Cannot login to SMB Server/Authentication denied


 
Thread Tools Search this Thread
Operating Systems Solaris Cannot login to SMB Server/Authentication denied
# 1  
Old 10-30-2016
Cannot login to SMB Server/Authentication denied

Hello,

I have problems seting up SMB server in Solaris 11.3.
I had SMB working previously on Solaris 11 (updated to 11.3), but a bad harddisk crash forced me to install Solaris again from scratch and I cannot get it working properly.

I have imported the previous zfs pool with share.smb set to on for the applicable file systems.

I have tried following the instructions in the Oracle documentation "Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.3" to setup the SMB server service (not SAMBA).

This is a home server so I do not use a AD or LDAP server and have tried setting it up using workgroups.

The steps I have taken are:

Enabled mapping by using Identity Management
Code:
# svccfg -s svc:/system/idmap setprop config/directory_based_mapping = astring: idmu

Enabled the SMB service
Code:
# svcadm enable -r smb/server

Added "password required pam_smb_passwd.so.1 nowarn" to /etc/pam.d/other

Reset password to populate /var/smb/smbpasswd
Code:
# passwd username

# smbadm join -w myworkgroup

The server shows up in the "Network places" and at one point I could log in to it using root, but I have not been able to open any shares using my normal user or root.
I have tried setting winnames in idmap aswell without success. Restarted the service and computer a couple of times but to no use.
At the moment the server shows up but I cannot log in to it in any way via SMB.

I have tried looking in /var/adm/messages and the most helpful error message I have seen is "access denied: guest disabled".

Enabling guest for the shares in zfs enabled me to open one of the shares but no files where then visible, so I turned the guest option off again.

Please help me get to the bottom of this. I feel like I have missed some mundane detail but I cannot figure out what.



Moderator's Comments:
Mod Comment Please use CODE tags as required by forum rules!

Added/Changed CODE tags.

Last edited by RudiC; 10-30-2016 at 03:48 PM.. Reason: Added CODE tags.
# 2  
Old 10-30-2016
Reading your post you seem to have done everything correctly AFAIK.

This may be a dumb question but have you enabled/restarted the service since you populated 'smbpasswd' for the smb users?

Code:
# svcadm enable network/smb

 or
   
# svcadm restart network/smb

This may require more thought.

Last edited by hicksd8; 10-30-2016 at 02:52 PM.. Reason: Correct command line in post
This User Gave Thanks to hicksd8 For This Post:
# 3  
Old 10-30-2016
First, sorry for forgetting code tags. Will try to remember those in the future.

Just to make sure. I tried to restart the service. I have also restarted the computer earlier after trying to make things work.

Still not working. Smilie

I tried to log in to the machine from my windows computer and then looked in /var/adm/messages and had these entries:
Code:
Oct 30 22:52:27 Solaris smbd[3704]: [ID 702911 daemon.notice] service shutting down
Oct 30 22:52:27 Solaris smbd[3704]: [ID 702911 daemon.notice] service terminated
Oct 30 22:52:27 Solaris smbd[4057]: [ID 702911 daemon.notice] dyndns: failed to get domainname
Oct 30 22:52:27 Solaris smbd[4057]: [ID 702911 daemon.notice] service initialized
Oct 30 22:52:55 Solaris smbd[4057]: [ID 812811 daemon.notice] logon[windowscomputer\username]: LOGON_FAILURE
Oct 30 22:52:56 Solaris last message repeated 1 time
Oct 30 22:55:17 Solaris gdm-simple-greeter[3795]: [ID 702911 daemon.warning] atk-bridge-WARNING: AT_SPI_REGISTRY was not started at session startup.
Oct 30 22:57:28 Solaris smbd[4057]: [ID 812811 daemon.notice] logon[windowscomputer\username]: LOGON_FAILURE

I have substituted the computer and username.
# 4  
Old 10-31-2016
I've been thinking about this more.
I note the "LOGON_FAILURE" error.

Firstly, can your smb users login to Solaris as normal users with the credentials they are using?

