The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"Проблемы с доступом к SAMBA MEMBER"
Вариант для распечатки  
Пред. тема | След. тема 
Форум Samba, вопросы интеграции Unix и Windows (Аутентификация)
Изначальное сообщение [ Отслеживать ]

"Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 20-Фев-13, 15:27 
Есть PDC Samba 3.4.9 на FreeBSD, все прекрасно работает.
smb.conf:
[global]

        time server = Yes

    interfaces = ale0
    unix charset = koi8-r
    display charset = koi8-r
    dos charset = koi8-r

    server string = Server Garant-Regi
    netbios name = REGI-S
    workgroup = REGI
    admin users = @"Domain Admins"
    domain master = Yes

    os level = 255
    idmap gid = 1000-20000
    idmap uid = 1000-20000
    winbind separator = +
    winbind use default domain = Yes
    encrypt passwords = yes
    passdb backend = tdbsam:/usr/local/etc/samba34/passdb.tdb
    wins support = yes
    winbind enum users = Yes
    winbind enum groups = Yes
        winbind use default domain = Yes
    preferred master = Yes

        strict locking = Yes
    level2 oplocks = Yes
    socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
    oplocks = Yes
    locking = No
    lock spin time = 100000

        acl compatibility = auto
    fake oplocks = No
    domain logons = Yes
    logon home =
    logon path =
        #syslog = 0
        log level = 0 vfs:2
        max log size = 102400
    max log size = 200
    log file = /var/log/samba/log.%m

        #scripts
        delete user from group script = /usr/local/etc/samba34/delete_user_from_group_script.sh "%g" "%u"
        shutdown script = /usr/local/etc/samba34/shutdown_script.sh
        rename user script = /usr/local/etc/samba34/rename_user_script.sh "%uold" "%unew"
        add machine script = /usr/local/etc/samba34/add_machine_script.sh "%u"
        delete user script = /usr/sbin/pw userdel "%u" -r
        add user to group script = /usr/local/etc/samba34/add_user_to_group_script.sh "%g" "%u"
        add group script = /usr/sbin/pw groupadd "%g"
        logon script = net_map.bat
        delete group script = /usr/sbin/pw groupdel "%g"
        add user script = /usr/local/etc/samba34/add_user_script.sh "%u"
        set primary group script = /usr/sbin/pw usermod "%u" -g "%g"
        message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s

Есть так же есть samba на федоре с авторизацией domain
smb.conf
[global]
   #max protocol = SMB2
   workgroup = regi
   server string = Server 2 Garant-Regi
   security = domain
   log file = /var/log/samba/log.%m
   log level = 3
   max log size = 50
   local master = No
   dns proxy = No
   wins server = 192.168.1.2
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind offline logon = true
   winbind separator = +
   #winbind max clients = 5000
   #password server = REGI-S
   #client ntlmv2 auth = no
   smb ports = 139

И время от времени не пускает некоторых пользователей на самбу федоры, помогает только перезагрузка samba.
К примеру логи одной из машин которую не пустило log.vvl-hp:
[2013/02/20 14:59:39,  3] smbd/process.c:1459(process_smb)
  Transaction 7 of length 142 (0 toread)
[2013/02/20 14:59:39,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 1244) conn 0x0
[2013/02/20 14:59:39,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/20 14:59:39,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:786(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 40
[2013/02/20 14:59:39,  3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2013/02/20 14:59:39,  3] smbd/process.c:1459(process_smb)
  Transaction 8 of length 442 (0 toread)
[2013/02/20 14:59:39,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 1244) conn 0x0
[2013/02/20 14:59:39,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/20 14:59:39,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:786(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 40
[2013/02/20 14:59:39,  3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2013/02/20 14:59:39,  3] smbd/process.c:1459(process_smb)
  Transaction 8 of length 442 (0 toread)
[2013/02/20 14:59:39,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 1244) conn 0x0
[2013/02/20 14:59:39,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/20 14:59:39,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/20 14:59:39,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/20 14:59:39,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
  Got user=[vvl] domain=[regi] workstation=[VVL-HP] len1=24 len2=204
[2013/02/20 14:59:39,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [regi]\[vvl]@[VVL-HP] with the new password interface
[2013/02/20 14:59:39,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [regi]\[vvl]@[VVL-HP]
[2013/02/20 14:59:39,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 14:59:39,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 14:59:39,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 14:59:39,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 14:59:39,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [vvl] -> [vvl] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/02/20 14:59:39,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE

