Home / server / Questions / 210641
Accepted
ErebusBat
Asked: 2010-12-09 15:52:24 +0800 CST

Configure Samba Share accessible by windows service

  • 772

I am attempting to configure a Samba server to allow access to a service (Oracle) running on a windows server. At one point I have tested this and it worked without an issue so I didn't backup my conf file (grrr). Now I have been fighting with it and nothing I try will work.

I have my windows service setup to login as a domain user and I am logged into the server as that user and can connect to the samba server without it prompting me for a password; however when I run my service is gets a Logon failure: unknown user name or bad password.

Edit #1 9-Dec-2010 1654 GMT/ 0954 MST

I upgraded to Samba v3.3.8-0.52.el5_5.2 and was able to finally get some useful logs, however no matter what I do I can not get a user to map and correctly authenticate.

Log file:

[2010/12/09 09:57:52,  3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password:  Checking password for unmapped user [NATRONA]\[Administrator]@[NATRONA17] with the new password interface
[2010/12/09 09:57:52,  3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password:  mapped user is: [RMAN]\[Administrator]@[NATRONA17]
[2010/12/09 09:57:52,  3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/12/09 09:57:52,  3] smbd/uid.c:push_conn_ctx(440)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/12/09 09:57:52,  3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/12/09 09:57:52,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/12/09 09:57:52,  3] auth/auth_sam.c:check_sam_security(282)
check_sam_security: Couldn't find user 'Administrator' in passdb.
[2010/12/09 09:57:52,  2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password:  Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER

I have setup mappings in my smbusers file:

root = administrator admin Administrator [NATRONA]\[Administrator] [RMAN]\[Administrator]
nobody = guest pcguest smbguest

And I think I have my share configured correctly:

[recovery]
    comment = Recovery Catalog Data
    writeable = yes
    public = yes
    guest only = no
    valid users = oracle,root,[NATRONA]\[Administrator]@[NATRONA17]

Obviously there is a mismatch between the username that the Windows server is sending and the mapping on the samba server, I even tried guest only = yes to attempt to force guest and it did not work.

Some Samba guru please point me in the correct direction. path = /db/recovery

samba

1 Answers

  1. Best Answer

    Turns out samba was not looking at my user map file. The correct configuration is shown below:

    [global]
    log file = /var/log/samba/log.%m
    cups options = raw
    load printers = no
    guest account = oracle
    printing = bsd
    server string = Oracle Recovery Server
    workgroup = UNIX
    debug level = 5
    username map = /etc/samba/smbusers
    null passwords = yes
    encrypt passwords = yes
    security = user
    passdb backend = tdbsam
    max log size = 50


[recovery]
    comment = Recovery Catalog Data
    writeable = yes
    public = yes
    guest only = yes
    guest ok = yes
    valid users = oracle,root
    path = /var/oracle_recovery_catalog

    I also had to set my oracle user to a null password: smbpasswd -an oracle.

    This configuration does not even require me to change the service to run under another account. WOO HOO!

    WARNING: Doing this allows anyone to read/write to the specified share. I am handling security at the firewall level; however if you are implementing this solution you should use something, samba supports a hosts allow directive that may be worth your efforts.

    • 2