I'm trying to access a CentOS 7 Samba share from a Windows 10 client. I require local user authentication (as in a unix user in the CentOS Samba server).
I do NOT want NTLM or ADS authentication.
This is my config:
Code: Select all
$ cat smb.conf
[global]
workgroup = DOMAIN
map to guest = Bad User
log level = 3
ntlm auth = no
lanman auth = no
client lanman auth = no
[Anonymous]
comment = Anonymous File Server Share
path = /samba/anonymous
guest ok = yes
read only = no
[copies]
comment = Secure File Server Share
path = /copies
read only = no
guest ok = no
Code: Select all
$ sudo tail -n 0 -f /var/log/samba/log.smbd
[2019/01/15 16:17:01.223137, 2] ../source3/smbd/service.c:1120(close_cnum)
hman1561 (ipv4:10.215.144.48:57884) closed connection to service Anonymous
[2019/01/15 16:17:10.509080, 3] ../source3/smbd/service.c:1120(close_cnum)
hman1561 (ipv4:10.215.144.48:57884) closed connection to service IPC$
[2019/01/15 16:17:10.509747, 3] ../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
[2019/01/15 16:17:10.510613, 3] ../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[copy] domain=[DOMAIN] workstation=[HMAN1561] len1=24 len2=24
[2019/01/15 16:17:10.510702, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/01/15 16:17:10.510793, 3] ../source3/param/loadparm.c:547(init_globals)
Initialising global parameters
[2019/01/15 16:17:10.511099, 3] ../source3/param/loadparm.c:2782(lp_do_section)
Processing section "[global]"
[2019/01/15 16:17:10.511314, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[Anonymous]"
[2019/01/15 16:17:10.511426, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[copies]"
[2019/01/15 16:17:10.511825, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
adding IPC service
[2019/01/15 16:17:10.511923, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [DOMAIN]\[copy]@[HMAN1561] with the new password interface
[2019/01/15 16:17:10.511959, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [DOMAIN]\[copy]@[HMAN1561]
[2019/01/15 16:17:10.512493, 3] ../source3/passdb/lookup_sid.c:1680(get_primary_group_sid)
Forcing Primary Group to 'Domain Users' for copy
[2019/01/15 16:17:10.512716, 2] ../libcli/auth/ntlm_check.c:430(ntlm_password_check)
ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user copy
[2019/01/15 16:17:10.512846, 3] ../libcli/auth/ntlm_check.c:437(ntlm_password_check)
ntlm_password_check: NEITHER LanMan nor NT password supplied for user copy
[2019/01/15 16:17:10.513429, 2] ../source3/auth/auth.c:332(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [copy] -> [copy] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2019/01/15 16:17:10.513521, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [DOMAIN]\[copy] at [Tue, 15 Jan 2019 16:17:10.513495 CET] with [NTLMv1] status [NT_STATUS_WRONG_PASSWORD] workstation [HMAN1561] remote host [ipv4:10.215.144.48:57884] mapped to [DOMAIN]\[copy]. local host [ipv4:10.215.248.137:445]
[2019/01/15 16:17:10.513646, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2019/01/15 16:17:10.514551, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
How can I force it to use local unix accounts? (I already created the unix user + samba user for username "copy", of course)
Code: Select all
$ cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
$ cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
[EDIT] I had to set "ntlm auth = yes" in the general section.