После перезагрузки samba все нормально:
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid REGI\user1 does not start with 'S-'.
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (10030, 10010) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  1] smbd/service.c:1063(make_connection_snum)
  vvl-hp (::ffff:192.168.1.63) connect to service Производство initially as user REGI+vvl (uid=10030, gid=10010) (pid 1428)
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/reply.c:759(reply_tcon_and_X)
  tconX service=ПРОИЗВОДСТВО
[2013/02/20 15:00:40,  3] smbd/process.c:1459(process_smb)
  Transaction 23 of length 106 (0 toread)
[2013/02/20 15:00:40,  3] smbd/process.c:1273(switch_message)
  switch message SMBtrans2 (pid 1428) conn 0xf77a2158
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (10030, 10010) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/msdfs.c:828(get_referred_path)
  get_referred_path: |Backup| in dfs path \REGI-S2\Backup is not a dfs root.
[2013/02/20 15:00:40,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/trans2.c(7384) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2013/02/20 15:00:40,  3] smbd/process.c:1459(process_smb)
  Transaction 24 of length 88 (0 toread)
[2013/02/20 15:00:40,  3] smbd/process.c:1273(switch_message)
  switch message SMBtconX (pid 1428) conn 0x0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid @Domain Admins does not start with 'S-'.
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/service.c:807(make_connection_snum)
  Connect path is '/home/samba/backup' for service [Backup]
[2013/02/20 15:00:40,  3] smbd/vfs.c:95(vfs_init_default)
  Initialising default vfs hooks
[2013/02/20 15:00:40,  3] smbd/vfs.c:129(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2013/02/20 15:00:40,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid @Domain Admins does not start with 'S-'.
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (10030, 10010) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  1] smbd/service.c:1063(make_connection_snum)
  vvl-hp (::ffff:192.168.1.63) connect to service Backup initially as user REGI+vvl (uid=10030, gid=10010) (pid 1428)
[2013/02/20 15:00:40,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:40,  3] smbd/reply.c:759(reply_tcon_and_X)
  tconX service=BACKUP
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 25 of length 39 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 1428) conn 0xf77af8f8
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  1] smbd/service.c:1240(close_cnum)
  vvl-hp (::ffff:192.168.1.63) closed connection to service Бригада
[2013/02/20 15:00:52,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Бригада
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 26 of length 39 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 1428) conn 0xf77a3cb0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  1] smbd/service.c:1240(close_cnum)
  vvl-hp (::ffff:192.168.1.63) closed connection to service Admin
[2013/02/20 15:00:52,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Admin
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 27 of length 39 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 1428) conn 0xf77bdbb0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  1] smbd/service.c:1240(close_cnum)
  vvl-hp (::ffff:192.168.1.63) closed connection to service Work
[2013/02/20 15:00:52,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Work
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 28 of length 39 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 1428) conn 0xf77be480
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  1] smbd/service.c:1240(close_cnum)
  vvl-hp (::ffff:192.168.1.63) closed connection to service Рабочие документы
[2013/02/20 15:00:52,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Рабочие документы
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 29 of length 39 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 1428) conn 0xf77bf840
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  1] smbd/service.c:1240(close_cnum)
  vvl-hp (::ffff:192.168.1.63) closed connection to service Производство
[2013/02/20 15:00:52,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Производство
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 30 of length 39 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 1428) conn 0xf77a2158
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/service.c:1240(close_cnum)
  vvl-hp (::ffff:192.168.1.63) closed connection to service IPC$
[2013/02/20 15:00:52,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to IPC$
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 31 of length 39 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 1428) conn 0xf77c0ee8
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  1] smbd/service.c:1240(close_cnum)
  vvl-hp (::ffff:192.168.1.63) closed connection to service Backup
[2013/02/20 15:00:52,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Backup
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/process.c:1459(process_smb)
  Transaction 32 of length 43 (0 toread)
[2013/02/20 15:00:52,  3] smbd/process.c:1273(switch_message)
  switch message SMBulogoffX (pid 1428) conn 0x0
[2013/02/20 15:00:52,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:00:52,  3] smbd/reply.c:1948(reply_ulogoffX)
  ulogoffX vuid=100
[2013/02/20 15:01:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/20 15:01:27,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2013/02/20 15:01:27,  3] smbd/server.c:845(exit_server_common)
  Server exit (failed to receive smb request)

