# Samba 3 and private shares



## ZeWaren (Aug 26, 2011)

Hi all,

I'm trying to use samba inside a jail.
The jail is using a bridge epair connection so I don't think my problem is broadcast related.

My problem is that when I try to access a private share, I get NT_STATUS_LOGON_FAILURE, and the server's log shows NT_STATUS_NO_SUCH_USER.

Both the server and the test client are 8.2-STABLE (amd64), using samba34-3.4.9_2 compiled from ports.

Here are some information about the setup:

Network configuration:

```
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:60:ad:00:0e:0b
        inet6 fe80::60:adff:fe00:e0b%epair0b prefixlen 64 scopeid 0x2
        inet 192.168.3.165 netmask 0xffffff00 broadcast 192.168.3.255
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
```

Adding the user to samba's database:

```
# pdbedit -a -u testuser
new password:
retype new password:
tdbsam_open: Converting version 0.0 database to version 4.0.
tdbsam_convert_backup: updated /usr/local/etc/samba34/passdb.tdb file.
account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0
Unix username:        testuser
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-726842876-3509445548-190429279-1000
Primary Group SID:    S-1-5-21-726842876-3509445548-190429279-513
Full Name:            Test User
Home Directory:       \\testsambahost\testuser
HomeDir Drive:
Logon Script:
Profile Path:         \\testsambahost\testuser\profile
Domain:               TESTSAMBAHOST
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Sun, 04 Dec 219250468 16:30:07 CET
Kickoff time:         Sun, 04 Dec 219250468 16:30:07 CET
Password last set:    Fri, 26 Aug 2011 11:16:40 CEST
Password can change:  Fri, 26 Aug 2011 11:16:40 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
```

Checking that the user exists as a unix user and a samba user:

```
# pw usershow testuser
testuser:*:1001:1001::0:0:Test User:/home/testuser:/usr/sbin/nologin
# pdbedit -L
testuser:1001:Test User
```

Samba's configuration: one public share and a private one.

```
# testparm
Load smb config files from /usr/local/etc/smb.conf
max_open_files: sysctl_max (11095) below minimum Windows limit (16384)
rlimit_max: rlimit_max (11095) below minimum Windows limit (16384)
Processing section "[public]"
Processing section "[testshare]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = TESTGROUP
        netbios name = TESTSAMBAHOST
        interfaces = 192.168.3.165/24
        log level = 3
        hosts allow = 192.168.3., 127.

[public]
        path = /usr/public
        read only = No
        guest ok = Yes

[testshare]
        path = /usr/testshare
        valid users = testuser
        read only = No
```

On a separate computer, listing the shares:

```
> smbclient -L 192.168.3.165
Enter whatever's password:
Anonymous login successful
Domain=[TESTGROUP] OS=[Unix] Server=[Samba 3.5.9]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (Samba 3.5.9)
        testshare       Disk
        public          Disk
Anonymous login successful
Domain=[TESTGROUP] OS=[Unix] Server=[Samba 3.5.9]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
```

Accessing the public share:

```
> smbclient //192.168.3.165/public
Enter whatever's password:
Anonymous login successful
Domain=[TESTGROUP] OS=[Unix] Server=[Samba 3.5.9]
smb: \> ls
  .                                   D        0  Wed Aug 24 15:00:45 2011
  ..                                  D        0  Fri Aug 26 11:13:33 2011
  poulet                                       0  Wed Aug 24 15:00:44 2011

                63454 blocks of size 131072. 25461 blocks available
smb: \>
```

Accessing the private share:

```
> smbclient //192.168.3.165/testshare -U testuser
Enter testuser's password:
session setup failed: NT_STATUS_LOGON_FAILURE
```

In samba's log:

```
[2011/08/26 09:34:37.655432,  3] smbd/sesssetup.c:1254(reply_sesssetup_and_X_spnego)
  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2011/08/26 09:34:37.655470,  3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
  Got user=[testuser] domain=[TESTWORKGROUP] workstation=[TESTSAMBAHOST] len1=24 len2=24
[2011/08/26 09:34:37.655524,  3] auth/auth.c:216(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [TESTWORKGROUP]\[testuser]@[TESTSAMBAHOST] with the new password interface
[2011/08/26 09:34:37.655550,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  mapped user is: [TESTSAMBAHOST]\[testuser]@[TESTSAMBAHOST]
[2011/08/26 09:34:37.655580,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [testuser] -> [testuser] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/08/26 09:34:37.655605,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2011/08/26 09:34:37.655851,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/08/26 09:34:37.655880,  3] smbd/connection.c:31(yield_connection)
  Yielding connection to
[2011/08/26 09:34:37.655979,  3] smbd/server.c:923(exit_server_common)
  Server exit (failed to receive smb request)
```

Does anyone knows what I'm doing wrong?

Thanks for any answer.


----------



## ZeWaren (Aug 31, 2011)

Rebooting the machine seems to have solved the problem and I can't reproduce it.


----------

