Bug 7674 - Windows 7 not logon with smb2 enabled
Windows 7 not logon with smb2 enabled
Status: NEW
Product: Samba 3.6
Classification: Unclassified
Component: File services
3.6.0pre1
x64 Windows 7
: P3 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-13 02:05 UTC by Sergey
Modified: 2015-07-31 20:47 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey 2010-09-13 02:05:20 UTC
If in smb.conf max protocol = SMB2 workstation winth windows7 not logon onto smb server.

my smb.conf begin

[global]
	dos charset = UTF-8
	display charset = UTF-8
	workgroup = ZHIVKORM
	realm = ZHIVKORM.KKZ
	server string = File server
	security = ADS
	client NTLMv2 auth = Yes
	log level = 3
	log file = /var/log/samba/%m
	max log size = 50
	max protocol = SMB2
	printcap name = cups
	idmap uid = 600-20000
	idmap gid = 600-20000
	template shell = /bin/bash
	winbind separator = +
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes
	admin users = "@enterprise admins"
	printing = cups
[documents]
	comment = Документы
	path = /mnt/doc/document
	valid users = @document, "@enterprise admins"
	admin users = "@enterprise admins"
	read only = No
	acl group control = Yes
	inherit permissions = Yes
	inherit acls = Yes
	inherit owner = Yes
	map acl inherit = Yes
	vfs objects = recycle, full_audit
	recycle:repository = /mnt/doc/recycle/%S
	recycle:keeptree = Yes
	recycle:touch = Yes
	recycle:touch_mtime = Yes
	recycle:version = Yes
	recycle:maxsize = 0
	recycle:exclude = *.TMP *.tmp $*.wbk *.mp3 *.avi *.vob *.mkv *.ogg *.flac *.mpeg *.mp4 *.mov *.flv *.ts *.BUP *.IFO
	recycle:exludedir = Temp temp tmp cache AUDIO_TS VIDEO_TS
	recycle:versions = Yes
	recycle:noversions = *.doc *.xls *.ppt
	recycle:minsize = 1
	full_audit:prefix = %U|%I|%S -->
	full_audit:success = unlink rmdir mkdir write rename aio_write pwrite chmod fchmod chown fchown ftruncate lock symlink mknod
	full_audit:failure = unlink rmdir mkdir write rename aio_write pwrite chmod fchmod chown fchown ftruncate lock symlink mknod
	full_audit:facility = local5
	full_audit:priority = notice

my smb.conf end


log file (__ffff_192.168.0.118)