PDC виден всегда
[root@REGI-S2 samba]# wbinfo -g
domain guests
domain computers
domain admins
domain users
BUILTIN+administrators
BUILTIN+users
[root@REGI-S2 samba]# wbinfo -p
Ping to winbindd succeeded
[root@REGI-S2 samba]# wbinfo -u
REGI-S2+vvl
REGI-S2+babin
REGI-S2+nesterova
REGI-S2+aitova
REGI-S2+artamonov
REGI-S2+strelkova
REGI-S2+karavaev
user
bilex
regi-tv
root
lomaeva
karavaev
popova
artamonov
metelev
aitova
user1
vvl
gallyamova
babin
work1
nesterova
work2
vasilyeva
gomonova
strelkova

Пробовал менять версию samba на федоре, изначально стояла 3.6, так же переодически не пускал пользователей. Устанавливал самбу 3.6 на pdc, проблема не решилась, появились новые (перестала работать авторизация в squid). Откатился. Вчера откатил версию samba на федоре на такую же как и на фре 3.4.9.

Дополнительно на кидаю еще данных:

PDC:
cat /etc/nsswitch.conf
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.6.1 2010/12/21 17:09:25 kensmith Exp $
#
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
# wbinfo -g
domain guests
domain computers
domain admins
domain users
# wbinfo -u
bilex
regi-tv
root
lomaeva
karavaev
popova
artamonov
metelev
aitova
user1
vvl
gallyamova
babin
work1
nesterova
work2
vasilyeva
gomonova
strelkova
# testparm
Load smb config files from /usr/local/etc/smb.conf
max_open_files: sysctl_max (11095) below minimum Windows limit (16384)
rlimit_max: rlimit_max (11095) below minimum Windows limit (16384)
Processing section "[IPC$]"
Processing section "[print$]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[Updates]"
Processing section "[Бухгалтерия]"
Processing section "[DB]"
Processing section "[Обмен]"
Processing section "[Сайт]"
Processing section "[Public]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_PDC

Samba на федоре:
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[IPC$]"
Processing section "[homes]"
Processing section "[Work]"
Processing section "[Admin]"
Processing section "[Backup]"
Processing section "[Рабочие документы]"
Processing section "[Бригада]"
Processing section "[Производство]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind
shadow:     files winbind
group:      files winbind
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files mdns4_minimal [NOTFOUND=return] dns wins

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files dns
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  files

automount:  files
aliases:    files

Вот как-то так, скажите какие еще логи или конфиги нужны, то выложу.


Ответить | Правка | Cообщить модератору

Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от Сергей (??) on 20-Фев-13, 16:46 
А что говорит testparm на федоре?
Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

2. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 21-Фев-13, 08:50 
>  А что говорит testparm на федоре?

Samba на федоре:
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[IPC$]"
Processing section "[homes]"
Processing section "[Work]"
Processing section "[Admin]"
Processing section "[Backup]"
Processing section "[Рабочие документы]"
Processing section "[Бригада]"
Processing section "[Производство]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору

3. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 21-Фев-13, 09:04 
>>  А что говорит testparm на федоре?

