4688 – user cannot access samba shares

Bug 4688 - user cannot access samba shares

Summary: user cannot access samba shares

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Domain Control (show other bugs)
Version:	3.0.21b
Hardware:	Sparc Solaris

Importance:	P3 major
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-06-12 05:38 UTC by Roger Richardson
Modified:	2007-06-27 12:32 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Roger Richardson 2007-06-12 05:38:06 UTC

Windows user cannot see Samba shares exported from Sun Fire V240 running Solaris 10 with security = DOMAIN in smb.conf file. Same user can access shares from a Sun Fire V480 with identical Solaris 10 and version of Samba and smb.conf file (apart from the name of the shares). /var/samba/log for the windows target shows:

[2007/06/12 09:58:13, 0] rpc_client/cli_pipe.c:(790)
  rpc_api_pipe: Remote machine SERVER1 pipe \NETLOGON fnum 0x1003returned critical error. Error was Call timed out: server did
 not respond after 10000 milliseconds
[2007/06/12 09:58:13, 5] rpc_parse/parse_prs.c:(84)
  000000 net_io_r_sam_logon
[2007/06/12 09:58:13, 0] rpc_parse/parse_prs.c:(558)
  prs_mem_get: reading data of size 4 would overrun buffer by 4 bytes.
[2007/06/12 09:58:13, 0] auth/auth_domain.c:(242)
  domain_client_validate: unable to validate password for user svc-scielsalldcm001 in domain SCIENCE to Domain controller SERVER1. Error was NT_STATUS_UNSUCCESSFUL.
[2007/06/12 09:58:13, 0] libsmb/clientgen.c:(367)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x1003 to machine SERVER1.  Error was Call timed out: server di
d not respond after 10000 milliseconds
[2007/06/12 09:58:13, 5] auth/auth.c:(271)
  check_ntlm_password: winbind authentication for user [joebloggs] FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2007/06/12 09:58:13, 2] auth/auth.c:(317)
  check_ntlm_password:  Authentication for user [joebloggs] -> [joebloggs] FAILED with error NT_STATUS_NO_LOGON
_SERVERS

Other users in users.map file on Solaris servers can see and access ALL shares on both Sun boxes

Changing security = SHARE in smb.conf allows visibility of shares from V240 for subject user, but he cannot access them; login box appears prompting for password with unknown username. Previously successful users also get this login box when trying to access shares from V240

Windows user 'joebloggs' is authenticated against unix user 'admin' in users.map file

Comment 1 Gerald (Jerry) Carter (dead mail address) 2007-06-12 07:33:17 UTC

There's not really enough information here to comment.
Please at least attach your smb.conf and if possible retest
against a newer version of Samba.

Comment 2 Roger Richardson 2007-06-27 08:40:13 UTC

(In reply to comment #1)
> There's not really enough information here to comment.
> Please at least attach your smb.conf and if possible retest
> against a newer version of Samba.

Jerry

It turned out that the problem concerned the Windows username having too many characters. For some reason, the account name worked on one server but not the other. Setting up a new account with a shortened name (by 3 characters) was successful on both boxes

ie 

abc-defghijklmno001 was unsuccessful on one of the servers but not the other
abc-defghijklmno was successful on both boxes

Have you come across this before

Roger Richardson

Comment 3 Gerald (Jerry) Carter (dead mail address) 2007-06-27 12:32:44 UTC

OTTOMH, it sounds like the netbios name lengthd limitation in 
the netlogon ms-rpc calls.