LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-24-2003, 02:41 PM   #1
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Rep: Reputation: 15
Samba has NT_STATUS_LOGON_FAILURE


I followed the instructions in DIAGNSIS.txt and found my /etc/host file did not have the W2K box in it. So have moved to test 3 in that document. I now fail when I run

smbclient -L linuxbox

with the error

NT_STATUS_LOGON_FAILURE.

This was as a user that is setup as a samba user using the password setup for that user. I search google/linux and found no resolution or hints there.

Here is the output from testparm smb.conf

Load smb config files from smb.conf
Processing section "[Pub_acc]"
Processing section "[Win2Admindir]"
Loaded services file OK.
WARNING: You have some share names that are longer than 8 chars
These may give errors while browsing or may not be accessible
to some older clients
Press enter to see a dump of your service definitions
# Global parameters
[global]
coding system =
client code page = 850
code page directory = /var/lib/samba/codepages
workgroup = DEVELOPMENT
netbios name = LINUXBOX
netbios aliases =
netbios scope =
server string = Samba Server %v
interfaces =
bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/samba/smbpasswd
root directory =
pam password change = No
passwd program = /bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
log level = 2
syslog = 1
syslog only = No
log file = /var/log/samba/log.%m
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = lpstat
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 33
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = Yes
wins hook =
kernel oplocks = Yes
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/cache/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
comment =
path =
alternate permissions = No
username =
guest account = testparm
invalid users =
valid users = Administrator,david,sue,@Administrator,@david,@sue
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
guest only = No
guest ok = No
only user = No
hosts allow = 10.0.0. 127.
hosts deny =
status = Yes
nt acl support = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = cups
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No

[Pub_acc]
path = /home/public
valid users = david,Administrator,sue
write list = david,Administrator,sue
read only = No
create mask = 0775
directory mask = 0775

[Win2Admindir]
comment = W2K Administrator's Service
path = /home/Administrator
valid users = Administrator
read only = No

I have tried it with "hosts allow = " too, no difference.

Any ideas?
 
Old 06-24-2003, 04:30 PM   #2
defa0009
Member
 
Registered: Jun 2003
Posts: 185

Rep: Reputation: 31
I am probably taking a shot in the dark but is that a space in your machines ip in:

hosts allow = 10.0.0. 127.

Oops I just noticed you are saying for those 2 subnets! I have mine set up with the full 127.0.0.1 though.


BTW I have the same output from testparm smb.conf

Last edited by defa0009; 06-24-2003 at 04:50 PM.
 
Old 06-24-2003, 05:02 PM   #3
defa0009
Member
 
Registered: Jun 2003
Posts: 185

Rep: Reputation: 31
I wonder if you specify the username and workgroup if it will work:

smbclient -L linuxbox -U username -W workgroup
 
1 members found this post helpful.
Old 06-24-2003, 05:13 PM   #4
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Original Poster
Rep: Reputation: 15
Using the user and the workgroup (-U and -W) makes no difference.

As I mentioned I tried it without any "hosts allow = " as indicated by the DIAGNOSIS.txt instructions and it made no difference.

Rgds,

David
 
Old 06-24-2003, 10:11 PM   #5
defa0009
Member
 
Registered: Jun 2003
Posts: 185

Rep: Reputation: 31
May be dumb to ask but you did create the Samba password file and added passwords for your users? Reason I ask is because I have searched quite a few links and the response to that error is usually just that. Here is the commands I used to add my users:

To make the password file:

# cat /etc/passwd | /usr/bin/mksmbpasswd.sh > /etc/samba/smbpasswd

Then add your users:

# smbpasswd someusername


Also found some interesting info if your are running Samba 3.0, pulling straws at this point:


The following issues are known changes in behavior between Samba 2.2 and
Samba 3.0 that may affect certain installations of Samba.

1) When operating as a member of a Windows domain, Samba 2.2 would
map any users authenticated by the remote DC to the 'guest account'
if a uid could not be obtained via the getpwnam() call. Samba 3.0
rejects the connection as NT_STATUS_LOGON_FAILURE. There is no
current work around to re-establish the 2.2 behavior.

Last edited by defa0009; 06-24-2003 at 10:41 PM.
 
Old 06-25-2003, 03:03 AM   #6
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Original Poster
Rep: Reputation: 15
Partial result

Thanks defa0009,

You gave me the hint I needed. I re-read the man page on smbpasswd which caused me to check the status of the "Allow null passwords" and it was set to no whereas the smb users were setup with no passwords.

I am using Webadmin to administer Samba 2.2.8. I did try the "Allow null passwords" equal to no with the Samba users setup to use their current passwords, but that did not work, so will have to stick with less security and at last the ability to use the ample disk space on the Linux server.

