Hello I know that this is about outdated Samba versions, but I have to stick with those. And after trying now for days without getting anywhere I'm looking for help from others. We used an old Thecus-NAS as fileserver (no domain etc). It uses a Samba 3.0.26 which works as we want. Now we bought newer NAS-boxes, but those too use old Samba versions, 3.5.19. This in itself is not disturbing but unfortunately the user database doesn't seem to work anymore. Previously (only most important settings): [global] passdb backend = tdbsam guest account = nobody map to guest = Bad User workgroup = NAS security = user force user = root # because of other shares besides homes force group = staff null passwords = yes [homes] comment = Home Directories force user create mask = 0700 directory mask = 0700 browseable = no Now trying the same settings on the Samba 3.5 doesn't work. Either I can access all shares or none at all. I played around with several settings like [global] private dir = /raid/data/config # for backups #auth methods = guest sam #password server = * #force user = root [homes] #force user = %S #valid users = %S However I just can't get it to work the way it is described in several examples on the internet or just the way it used to work. Connecting from a Windows (from XP to 10) I get asked for username and password. But even giving those credentials no access is granted. The strange thing is that the user name is found in the system passwd and the correct home path is used. In the logfile (level 10) I see: smbd/service.c:996(make_connection_snum) canonicalize_connect_path failed for service testuser, path /raid/data/USER/testuser And the home directory rights are correct (synched from the old server): drwx------ 14 testuser staff 4096 May 6 13:05 ./ But unless I use force user = root I can't access it. What else can I try? Do the workgroups of server and clients have to be the same (no domain server)? Thanks bye Fabi
On 09/05/16 15:50, Fabian Cenedese wrote:> Hello > > I know that this is about outdated Samba versions, but I have > to stick with those. And after trying now for days without getting > anywhere I'm looking for help from others. > > We used an old Thecus-NAS as fileserver (no domain etc). It uses > a Samba 3.0.26 which works as we want. Now we bought newer > NAS-boxes, but those too use old Samba versions, 3.5.19. > This in itself is not disturbing but unfortunately the user database > doesn't seem to work anymore. > > Previously (only most important settings): > [global] > passdb backend = tdbsam > guest account = nobody > map to guest = Bad User > workgroup = NAS > security = user > force user = root # because of other shares besides homes > force group = staff > null passwords = yes > > [homes] > comment = Home Directories > force user > create mask = 0700 > directory mask = 0700 > browseable = no > > Now trying the same settings on the Samba 3.5 doesn't work. > Either I can access all shares or none at all. I played around > with several settings like > [global] > private dir = /raid/data/config # for backups > #auth methods = guest sam > #password server = * > #force user = root > > [homes] > #force user = %S > #valid users = %S > > However I just can't get it to work the way it is described in > several examples on the internet or just the way it used to > work. Connecting from a Windows (from XP to 10) I get asked > for username and password. But even giving those credentials > no access is granted. The strange thing is that the user name > is found in the system passwd and the correct home path is > used. In the logfile (level 10) I see: > > smbd/service.c:996(make_connection_snum) > canonicalize_connect_path failed for service testuser, path /raid/data/USER/testuser > > And the home directory rights are correct (synched from the old server): > drwx------ 14 testuser staff 4096 May 6 13:05 ./ > > But unless I use force user = root I can't access it. > What else can I try? Do the workgroups of server and clients have to > be the same (no domain server)? > > Thanks > > bye Fabi > >You seem to be running as a 'workgroup', so yes, the workgroup name needs to be the same on *all* machines. Usually you will also have to create the users on all the machines with the same password. You could try browsing here: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ Rowland
>>work. Connecting from a Windows (from XP to 10) I get asked >>for username and password. But even giving those credentials >>no access is granted. The strange thing is that the user name >>is found in the system passwd and the correct home path is >>used. In the logfile (level 10) I see: >> >>smbd/service.c:996(make_connection_snum) >> canonicalize_connect_path failed for service testuser, path /raid/data/USER/testuser >> >>And the home directory rights are correct (synched from the old server): >>drwx------ 14 testuser staff 4096 May 6 13:05 ./ >> >>But unless I use force user = root I can't access it. >>What else can I try? Do the workgroups of server and clients have to >>be the same (no domain server)? > >You seem to be running as a 'workgroup', so yes, the workgroup name needs to be the same on *all* machines. Usually you will also have to create the users on all the machines with the same password.Unfortunately that didn't help, same as before. We do have several workgroups, this wasn't a problem before. We could change this if necessary. I put server and client into the same workgroup but so far no success. In the logs I have: [2016/05/10 08:37:30.878285, 9] passdb/passdb.c:2190(pdb_update_autolock_flag) pdb_update_autolock_flag: Account testuser not autolocked, no check needed [2016/05/10 08:37:30.878292, 3] auth/auth_sam.c:55(sam_password_ok) Account for user 'testuser' has no password and null passwords are allowed. [2016/05/10 08:37:30.878300, 4] auth/auth_sam.c:180(sam_account_ok) sam_account_ok: Checking SMB password for user testuser [2016/05/10 08:37:30.878311, 5] auth/auth_sam.c:162(logon_hours_ok) logon_hours_ok: user testuser allowed to logon at this time (Tue May 10 06:37:30 2016 ) ... [2016/05/10 08:37:30.878496, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: sam authentication for user [testuser] succeeded ... [2016/05/10 08:37:30.878525, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2016/05/10 08:37:30.878532, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups ... [2016/05/10 08:37:30.878553, 5] auth/auth.c:291(check_ntlm_password) check_ntlm_password: PAM Account for user [testuser] succeeded [2016/05/10 08:37:30.878561, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [testuser] -> [testuser] -> [testuser] succeeded ... [2016/05/10 08:37:30.878575, 10] auth/auth_util.c:2123(free_user_info) structure was created for testuser [2016/05/10 08:37:30.878583, 10] auth/token_util.c:356(create_local_nt_token) Create local NT token for S-1-5-21-67768519-870068795-1067835028-1005 [2016/05/10 08:37:30.878599, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found [2016/05/10 08:37:30.878612, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 Is this part of the problem? What else can fail after this point?>You could try browsing here: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/Already had a short look but will look some more. Thanks bye Fabi