Может дело в этом файле?
# /etc/security/limits.conf
#
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4

# End of file

Ответить | Правка | ^ к родителю #2 | Наверх | Cообщить модератору

6. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 21-Фев-13, 10:50 
После ulimit -n 16384 и добавления строки "* - nofile 16384" в "/etc/security/limits.conf" предупреждение в testparm пропало, но проблема осталась.
Load smb config files from /etc/samba/smb.conf
Processing section "[IPC$]"
Processing section "[homes]"
Processing section "[Work]"
Processing section "[Admin]"
Processing section "[Backup]"
Processing section "[Рабочие документы]"
Processing section "[Бригада]"
Processing section "[Производство]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER

Хотя на это предупреждение можно было и закрыть глаза.
>It's a warning, you can safely ignore it. Windows 7 clients need to
>have exactly the same number of open handles available as Windows
>servers, else it fails in some file copy situations with a "out of
>handles" message. Samba has taken care of it for you, but it's just
>letting you know your fd limit is set a bit low.

Ответить | Правка | ^ к родителю #3 | Наверх | Cообщить модератору

4. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 21-Фев-13, 10:34 
Вот еще лог с ошибкой:
check_ntlm_password:  Checking password for unmapped user [REGI]\[gomonova]@[REGI-GOMONOVA] with the new password interface
[2013/02/21 10:27:29,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [REGI]\[gomonova]@[REGI-GOMONOVA]
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:27:29,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [gomonova] -> [gomonova] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/02/21 10:27:29,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2013/02/21 10:27:29,  3] smbd/process.c:1459(process_smb)
  Transaction 7 of length 142 (0 toread)
[2013/02/21 10:27:29,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 24157) conn 0x0
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/21 10:27:29,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:786(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 40
[2013/02/21 10:27:29,  3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2013/02/21 10:27:29,  3] smbd/process.c:1459(process_smb)
  Transaction 8 of length 466 (0 toread)
[2013/02/21 10:27:29,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 24157) conn 0x0
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/21 10:27:29,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/21 10:27:29,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
  Got user=[gomonova] domain=[REGI] workstation=[REGI-GOMONOVA] len1=24 len2=204
[2013/02/21 10:27:29,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [REGI]\[gomonova]@[REGI-GOMONOVA] with the new password interface
[2013/02/21 10:27:29,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [REGI]\[gomonova]@[REGI-GOMONOVA]
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:27:29,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [gomonova] -> [gomonova] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/02/21 10:27:29,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2013/02/21 10:27:29,  3] smbd/process.c:1459(process_smb)
  Transaction 9 of length 142 (0 toread)
[2013/02/21 10:27:29,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 24157) conn 0x0
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/21 10:27:29,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:786(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 40
[2013/02/21 10:27:29,  3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2013/02/21 10:27:29,  3] smbd/process.c:1459(process_smb)
  Transaction 10 of length 466 (0 toread)
[2013/02/21 10:27:29,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 24157) conn 0x0
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/21 10:27:29,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/21 10:27:29,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/21 10:27:29,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
  Got user=[gomonova] domain=[REGI] workstation=[REGI-GOMONOVA] len1=24 len2=204
[2013/02/21 10:27:29,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [REGI]\[gomonova]@[REGI-GOMONOVA] with the new password interface
[2013/02/21 10:27:29,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [REGI]\[gomonova]@[REGI-GOMONOVA]
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:27:29,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:27:29,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:27:29,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [gomonova] -> [gomonova] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/02/21 10:27:29,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE

winbind.log:
[24163]: domain_info [REGI]
[2013/02/21 10:28:03,  3] winbindd/winbindd_pam.c:1779(winbindd_pam_auth_crap)
  [24163]: pam auth crap domain: [REGI] user: gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam regi+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_misc.c:733(winbindd_ping)
  [24163]: ping
[2013/02/21 10:28:03,  3] winbindd/winbindd_misc.c:654(winbindd_domain_info)
  [24163]: domain_info [REGI]
[2013/02/21 10:28:03,  3] winbindd/winbindd_pam.c:1779(winbindd_pam_auth_crap)
  [24163]: pam auth crap domain: [REGI] user: gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam regi+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_misc.c:733(winbindd_ping)
  [24163]: ping
[2013/02/21 10:28:03,  3] winbindd/winbindd_misc.c:654(winbindd_domain_info)
  [24163]: domain_info [REGI]
[2013/02/21 10:28:03,  3] winbindd/winbindd_pam.c:1779(winbindd_pam_auth_crap)
  [24163]: pam auth crap domain: [REGI] user: gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam regi+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_misc.c:733(winbindd_ping)
  [24163]: ping
[2013/02/21 10:28:03,  3] winbindd/winbindd_misc.c:654(winbindd_domain_info)
  [24163]: domain_info [REGI]
[2013/02/21 10:28:03,  3] winbindd/winbindd_pam.c:1779(winbindd_pam_auth_crap)
  [24163]: pam auth crap domain: [REGI] user: gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam regi+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam REGI+GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam gomonova
[2013/02/21 10:28:03,  3] winbindd/winbindd_user.c:438(winbindd_getpwnam)
  [24163]: getpwnam GOMONOVA
[2013/02/21 10:28:03,  3] winbindd/winbindd_misc.c:733(winbindd_ping)
  [24163]: ping