Secondly, but without a Solaris 11 machine here to try it on, I would give this as an example:

Code:
# zpool create mypool c3t1d0
# zfs create -o casesensitivity=mixed -o nbmand=on mypool/fs1
# zfs set share=name=fs1,path=/mypool,prot=smb mypool
# zfs set sharesmb=on mypool/fs1
# svcadm enable -r smb/server
# svcadm enable network/smb
# REM Now reset passwords of smb users to populate smbpasswd

Perhaps give (some of) that a go creating a new smb share and see what happens. Return to the share(s) you've already tried to configure if it works.

Last edited by hicksd8; 11-03-2016 at 07:46 AM.. Reason: Whoops! Forum Advisor forgets to use code tags!
This User Gave Thanks to hicksd8 For This Post:
# 5  
Old 10-31-2016
Hello again and thank you for trying to help me Smilie

I can login to Solaris both thru desktop/GNOME and ssh with my user. Using that same user without elevation of root I can access and view the folder shares locally aswell so it should not be a access problem, but you never know.

I tried creating a new filesystem as you suggested (tank/smbtest) including the following steps with setting up sharing over smb but that did unfortunately not change anything.

I tried in a stroke of desperation to login thru my android surfpad, and it would show all the shares unlike my windows computer, but it would not login. So I tried in my windows computer to enter the path to the newly created share and a music share with 774 but could not login.
I even tried entering the music share in my sonos but it would not have it either. Smilie

last entries in /var/adm/messages after my tries as follows
Code:
Oct 31 20:58:28 Ugglan smbsrv: [ID 421734 kern.notice] NOTICE: [NT Authority\Anonymous]: tank_smbtest access denied: IPC only
Oct 31 20:58:28 Ugglan last message repeated 1 time
Oct 31 21:04:08 Ugglan smbsrv: [ID 421734 kern.notice] NOTICE: [UGGLAN\guest]: Audio access denied: guest disabled
Oct 31 21:04:09 Ugglan last message repeated 7 times
Oct 31 21:04:09 Ugglan smbsrv: [ID 421734 kern.notice] NOTICE: [NT Authority\Anonymous]: Audio access denied: IPC only
Oct 31 21:04:09 Ugglan last message repeated 1 time
Oct 31 21:04:09 Ugglan smbsrv: [ID 421734 kern.notice] NOTICE: [UGGLAN\guest]: Audio access denied: guest disabled
Oct 31 21:04:09 Ugglan last message repeated 3 times
Oct 31 21:04:24 Ugglan smbd[4057]: [ID 812811 daemon.notice] logon[UGGLAN\user1]: LOGON_FAILURE
Oct 31 21:04:24 Ugglan last message repeated 4 times
Oct 31 21:04:24 Ugglan smbsrv: [ID 421734 kern.notice] NOTICE: [NT Authority\Anonymous]: Audio access denied: IPC only
Oct 31 21:04:24 Ugglan last message repeated 1 time
Oct 31 21:04:24 Ugglan smbsrv: [ID 421734 kern.notice] NOTICE: [UGGLAN\guest]: Audio access denied: guest disabled
Oct 31 21:04:24 Ugglan last message repeated 3 times
Oct 31 21:35:38 Ugglan smbd[4057]: [ID 812811 daemon.notice] logon[Wombat\user1]: LOGON_FAILURE

Ugglan is the name of the Solaris server, Wombat is the windows laptop. Username changed to user1 as I'm not sure how safe it is to include usernames in an open forum like this.

The different behaviour of the surfpad led me to think if it might have anything to do with me having the same username on the windows computer and in solaris? On the other hand, it did work fine with same usernames in both computers before the reinstall.

Can I have messed something up in my initial setup of the SMB server? Can I somehow start over from scratch and try again from a clean slate?

Do the SMB server itself have any logs to look in or am I stuck with looking in messages?

Please tell me if there are any log or any information that I can try to provide to find a solution to this mystery.
# 6  
Old 11-01-2016
This is the Oracle documentation about troubleshooting SMB connectivity but I assume that you've already gone through that?

Troubleshooting the SMB Service - Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.1
This User Gave Thanks to hicksd8 For This Post:
# 7  
Old 11-01-2016
I tried following a similar troubleshooting guide in the document mentioned in my first post but I will go through the one you provided as well when I get home.

Just to make sure I haven't set everything up with wrong assumptions, what would be the best "mode" for smb to run in?

As mentioned earlier this is a home server connected to a normal home router. For smb, it is mainly serving a windows computer, some music players and the occasional surfpad or mobile phone. I do not have or use any AD server or LDAP. So the Solaris machine is very much a stand alone server.
I have assumed that I should run smb in workgroup mode and use idmu.
Is this correct or should my approach be different?
How should I go about/what strategy should I have configuring smb in my use case?

Skickat från min D5803 via Tapatalk

---------- Post updated at 09:19 PM ---------- Previous update was at 09:13 PM ----------

SOLVED! Smilie

directory_based_mapping shall NOT be set to idmu, but to none for my usecase as a stand alone server.

I set it using:
Code:
# svccfg -s svc:/system/idmap setprop config/directory_based_mapping = astring: none

and then restarted idmap and smb and everything worked as it should immediately.

For reference to others:
I compared the smb manifest and method files against a backup of the previous installation and they were as far as I could tell an exact match.
That together with the problem seeming to revolve around credentials got me to start reading up on how smb handles logins, samba security modes and identity mapping and found a quite good samba manual/guide in the docs section at samba.org that mentioned that idmap was not relevant when running a stand alone server using workgroups.

And after that things worked itself out relatively quickly. Smilie

Thanks for the help and things to try, it really helped me look for the right clues leading up to the solution!

Last edited by Zorken; 11-01-2016 at 02:29 PM..
This User Gave Thanks to Zorken For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Solaris

/network/smb/server goes into maintenance mode.

All I'm running an OpenSolaris system (Nexenta). When doing a svcs I see that/network/smb/server is in maintenance mode. I have run a clear on the service and restarted. I see the same service show online* for a bit but then, enters maintenance every time. In the service log I... (2 Replies)
Discussion started by: dcpatriot
2 Replies

2. Shell Programming and Scripting

Passwordless Authentication and Anonymous login

Hi, I am in the process FTPing some of my report files from my production server to another FTP server through batch/Shell Script. This is working fine with the password less authentication. Once i place all my report files in the ftp server the end users need to download ... (3 Replies)
Discussion started by: Showdown
3 Replies

3. UNIX for Advanced & Expert Users

PAM Login denied

Hi All, While I was trying to login to the console of my machine I got the following error messages :: body { margin: 0 0 0 0; padding:0 0 0 0 }td,div { font-family:Tahoma;font-size:8pt;vertical-align:top }/* Copyright IBM Corp. 2011 All Rights Reserved. */body { margin:... (2 Replies)
Discussion started by: Pkumar Sachin
2 Replies

4. Solaris

Unable to login password less authentication

Hi, I am facing strange problem in solaris 10. My requirement is that on server A using user test, any user which is created on Server B will be able to login wihtout password (ssh) from Server A All the users which are on Server B are able able to login from Server A using test user. ... (8 Replies)
Discussion started by: manoj.solaris
8 Replies

5. Red Hat

microsoft Server 2008 Active authentication to a linux server

Hi, Please could someone advise I'm trying to use winscp from a Window server 2008 R2, but i need to add the authentication key to access the linux rh 5.4 servers ? What is the best way of approaching this ? If there are any web links that could help me do this, that would be good. ... (1 Reply)
Discussion started by: venhart
1 Replies

6. UNIX for Dummies Questions & Answers

Account is locked or login administratively denied

Hi, When I am trying to do ssh to a server it shows below error. Key setup is all good and it used to work well few days back. Now suddenly I am getting this error. ssh -i <private_key> <id>@<hostname> Received disconnect from <hostname> Account is locked or login administratively... (1 Reply)
Discussion started by: mahish20
1 Replies

7. Red Hat

USER denied login as OUT OF DISK SPACE

Hi, I am trying to install Oracle 11g R2 on Oracle Enterprise Linux (5.4 version, which is basically some Redhat version). I have created oracle user, when I tried installing, the installer erred out saying there is no enough space. I logged out and when I logged in back, user oracle was... (2 Replies)
Discussion started by: guruparan18
2 Replies

8. UNIX for Dummies Questions & Answers

Login Authentication Prob SCO 504

I have a problem on a SCO Unix504 box where no user with a setr password is allowed to login. When you enter a username with-out a password and press enter you are allowed to login, when using a name with a password it skips the password entry line and gives the message Incorrect password. This... (0 Replies)
Discussion started by: jant
0 Replies
Login or Register to Ask a Question