Authentication to [homes] share works sometimes and sometimes not?

I have a small Tumbleweed [13.2] server running Samba with the special [homes] shares for registered users on a P2P network (no server, no domain controller). Usernames/passwords are the same for each user on all PCs, Samba users/passwords on the server were created with smbpasswd with same username/password as for their Linus accounts. Password backend is tdbsam.

From a client PC running OpenSuse 12.3 XFCE, all [homes] shares are accessible:

  • with ‘smbclient //server/homes’ which prompts for the password for my username;
  • from Thunar browser with the URI ‘smb://server/username’ and the user password stored on the gnome-keyring (or entered at a password prompt);
  • from Thunar browser with a click on another ‘homes’ icon in another, much older Red Hat-based server.
  • or from a WIN PC.

But all [homes] shares are not accessible:

  • from Thunar browser with a click on the ‘homes’ icon - ‘Failed to open “homes”’’

For successful accesses, smbd.log shows successful sam authentication for the username eg:

check_ntlm_password: Checking password for unmapped user [CHAMPION][jeremy]@[JEREMY] with the new password interface
check_ntlm_password: mapped user is: [RASPBERRYPI][jeremy]@[JEREMY]
Forcing Primary Group to ‘Domain Users’ for jeremy
check_ntlm_password: sam authentication for user [jeremy] succeeded
[2015/08/29 19:40:19.664788, 2] …/source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [jeremy] -> [jeremy] -> [jeremy] succeeded

For unsuccessful accesses, smbd.log shows ‘wrong NT password’ for the same username eg:

check_ntlm_password: Checking password for unmapped user [CHAMPION][jeremy]@[JEREMY] with the new password interface
check_ntlm_password: mapped user is: [RASPBERRYPI][jeremy]@[JEREMY]
Forcing Primary Group to ‘Domain Users’ for jeremy
ntlm_password_check: NT MD4 password check failed for user jeremy
[2015/08/29 19:44:48.063886, 2] …/source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [jeremy] -> [jeremy] FAILED with error NT_STATUS_WRONG_PASSWORD
[2015/08/29 19:44:48.064272, 2] …/auth/gensec/spnego.c:746(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
NT error packet at …/source3/smbd/sesssetup.c(267) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE

Username mapping for the [homes] share appears to be correct, so I am puzzled why ntlm authentication for the same username works sometimes and sometimes not. To start with, is this a Samba issue or a PAM issue, or even a Thunar/keyring issue?

[Global] & [homes] sections of smb.conf are shown below.

I would really appreciate any help on where this problem lies.

Thanks in advance.

[Global] & [homes] sections of smb.conf (configured with YaST):


[global]
    workgroup = CHAMPION
    passdb backend = tdbsam:/etc/samba/passdb.tdb
    encrypt passwords = Yes
    printing = bsd
    printcap name = /dev/null
    printcap cache time = 750
    map to guest = Bad User
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = No
    add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
    domain logons = No
    domain master = Yes
    security = user
    wins support = No
    unix password sync = Yes
    disable netbios = Yes
    disable spoolss = Yes
    load printers = No
    log level = 1 auth:3
    browseable = Yes
    wins server = 

[homes]
    comment = Home Directories
    valid users = %S
    browseable = Yes
    read only = Yes
    inherit acls = Yes
    create mask = 0660
    directory mask = 0770
    printable = No
    path = /mnt/home/%S/files


END

It is either 13.2 or Tumbleweed, it can’t be both.

Tumbleweed.

Unfortunately, that forum appears to be closed.

Yes, it is closed (fortunately).

Instead we ask you to fill in the version in a menu entry at the top of a new thread. That worked, because you did choose Tumbleweed. So far so good.

But then you nullified that by saying “Tumbleweed [13.2]” in the text. That is a nonsensical combination. And it would have been the same when the old Tumbleweed, … forum would still have existed.