log.wb-REGI
[2013/02/21 10:30:23,  1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host REGI-S!
[2013/02/21 10:30:23,  3] winbindd/winbindd_pam.c:1850(winbindd_dual_pam_auth_crap)
  [23057]: pam auth crap domain: REGI user: gomonova
[2013/02/21 10:30:23,  1] lib/util_tdb.c:385(tdb_log)
  tdb(unnamed): tdb_open_ex: spinlocks no longer supported
[2013/02/21 10:30:23,  0] libsmb/samlogon_cache.c:112(netsamlogon_cache_store)
  netsamlogon_cache_store: cannot open netsamlogon_cache.tdb for write!
[2013/02/21 10:30:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname REGI+gomonova
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=REGI\gomonova
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] REGI\gomonova for domain REGI
[2013/02/21 10:30:23,  1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host REGI-S!
[2013/02/21 10:30:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname REGI+gomonova
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=REGI\gomonova
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] REGI\gomonova for domain REGI
[2013/02/21 10:30:23,  1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host REGI-S!
[2013/02/21 10:30:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname REGI+GOMONOVA
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=REGI\GOMONOVA
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] REGI\GOMONOVA for domain REGI
[2013/02/21 10:30:23,  1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host REGI-S!
[2013/02/21 10:30:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname REGI+gomonova
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=REGI\gomonova
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] REGI\gomonova for domain REGI
[2013/02/21 10:30:23,  1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host REGI-S!
[2013/02/21 10:30:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname REGI+GOMONOVA
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:295(msrpc_name_to_sid)
  rpc: name_to_sid name=REGI\GOMONOVA
[2013/02/21 10:30:23,  3] winbindd/winbindd_rpc.c:309(msrpc_name_to_sid)
  name_to_sid [rpc] REGI\GOMONOVA for domain REGI
[2013/02/21 10:30:23,  1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host REGI-S!


log.wb-REGI-S2
[2013/02/21 09:47:02,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\bilex
[2013/02/21 09:48:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 09:48:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 09:48:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 09:48:23,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 09:50:22,  3] winbindd/winbindd_async.c:239(winbindd_dual_lookupsid)
  [23057]: lookupsid S-1-5-21-2671212552-1868231567-1371333484-513
[2013/02/21 09:50:52,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 09:50:52,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 09:50:52,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 09:50:52,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 10:14:16,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 10:14:16,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 10:14:16,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 10:14:16,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 10:15:21,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 10:15:21,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 10:15:21,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\root
[2013/02/21 10:15:21,  3] winbindd/winbindd_async.c:442(winbindd_dual_lookupname)
  [23057]: lookupname Unix User+REGI\user1
[2013/02/21 10:23:29,  3] winbindd/winbindd_async.c:239(winbindd_dual_lookupsid)
  [23057]: lookupsid S-1-5-21-2671212552-1868231567-1371333484-513

