Vero O
Cadet
- Joined
- Feb 12, 2015
- Messages
- 9
Hi! I am FreeNAS newbie. I am trying to share folders using SAMBA. My users are in a OpenLDAP. The OpenLDAP has the samba.schema loaded. I checked the sambaSID in my FreeNAS and it is the same I got in my LDAP. But when I connect a client I get this error (I logged it in a file using debuglevel=3):
I really don't know why it denied me access. What I can see is: my user that tries to log in (myuser) is not within in the domain (WORKGROUP)
Hope somebody helps me. Thanks in advance
Code:
Maximum core file size limits now -1(soft) -1(hard) smbd version 4.1.17 started. Copyright Andrew Tridgell and the Samba Team 1992-2013 uid=0 gid=0 euid=0 egid=0 lp_load_ex: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf" Processing section "[global]" Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED lp_load_ex: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf" Processing section "[global]" Processing section "[homes]" adding IPC service added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 added interface em0 ip=192.168.1.5 bcast=192.168.1.255 netmask=255.255.255.0 loaded services smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WORKGROUP))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server ERROR: Got 0 entries for gid 65534, expected one Initialise the svcctl registry keys if needed. Initialise the eventlog registry keys if needed. waiting for connections Allowed connection from dbass (192.168.1.4) init_oplocks: initializing messages. Transaction 0 of length 194 (0 toread) switch message SMBnegprot (pid 10596) conn 0x0 Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [MICROSOFT NETWORKS 1.03] Requested protocol [MICROSOFT NETWORKS 3.0] Requested protocol [LANMAN1.0] Requested protocol [LM1.2X002] Requested protocol [DOS LANMAN2.1] Requested protocol [LANMAN2.1] Requested protocol [Samba] Requested protocol [NT LANMAN 1.0] Requested protocol [NT LM 0.12] interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known] get_mydnsfullname: getaddrinfo failed for name freenas.local [Success] interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known] get_mydnsfullname: getaddrinfo failed for name freenas.local [Success] GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered using SPNEGO Selected protocol NT LANMAN 1.0 Transaction 1 of length 166 (0 toread) switch message SMBsesssetupX (pid 10596) conn 0x0 wct=12 flg2=0xc843 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known] get_mydnsfullname: getaddrinfo failed for name freenas.local [Success] interpret_string_addr_internal: getaddrinfo failed for name freenas.local (flags 1026) [hostname nor servname provided, or not known] get_mydnsfullname: getaddrinfo failed for name freenas.local [Success] Got NTLMSSP neg_flags=0x60088215 Transaction 2 of length 338 (0 toread) switch message SMBsesssetupX (pid 10596) conn 0x0 wct=12 flg2=0xc843 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] Got user=[myuser] domain=[WORKGROUP] workstation=[DBASS] len1=24 len2=96 lp_load_ex: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf" Processing section "[global]" Processing section "[homes]" adding IPC service check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[myuser]@[DBASS] with the new password interface check_ntlm_password: mapped user is: [WORKGROUP]\[myuser]@[DBASS] check_sam_security: Couldn't find user 'myuser' in passdb. check_winbind_security: Not using winbind, requested domain [WORKGROUP] was for this SAM. check_ntlm_password: Authentication for user [myuser] -> [myuser] FAILED with error NT_STATUS_NO_SUCH_USER No such user myuser [WORKGROUP] - using guest account Transaction 3 of length 90 (0 toread) switch message SMBtconX (pid 10596) conn 0x0 Allowed connection from dbass (192.168.1.4) Connect path is '/tmp' for service [IPC$] Initialising default vfs hooks Initialising custom vfs hooks from [/[Default VFS]/] dbass (ipv4:192.168.1.4:44401) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 10596) tconX service=IPC$ Transaction 4 of length 116 (0 toread) switch message SMBtrans2 (pid 10596) conn 0x8120e77e0 checking for home directory myuser gave /mnt/volume_test/homedirs/myuser/myuser adding home's share [myuser] for user 'myuser' at '/mnt/volume_test/homedirs/myuser/myuser/%U' get_referred_path: |myuser| in dfs path \192.168.1.5\myuser is not a dfs root. NT error packet at ../source3/smbd/trans2.c(8572) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND Transaction 5 of length 39 (0 toread) switch message SMBtdis (pid 10596) conn 0x8120e77e0 dbass (ipv4:192.168.1.4:44401) closed connection to service IPC$ Transaction 6 of length 96 (0 toread) switch message SMBtconX (pid 10596) conn 0x0 Allowed connection from dbass (192.168.1.4) guest user (from session setup) not permitted to access this share (myuser) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED NT error packet at ../source3/smbd/reply.c(952) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Server exit (failed to receive smb request)
I really don't know why it denied me access. What I can see is: my user that tries to log in (myuser) is not within in the domain (WORKGROUP)
Hope somebody helps me. Thanks in advance