[2010/09/13 09:48:27.766107,  3] smbd/oplock.c:888(init_oplocks)
  init_oplocks: initializing messages.
[2010/09/13 09:48:27.766540,  3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks)
  Linux kernel oplocks enabled
[2010/09/13 09:48:27.767004,  3] smbd/process.c:1637(process_smb)
  Transaction 0 of length 159 (0 toread)
[2010/09/13 09:48:27.767168,  3] smbd/process.c:1443(switch_message)
  switch message SMBnegprot (pid 1664) conn 0x0
[2010/09/13 09:48:27.767305,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.767480,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2010/09/13 09:48:27.767608,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [LANMAN1.0]
[2010/09/13 09:48:27.767725,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2010/09/13 09:48:27.767842,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [LM1.2X002]
[2010/09/13 09:48:27.767958,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [LANMAN2.1]
[2010/09/13 09:48:27.768074,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [NT LM 0.12]
[2010/09/13 09:48:27.768189,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [SMB 2.002]
[2010/09/13 09:48:27.768305,  3] smbd/negprot.c:592(reply_negprot)
  Requested protocol [SMB 2.???]
[2010/09/13 09:48:27.768905,  3] smbd/negprot.c:698(reply_negprot)
  Selected protocol SMB 2.002
[2010/09/13 09:48:27.847992,  3] libads/authdata.c:303(decode_pac_data)
  Found account name from PAC: Admin [Сергей П. Дичко]
[2010/09/13 09:48:27.848091,  3] smbd/smb2_sesssetup.c:213(smbd_smb2_session_setup_krb5)
  smb2: Ticket name is [Admin@ZHIVKORM.KKZ]
[2010/09/13 09:48:27.848839,  3] passdb/lookup_sid.c:1631(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for ZHIVKORM+admin
[2010/09/13 09:48:27.849734,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/09/13 09:48:27.849791,  3] smbd/uid.c:427(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/09/13 09:48:27.849835,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/09/13 09:48:27.850301,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.850386,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1107]
[2010/09/13 09:48:27.850445,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-513]
[2010/09/13 09:48:27.850496,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1209]
[2010/09/13 09:48:27.850546,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-5632]
[2010/09/13 09:48:27.850597,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1238]
[2010/09/13 09:48:27.850647,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-512]
[2010/09/13 09:48:27.850698,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1226]
[2010/09/13 09:48:27.850748,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1436]
[2010/09/13 09:48:27.850799,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-5635]
[2010/09/13 09:48:27.850849,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-519]
[2010/09/13 09:48:27.850899,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1299]
[2010/09/13 09:48:27.850964,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1237]
[2010/09/13 09:48:27.851016,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1282]
[2010/09/13 09:48:27.851067,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1216]
[2010/09/13 09:48:27.851117,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1301]
[2010/09/13 09:48:27.851197,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-2128167781-3057499955-364366599-1311]
[2010/09/13 09:48:27.851258,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/09/13 09:48:27.851304,  3] lib/privileges.c:63(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2010/09/13 09:48:27.852027,  3] smbd/password.c:234(register_homes_share)
  Adding homes service for user 'ZHIVKORM+admin' using home directory: '/home/ZHIVKORM/admin'
[2010/09/13 09:48:27.853646,  3] smbd/service.c:802(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2010/09/13 09:48:27.853856,  3] smbd/vfs.c:97(vfs_init_default)
  Initialising default vfs hooks
[2010/09/13 09:48:27.853999,  3] smbd/vfs.c:123(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2010/09/13 09:48:27.854312,  3] lib/util_sid.c:283(string_to_sid)
  string_to_sid: SID @enterprise admins is not in a valid format
[2010/09/13 09:48:27.855080,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/09/13 09:48:27.855245,  3] smbd/uid.c:427(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/09/13 09:48:27.855365,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/09/13 09:48:27.855532,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.856724,  2] smbd/uid.c:171(check_user_ok)
  check_user_ok: user ZHIVKORM+admin is an admin user. Setting uid as 0
[2010/09/13 09:48:27.856862,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.857014,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.857175,  3] smbd/service.c:1052(make_connection_snum)
  __ffff_192.168.0.118 (::ffff:192.168.0.118) connect to service IPC$ initially as user ZHIVKORM+admin (uid=0, gid=10005) (pid 1664)
[2010/09/13 09:48:27.858249,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.859582,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.860736,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.861790,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.862038,  3] rpc_server/srv_pipe.c:1219(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc
[2010/09/13 09:48:27.862173,  3] rpc_server/srv_pipe.c:729(check_bind_req)
  check_bind_req for \srvsvc
[2010/09/13 09:48:27.862299,  3] rpc_server/srv_pipe.c:736(check_bind_req)
  check_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc
[2010/09/13 09:48:27.863337,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.863527,  3] rpc_server/srv_pipe_hnd.c:116(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 28
[2010/09/13 09:48:27.864505,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.864716,  3] rpc_server/srv_pipe.c:1779(api_rpcTNP)
  api_rpcTNP: rpc command: SRVSVC_NETSHAREENUMALL
[2010/09/13 09:48:27.864923,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 10005) : sec_ctx_stack_ndx = 1
[2010/09/13 09:48:27.865056,  3] smbd/uid.c:427(push_conn_ctx)
  push_conn_ctx(46502) : conn_ctx_stack_ndx = 0
[2010/09/13 09:48:27.865175,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/09/13 09:48:27.865331,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:27.866677,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:39.165774,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 10005) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:39.165879,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:39.165937,  3] smbd/service.c:1240(close_cnum)
  __ffff_192.168.0.118 (::ffff:192.168.0.118) closed connection to service IPC$
[2010/09/13 09:48:39.165979,  3] smbd/connection.c:32(yield_connection)
  Yielding connection to IPC$
[2010/09/13 09:48:39.166038,  3] smbd/connection.c:44(yield_connection)
  deleting connection record returned NT_STATUS_NOT_FOUND
[2010/09/13 09:48:39.166105,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:39.167711,  2] smbd/smb2_server.c:2096(smbd_smb2_request_incoming)
  smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET
[2010/09/13 09:48:39.167791,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/09/13 09:48:39.167973,  3] smbd/server_exit.c:147(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)



I was guarded with a line "string_to_sid: SID @enterprise admins is not in a valid format", becouse group "enterprise admins" in smb.conf is double quoted!
Comment 1 Björn Jacke 2012-09-10 13:51:28 UTC
can you try the syntax @"group name" ?