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

5. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 21-Фев-13, 10:37 
Перезапускаю самбу на федоре все нормально пускает пользователя:
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (10034, 10010) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  0] smbd/service.c:988(make_connection_snum)
  canonicalize_connect_path failed for service gomonova, path /home/REGI/gomonova
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to gomonova
[2013/02/21 10:36:27,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/reply.c(689) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME
[2013/02/21 10:36:27,  3] smbd/process.c:1459(process_smb)
  Transaction 40 of length 106 (0 toread)
[2013/02/21 10:36:27,  3] smbd/process.c:1273(switch_message)
  switch message SMBtrans2 (pid 24415) conn 0xf77a2158
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (10034, 10010) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/msdfs.c:828(get_referred_path)
  get_referred_path: |Backup| in dfs path \REGI-S2\Backup is not a dfs root.
[2013/02/21 10:36:27,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/trans2.c(7384) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2013/02/21 10:36:27,  3] smbd/process.c:1459(process_smb)
  Transaction 41 of length 88 (0 toread)
[2013/02/21 10:36:27,  3] smbd/process.c:1273(switch_message)
  switch message SMBtconX (pid 24415) conn 0x0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid @Domain Admins does not start with 'S-'.
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  2] smbd/service.c:596(create_connection_server_info)
  user 'REGI+gomonova' (from session setup) not permitted to access this share (Backup)
[2013/02/21 10:36:27,  1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:27,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/reply.c(689) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:27,  3] smbd/process.c:1459(process_smb)
  Transaction 42 of length 88 (0 toread)
[2013/02/21 10:36:27,  3] smbd/process.c:1273(switch_message)
  switch message SMBtconX (pid 24415) conn 0x0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid @Domain Admins does not start with 'S-'.
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  2] smbd/service.c:596(create_connection_server_info)
  user 'REGI+gomonova' (from session setup) not permitted to access this share (Backup)
[2013/02/21 10:36:27,  1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:27,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/reply.c(689) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:27,  3] smbd/process.c:1459(process_smb)
  Transaction 43 of length 104 (0 toread)
[2013/02/21 10:36:27,  3] smbd/process.c:1273(switch_message)
  switch message SMBtrans2 (pid 24415) conn 0xf77a2158
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (10034, 10010) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/msdfs.c:828(get_referred_path)
  get_referred_path: |Admin| in dfs path \REGI-S2\Admin is not a dfs root.
[2013/02/21 10:36:27,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/trans2.c(7384) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2013/02/21 10:36:27,  3] smbd/process.c:1459(process_smb)
  Transaction 44 of length 86 (0 toread)
[2013/02/21 10:36:27,  3] smbd/process.c:1273(switch_message)
  switch message SMBtconX (pid 24415) conn 0x0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid @Domain Admins does not start with 'S-'.
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid REGI\bilex does not start with 'S-'.
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  2] smbd/service.c:596(create_connection_server_info)
  user 'REGI+gomonova' (from session setup) not permitted to access this share (Admin)
[2013/02/21 10:36:27,  1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:27,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/reply.c(689) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:27,  3] smbd/process.c:1459(process_smb)
  Transaction 45 of length 86 (0 toread)
[2013/02/21 10:36:27,  3] smbd/process.c:1273(switch_message)
  switch message SMBtconX (pid 24415) conn 0x0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid @Domain Admins does not start with 'S-'.
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] lib/util_sid.c:228(string_to_sid)
  string_to_sid: Sid REGI\bilex does not start with 'S-'.
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/21 10:36:27,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:27,  2] smbd/service.c:596(create_connection_server_info)
  user 'REGI+gomonova' (from session setup) not permitted to access this share (Admin)
[2013/02/21 10:36:27,  1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:27,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/reply.c(689) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2013/02/21 10:36:41,  3] smbd/process.c:1459(process_smb)
  Transaction 46 of length 39 (0 toread)
[2013/02/21 10:36:41,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 24415) conn 0xf77af8f8
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  1] smbd/service.c:1240(close_cnum)
  regi-gomonova (::ffff:192.168.1.132) closed connection to service Рабочие документы
[2013/02/21 10:36:41,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Рабочие документы
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/process.c:1459(process_smb)
  Transaction 47 of length 39 (0 toread)
[2013/02/21 10:36:41,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 24415) conn 0xf77a3eb8
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  1] smbd/service.c:1240(close_cnum)
  regi-gomonova (::ffff:192.168.1.132) closed connection to service Производство
[2013/02/21 10:36:41,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Производство
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/process.c:1459(process_smb)
  Transaction 48 of length 39 (0 toread)
[2013/02/21 10:36:41,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 24415) conn 0xf77bdbb0
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  1] smbd/service.c:1240(close_cnum)
  regi-gomonova (::ffff:192.168.1.132) closed connection to service Work
[2013/02/21 10:36:41,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to Work
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/process.c:1459(process_smb)
  Transaction 49 of length 39 (0 toread)
[2013/02/21 10:36:41,  3] smbd/process.c:1273(switch_message)
  switch message SMBtdis (pid 24415) conn 0xf77a2158
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/service.c:1240(close_cnum)
  regi-gomonova (::ffff:192.168.1.132) closed connection to service IPC$
[2013/02/21 10:36:41,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to IPC$
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/process.c:1459(process_smb)
  Transaction 50 of length 43 (0 toread)
[2013/02/21 10:36:41,  3] smbd/process.c:1273(switch_message)
  switch message SMBulogoffX (pid 24415) conn 0x0
[2013/02/21 10:36:41,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/21 10:36:41,  3] smbd/reply.c:1948(reply_ulogoffX)
  ulogoffX vuid=100
Ответить | Правка | ^ к родителю #4 | Наверх | Cообщить модератору

7. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от Сергей (??) on 21-Фев-13, 13:42 
Попробуйте в smb.conf на федоре добавить
auth method=winbind
Ответить | Правка | ^ к родителю #5 | Наверх | Cообщить модератору

8. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 22-Фев-13, 11:12 
>  Попробуйте в smb.conf на федоре добавить
>  auth method=winbind

Добавил, сейчас жду.

Я это тут оставлю для себя:

auth methods (G)

This option allows the administrator to chose what authentication methods smbd will use when authenticating a user. This option defaults to sensible values based on security. This should be considered a developer option and used only in rare circumstances. In the majority (if not all) of production servers, the default setting should be adequate.

Each entry in the list attempts to authenticate the user in turn, until the user authenticates. In practice only one method will ever actually be able to complete the authentication.

Possible options include guest (anonymous access), sam (lookups in local list of accounts based on netbios name or domain name), winbind (relay authentication requests for remote users through winbindd), ntdomain (pre-winbindd method of authentication for remote domain users; deprecated in favour of winbind method), trustdomain (authenticate trusted users by contacting the remote DC directly from smbd; deprecated in favour of winbind method).

Default: auth methods =

Example: auth methods = guest sam winbind

Ответить | Правка | ^ к родителю #7 | Наверх | Cообщить модератору

9. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 22-Фев-13, 16:59 
>  Попробуйте в smb.conf на федоре добавить
>  auth method=winbind

Проблема осталась.

[2013/02/22 16:57:00,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [strelkova] -> [strelkova] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/02/22 16:57:00,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2013/02/22 16:57:00,  3] smbd/process.c:1459(process_smb)
  Transaction 69 of length 142 (0 toread)
[2013/02/22 16:57:00,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 30254) conn 0x0
[2013/02/22 16:57:00,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/22 16:57:00,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/22 16:57:00,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/22 16:57:00,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/22 16:57:00,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/22 16:57:00,  3] smbd/sesssetup.c:786(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 40
[2013/02/22 16:57:00,  3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2013/02/22 16:57:00,  3] smbd/process.c:1459(process_smb)
  Transaction 70 of length 456 (0 toread)
[2013/02/22 16:57:00,  3] smbd/process.c:1273(switch_message)
  switch message SMBsesssetupX (pid 30254) conn 0x0
[2013/02/22 16:57:00,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/22 16:57:00,  3] smbd/sesssetup.c:1404(reply_sesssetup_and_X)
  wct=12 flg2=0xc807
[2013/02/22 16:57:00,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/02/22 16:57:00,  3] smbd/sesssetup.c:1160(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2013/02/22 16:57:00,  3] smbd/sesssetup.c:1202(reply_sesssetup_and_X_spnego)
  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2013/02/22 16:57:00,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
  Got user=[strelkova] domain=[REGI] workstation=[REGI-19] len1=24 len2=204
[2013/02/22 16:57:00,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [REGI]\[strelkova]@[REGI-19] with the new password interface
[2013/02/22 16:57:00,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: [REGI]\[strelkova]@[REGI-19]
[2013/02/22 16:57:00,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2013/02/22 16:57:00,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2013/02/22 16:57:00,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2013/02/22 16:57:00,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/22 16:57:00,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [strelkova] -> [strelkova] FAILED with error NT_STATUS_NO_SUCH_USER
[2013/02/22 16:57:00,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2013/02/22 16:57:16,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2013/02/22 16:57:16,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2013/02/22 16:57:16,  3] smbd/server.c:845(exit_server_common)
  Server exit (failed to receive smb request)