Rgds,

David
 
Old 06-25-2003, 03:42 AM   #7
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Original Poster
Rep: Reputation: 15
Spoke too soon,

Despite the Webmin screen for the Samba share saying "Read/Write access for all known users" and smb.conf having "read only = No" for that share I can browse it from my W2K PC but cannot write to it.

Any ideas?
 
Old 06-25-2003, 07:46 AM   #8
defa0009
Member
 
Registered: Jun 2003
Posts: 185

Rep: Reputation: 31
Again maybe obvious but do you have:

writable = yes

under the share (directory) you want to write to?

For example:

[tmp]
comment = temporary files
path = /tmp
writable = yes



Last edited by defa0009; 06-25-2003 at 07:49 AM.
 
Old 06-25-2003, 11:38 AM   #9
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Original Poster
Rep: Reputation: 15
Tried that too

Yes also set the shares up with writeable = true and no change in behaviour. I am getting the feeling the expertice to answer this might only be found on the Samba mailing list. Seems th esame with my iptables question, mailing list is the next option.

Shame, because linuxquestions used to be good a year ago when I first got into Linux now, a year later, I have not had a single question answered. such is life.
 
Old 06-25-2003, 11:47 AM   #10
emence
Member
 
Registered: Jun 2003
Location: Springfield, MO
Distribution: RedHat/Slackware
Posts: 81

Rep: Reputation: 15
:Yes also set the shares up with writeable = true:

it needs to be yes, not true
 
Old 06-25-2003, 04:36 PM   #11
Kennie_n2000
LQ Newbie
 
Registered: Jun 2003
Posts: 21

Rep: Reputation: 15
dwynter
I have the exactly same problem, and i also been looking for the answer for the last couple days but can't find anything and another problem is i can't get the windows to see the linux's share, if u found an answer to this please do not keep it as a secret.
 
Old 07-02-2003, 06:48 AM   #12
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Original Poster
Rep: Reputation: 15
This is what I see in the log file

Jun 29 04:12:09 linuxbox nmbd[1960]: [2003/06/29 04:12:09, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(359)
Jun 29 04:12:09 linuxbox nmbd[1960]: find_domain_master_name_query_fail:
Jun 29 04:12:09 linuxbox nmbd[1960]: Unable to find the Domain Master Browser name WORKGROUP<1b> for the workgroup WORKGROUP.
Jun 29 04:12:09 linuxbox nmbd[1960]: Unable to sync browse lists in this workgroup.

Could this be the reason I cannot now see my shared drives on the linuxbox? What causes this? testparm smb.conf passes without error?

Thanks

David
 
Old 07-02-2003, 07:00 AM   #13
defa0009
Member
 
Registered: Jun 2003
Posts: 185

Rep: Reputation: 31
In case it may help here is my smb.conf to check against:

[global]
workgroup = WORKGROUP
netbios name = ALPHA
server string = Samba Server on Alpha
hosts allow = 192.168.1.
log file = /var/log/samba/%m.log
max log size = 1000
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
preferred master = yes

[homes]
comment = Home Directories
browseable = no
writable = yes

[local]
comment = Shared directory
path = /usr/local
valid users = Administrator
public = no
writable = yes
 
Old 07-02-2003, 12:20 PM   #14
Kennie_n2000
LQ Newbie
 
Registered: Jun 2003
Posts: 21

Rep: Reputation: 15
dwynter
i finally able to get rid of that nasty message

delete the line "encry password = yes" in your smb.conf
restart 2 daemons >>

/etc/rc.d/init.d/smb stop
/etc/rc.d/init.d/smb start

and type smbclient -L localhost again to see if the error still there
 
Old 07-15-2003, 11:27 AM   #15
gale01
LQ Newbie
 
Registered: Jul 2003
Location: Dublin
Distribution: Redhat
Posts: 2

Rep: Reputation: 0
Anyone have specific suggestions on connecting from a Linux client to a Windows 2000 (Active Directory) Domain ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
samba NT_STATUS_LOGON_FAILURE...Help please nikd Linux - Networking 5 01-14-2010 12:25 AM
Simple Samba and PAM -> NT_STATUS_LOGON_FAILURE subspawn Linux - Software 1 01-17-2005 07:41 AM
NT_STATUS_LOGON_FAILURE Samba Problem jmvetter Linux - Software 0 10-10-2004 11:18 PM
SAMBA:NT_STATUS_LOGON_FAILURE on linux Tyir Linux - Networking 4 12-22-2003 11:24 PM
SAMBA error: NT_STATUS_LOGON_FAILURE kkempter Linux - Software 0 06-04-2003 03:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration