not the other
abc-defghijklmno was successful on both boxes
Have you come across this before
OTTOMH, it sounds like the netbios name lengthd limitation in
the netlogon ms-rpc calls.