Ответить | Правка | ^ к родителю #7 | Наверх | Cообщить модератору

10. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 25-Фев-13, 10:33 
Вот настройка PAM на федоре, может тут какая ерунда?
# cat password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_pwquality.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     optional      pam_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Так же проверил map untrusted to domain = Yes ошибка все равно появляется.

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

11. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от BiLex email(ok) on 25-Фев-13, 16:16 
Еще вот что есть.
на PDC:
# pdbedit -L
user:1127:user
bilex:1141:bilex
REGI-ADMIN1$:4294967295:REGI-ADMIN1$
REGI-18$:4294967295:REGI-18$
REGI-12$:4294967295:REGI-12$
REGI-TV$:4294967295:REGI-TV$
REGI-7$:4294967295:REGI-7$
regi-tv:1129:regi-tv
REGI-KARAVAEV$:4294967295:REGI-KARAVAEV$
root:0:Charlie &
lomaeva:1005:lomaeva
karavaev:1013:karavaev
REGI-10$:4294967295:REGI-10$
popova:1112:popova
artamonov:1014:artamonov
metelev:1010:metelev
REGI-6$:4294967295:REGI-6$
regi-s$:1002:computer_account
REGI-19$:4294967295:REGI-19$
aitova:1113:aitova
user1:1131:user1
REGI-POPOVA$:4294967295:REGI-POPOVA$
REGI-GOMONOVA$:4294967295:REGI-GOMONOVA$
vvl:1116:vvl
REGI-2$:4294967295:REGI-2$
regi-s2$:1133:computer_account
REGI-LOMAEVA$:4294967295:REGI-LOMAEVA$
REGI-9$:4294967295:REGI-9$
REGI-8$:4294967295:REGI-8$
REGI-5$:4294967295:REGI-5$
REGI-BABIN$:4294967295:REGI-BABIN$
babin:1006:babin
gallyamova:1147:gallyamova
REGI-17$:4294967295:REGI-17$
work1:1136:work1
REGI-14$:4294967295:REGI-14$
COMPUTER-5779CF$:4294967295:COMPUTER-5779CF$
nesterova:1125:nesterova
work2:1138:work2
REGI-3$:4294967295:REGI-3$
REGI-16$:4294967295:REGI-16$
vasilyeva:1123:vasilyeva
gomonova:1114:gomonova
REGI-20$:4294967295:REGI-20$
strelkova:1009:strelkova

На федоре:
# pdbedit -L
gomonova:10034:gomonova
vvl:10030:vvl
babin:10028:babin
nesterova:10036:nesterova
aitova:10022:aitova
artamonov:10026:artamonov
strelkova:10025:strelkova
karavaev:10039:karavaev

Ответить | Правка | ^ к родителю #10 | Наверх | Cообщить модератору

12. "Проблемы с доступом к SAMBA MEMBER"  +/
Сообщение от Mr. Mistoffelees email on 28-Фев-13, 14:00 
Привет,

Если после отказа самбы на федоре она перестает пускать всех, то наверно баг лежит не в вашей настройках, а где-то в самбе. Попробуйте в такой момент посмотреть на netstat на федоре, например. Еще, в /var/log/messages никто не ругается насчет невозможности открыть сокет, или файл, или shared memory сегмент, или что-то в этом роде...?

А вообще-то, ставьте в crontab рестар самбы каждую ночь и будете спать спокойно.

WWell,

Ответить | Правка | ^ к родителю #11 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру