Results 1 to 4 of 4

Thread: Samba browsing does not use my user id (OpenSuse 12.3)

  1. #1

    Default Samba browsing does not use my user id (OpenSuse 12.3)

    I have a problem browsing Samba shares on an old but very reliable Samba v2 server (an old Red Hat based distro) from my OpenSuse v12.3 client XFCE with Thunar 1.6.1. I can see all shares immediately *except* my own home share and when I try to open any share I get a password prompt (which is accepted OK for access).

    My problem is that browsing and access works OK without any challenge/password entry from a range of Windoze o/s (8.1, 7, Vista, XP and even lower) - just not with OpenSuse!

    The Windoze o/s all have a registry mod to enable NTLM1 authentication because the server does not support NTLM2 (I did say it was old). Server log shows that NTLM1 authentication is negotiated and selected as the authentication protocol but also that my OpenSuse browser is sending userid 'public' and a blank password, not my user id and my password. Hence the password challenge.

    Client password backend is tdbsam. Output from pdbedit -L -w seems OK:

    Code:
    jeremy:500:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:EF59BD4725E86C8468BCB7631AFF320C:[U          ]:LCT-52A3238D:

    Having google'd all over without success, I would welcome suggestions, first as to whether this is a Thunar issue or a Samba client issue or even a pam.d/samba issue?

    Thanks in advance - details below.


    smb.conf global stanza on OpenSuse client:

    Code:
    [global]
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = No
        domain logons = No
        domain master = No
    #    password server = *
        security = user
        wins support = Yes
        client lanman auth = Yes
        client ntlmv2 auth = No
        netbios name = JEREMY
        usershare max shares = 100
        log file = /var/log/samba/log.smbd
        debug timestamp = Yes
        max log size = 1024
        workgroup = CHAMPION
        encrypt passwords = Yes

    Samba server log (debug level 4):

    Code:
    [2013/12/07 14:26:05, 3] smbd/process.c:process_smb(837)
      Transaction 1 of length 194
    [2013/12/07 14:26:05, 3] smbd/process.c:switch_message(650)
      switch message SMBnegprot (pid 19954)
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [PC NETWORK PROGRAM 1.0]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [MICROSOFT NETWORKS 1.03]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [MICROSOFT NETWORKS 3.0]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [LANMAN1.0]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [LM1.2X002]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [DOS LANMAN2.1]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [LANMAN2.1]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(349)
      Requested protocol [Samba]
    [2013/12/07 14:26:05, 3] smbd/negprot.c:reply_negprot(433)
      Selected protocol NT LANMAN 1.0
    [2013/12/07 14:26:05, 3] smbd/process.c:process_smb(837)
      Transaction 2 of length 78
    [2013/12/07 14:26:05, 3] smbd/process.c:switch_message(650)
      switch message SMBsesssetupX (pid 19954)
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2013/12/07 14:26:05, 3] smbd/reply.c:reply_sesssetup_and_X(865)
      Domain=[]  NativeOS=[Unix] NativeLanMan=[Samba]
    [2013/12/07 14:26:05, 3] smbd/reply.c:reply_sesssetup_and_X(876)
      sesssetupX:name=[]
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:push_sec_ctx(284)
      push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:get_current_groups(167)
      get_current_groups: uid 0 is in 1 groups: 5005
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423)
      pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:get_current_groups(167)
      get_current_groups: uid 0 is in 1 groups: 5005
    [2013/12/07 14:26:05, 3] smbd/password.c:register_vuid(322)
      uid 5003 registered to name public
    [2013/12/07 14:26:05, 3] smbd/password.c:register_vuid(324)
      Clearing default real name
    [2013/12/07 14:26:05, 3] smbd/password.c:register_vuid(326)
      User name: public    Real name: 
    [2013/12/07 14:26:05, 3] smbd/process.c:process_smb(837)
      Transaction 3 of length 72
    [2013/12/07 14:26:05, 3] smbd/process.c:switch_message(650)
      switch message SMBtconX (pid 19954)
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2013/12/07 14:26:05, 4] smbd/reply.c:reply_tcon_and_X(328)
      Got device type ?????
    [2013/12/07 14:26:05, 3] smbd/service.c:find_service(141)
      checking for home directory jeremy gave /home/e-smith/files/users/jeremy
    [2013/12/07 14:26:05, 3] param/loadparm.c:lp_add_home(1825)
      adding home directory jeremy at /home/e-smith/files/users/jeremy
    [2013/12/07 14:26:05, 3] lib/access.c:check_access(307)
      check_access: no hostnames in host allow/deny list.
    [2013/12/07 14:26:05, 2] lib/access.c:check_access(316)
      Allowed connection from  (192.168.150.11)
    [2013/12/07 14:26:05, 4] smbd/password.c:password_ok(601)
      Null passwords not allowed.
    [2013/12/07 14:26:05, 4] smbd/password.c:password_ok(601)
      Null passwords not allowed.
    [2013/12/07 14:26:05, 4] smbd/password.c:password_ok(601)
      Null passwords not allowed.
    [2013/12/07 14:26:05, 2] smbd/service.c:make_connection(318)
      Invalid username/password for jeremy [public]
    [2013/12/07 14:26:05, 3] smbd/error.c:error_packet(136)
      error packet at line 169 cmd=117 (SMBtconX) eclass=2 ecode=2
    [2013/12/07 14:26:05, 3] smbd/process.c:timeout_processing(1062)
      end of file from client
    [2013/12/07 14:26:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2013/12/07 14:26:05, 2] smbd/server.c:exit_server(448)
      Closing connections
    [2013/12/07 14:26:05, 3] smbd/connection.c:yield_connection(50)
      Yielding connection to 
    [2013/12/07 14:26:05, 3] smbd/server.c:exit_server(483)
      Server exit (normal exit)

  2. #2

    Default Re: Samba browsing does not use my user id (OpenSuse 12.3)

    Just thought to check - same issue when browsing a Samba share on the OpenSuse client.

  3. #3
    Join Date
    Mar 2010
    Location
    Austin - Texas
    Posts
    10,140
    Blog Entries
    48

    Smile Re: Samba browsing does not use my user id (OpenSuse 12.3)

    Quote Originally Posted by branestawm2 View Post
    Just thought to check - same issue when browsing a Samba share on the OpenSuse client.
    You need to read my blog on Samba and get my bash script which you will find useful:

    https://forums.opensuse.org/blogs/jd...sion-1-02-124/

    Thank You,
    My Blog: https://forums.opensuse.org/blogs/jdmcdaniel3/

    Software efficiency halves every 18 months, thus compensating for Moore's Law

    Its James again from Austin, Texas

  4. #4

    Default Re: Samba browsing does not use my user id (OpenSuse 12.3)

    Thanks, jdmcdaniel3. I have checked my Samba setup carefully against your blog and concluded that my problem lay elsewhere. It was a useful exercise but I could find nothing wrong with Samba, and it works OK when credentials are supplied.

    So I then looked at Thunar but as this is just a front end, I focused on the authentication processes used by Thunar - and discovered that gnome-keyring login was empty! This turned out to be part of the common "gnome keyring socket is not owned with the same credentials as the user login" syndrome by which the keyring was never unlocked, for which I have adopted a trial mod to pam.d/common-auth. This has resolved the problem, thus far without side effects.

    I suppose that it is better security for credentials to be managed via a keyring or equivalent for each server, rather than have the user's login details supplied directly to any server share that asks for them.

    Problem solved .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •