Server 2008R2 unable access samba shares OMV

    • OMV 4.x
    • Server 2008R2 unable access samba shares OMV

      I have installed OMV several times without problems. I currently have a network composed of Server 2008R2 domain server + 15 Windows 10 computers. From any computer with Windows 10 it is possible to access OMV folders before logging in. But since Windows Server 2008R2 it is not possible to login, it always gives a user error or password on any folder, even though the credentials are correct. Previously I used a Lacie d2 network2 NAS (based on Linux) with no problems accessing both Windows 10 and Server 2008R2. Even at this moment, I can access this NAS, but not OMV. I have searched the Internet if the problem is Samba or Server 2008 without being able to find a solution that solves the problem. The OMV version is 4.1.22. I already appreciate.
    • Are you actually running a domain or is it peer to peer?

      Take a look at this How-To. Specifically take a look at the section titled Domain Connected Windows 10 Clients / Servers. Be sure to follow the link "guide to levels 1 through 5", to Microsoft's reference on the security levels and read the notes related to Server2008R2. Be aware of the risks - given the age of the server OS, I'm assuming it has no exposure to the internet. ( ? )
      _______________________

      Perhaps @geaves might chime in.

      The post was edited 1 time, last by crashtest ().

    • If you're open for a structured attempt to resolve issues then please do not start to fiddle around with adjusting settings here and there right now but follow basic troubleshooting principles allowing to improve situation with OMV.

      towerpc wrote:

      From any computer with Windows 10 it is possible to access OMV folders before logging in
      I don't get the meaning of ' before logging in' but anyway. Please try to access any of your OMV shares this way from a Win10 system and then on the OMV's server provide output of these two commands as root:

      Source Code

      1. smbstatus
      2. testparm
      The smbstatus output allows us to diagnose the status of authentication, user/group (important to diagnose potential permission issues), SMB version, Encryption and Signing and also which share is affected:

      Sample output:

      Brainfuck Source Code

      1. root@OMV:/# smbstatus
      2. Samba version 4.5.16-Debian
      3. PID Username Group Machine Protocol Version Encryption Signing
      4. ----------------------------------------------------------------------------------------------------------------------------------------
      5. 20591 John users 192.168.83.145 (ipv4:192.168.83.145:55123) SMB3_02 - partial(AES-128-CMAC)
      6. 20761 tk users 192.168.83.144 (ipv4:192.168.83.144:52437) SMB3_11 - partial(AES-128-CMAC)
      7. Service pid Machine Connected at Encryption Signing
      8. ---------------------------------------------------------------------------------------------
      9. SAMBA_BTRFS 20761 192.168.83.144 Fri May 17 11:21:24 2019 UTC - -
      10. SAMBA_BTRFS 20591 192.168.83.145 Fri May 17 11:16:51 2019 UTC - -
      11. Locked files:
      12. Pid Uid DenyMode Access R/W Oplock SharePath Name Time
      13. --------------------------------------------------------------------------------------------------
      14. 20591 1000 DENY_NONE 0x20087 RDWR NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS LanTest-6.0.0-172.16.160.1-mac-tk-2018.log Fri May 17 11:17:09 2019
      15. 20591 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:17:11 2019
      16. 20761 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:21:23 2019
      17. 20761 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:21:23 2019
      18. 20761 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:21:23 2019
      19. 20591 1000 DENY_NONE 0x20087 RDWR NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS LanTest-tmp 172.16.160.1 mac-tk-2018/LanTest-Bigfile Fri May 17 11:20:22 2019
      Display All
      If you provide the output you can skip the 'Locked files' section and obfuscate IP addresses. But rest of information should remain intact. Then output from testparm will give an overview about your Samba settings. It should contain the [global] section as well as the share definition the client actually accesses.


      This is the first step to get an idea what's happening. Adjusting settings here or there is only the next step.
    • tkaiser wrote:

      If you're open for a structured attempt to resolve issues then please do not start to fiddle around with adjusting settings here and there right now but follow basic troubleshooting principles allowing to improve situation with OMV.
      Well this is going to be interesting :) this will be my only post in here;

      The OP cannot access OMV shares from Sever2008, client access to OMV works! As yet we don't know if the OP is using OMV in a peer to peer environment or a domain, and FYI I have integrated OMV into an MS domain but for a specific use.

      @towerpc I hope you get this sorted, but it is doable.
      Raid is not a backup! Would you go skydiving without a parachute?
    • geaves wrote:

      The OP cannot access OMV shares from Sever2008, client access to OMV works!
      Yes, @towerpc wrote that in the first post here. That's why I asked for smbstatus and testparmoutput with such a client connected to get an idea whether this connection is established as guest or authenticated (and whether it's authentication against local user accounts on the OMV server or AD).

      All these questions can be answered in a single step by using the troubleshooting tools the Samba project provides for exactly this reason :)
    • Apologies if I express myself badly. I do not speak English and everything is translated with Google.
      The network structure is formed in the following way:

      1 Microsoft Server 2008R2 computer with domain server
      1 OMV 4.1.22
      1 NAS Lacie d2 network2
      10 Microsoft Windows 10 attached to the domain
      5 Microsoft Windows 10 not attached to the domain

      The 15 computers with Windows 10 can access the shared folders of Lacie NAS and OMV 4.1.22. No problem to access the contents of the folders and to log into them.
      The Microsoft Server 2008R2 computer can access the shared Lacie NAS folders without problem.
      The Microsoft Server 2008R2 computer CAN NOT access the shared folders of OMV 4.1.22. Always incorrect user error or password. Both accessing with the name of the team and with the IP thereof.


      I hope the translation is clearer.
      Thanks.
    • towerpc wrote:

      The 15 computers with Windows 10 can access the shared folders of Lacie NAS and OMV 4.1.22
      So it doesn't matter whether they've joined the domain or not and as such this looks like an authentication issue.

      Again: please connect with one of the Win10 machines to the OMV server and then provide output of smbstatus and testparm commands on the server. For this you need SSH access to the server or you install the shellinabox plugin and authenticate on the OMV server as root.

      To help further nailing the problem down please open cmd.exe on your Win2008 server and provide the output of net view \\$server for both the OMV box and your LaCie NAS. Therefore replace $server in the aforementioned command with the IP addresses of the OMV machine and the LaCie box.
    • donh wrote:

      Still a little confused but if the only one not working is the 2008 server try mapping a network drive. You can enter a different user and password that way.
      Right. Only Server 2008R2 can not connect to OMV shared folders. Error login always with any of the accounts created in OMV.

      tkaiser wrote:

      towerpc wrote:

      The 15 computers with Windows 10 can access the shared folders of Lacie NAS and OMV 4.1.22
      So it doesn't matter whether they've joined the domain or not and as such this looks like an authentication issue.
      10 Microsoft Windows 10 ATTACHED TO THE DOMAIN
      5 Microsoft Windows 10 NOT ATTACHED TO THE DOMAIN

      summarizing. Only server 2008r2 can not access the shared OMV folders. all the rest works perfectly.
    • tkaiser wrote:

      towerpc wrote:

      Only server 2008r2 can not access the shared OMV folders. all the rest works perfectly
      You wote this already multiple times. What about now providing output from the commands as you've been asked for?
      Here the results:

      net view (10.152.15.131 IP for OMV, 10.152.15.133 IP for Lacie d2

      Brainfuck Source Code

      1. Microsoft Windows [Versión 6.1.7601]
      2. Copyright (c) 2009 Microsoft Corporation. Reservados todos los derechos.
      3. C:\Users\administrador.DEMAG>net view \\10.152.15.131
      4. Error de sistema 5.
      5. Acceso denegado.
      6. C:\Users\administrador.DEMAG>net view \\10.152.15.133
      7. Recursos compartidos en \\10.152.15.133
      8. SCH-BAK002
      9. Nombre de recurso compartido Tipo Usado como Comentario
      10. -------------------------------------------------------------------------------
      11. aldana_chazarreta Disco
      12. alejandra_mejia Disco
      13. carlos_badell Disco
      14. carlos_boveri Disco
      15. casimiro_polledo Disco
      16. cecilia_albarracin Disco
      17. chantal_fechser Disco
      18. claudio_lopez Disco
      19. edgar_ortiz Disco
      20. gonzalez_note Disco
      21. nadia_ziegler Disco
      22. nicolas_luraghi Disco
      23. pablo_brancato Disco
      24. rafael_perez Disco
      25. ricardo_marote Disco
      26. roberto_gonzalez Disco
      27. roberto_schulzen Disco
      28. servicio_tecnico Disco
      29. servidor Disco
      30. towerpc Disco
      31. Se ha completado el comando correctamente.
      32. C:\Users\administrador.DEMAG>
      Display All
    • smbstatus

      Brainfuck Source Code

      1. login as: root
      2. root@10.152.15.131's password:
      3. Linux SCH-BAK001 4.19.0-0.bpo.4-amd64 #1 SMP Debian 4.19.28-2~bpo9+1 (2019-03-27 ) x86_64
      4. The programs included with the Debian GNU/Linux system are free software;
      5. the exact distribution terms for each program are described in the
      6. individual files in /usr/share/doc/*/copyright.
      7. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
      8. permitted by applicable law.
      9. Last login: Mon May 20 13:55:26 2019 from 10.152.15.14
      10. root@SCH-BAK001:~# smbstatus
      11. Samba version 4.5.16-Debian
      12. PID Username Group Machine Prot ocol Version Encryption Signing
      13. -------------------------------------------------------------------------------- --------------------------------------------------------
      14. 1168 edgar_ortiz users 10.152.15.25 (ipv4:10.152.15.25:51754) SMB3 _11 - partial(AES-128-CMAC)
      15. 1087 pablo_brancato users 10.152.15.15 (ipv4:10.152.15.15:50908) SM B3_11 - partial(AES-128-CMAC)
      16. Service pid Machine Connected at Encryption Signing
      17. -------------------------------------------------------------------------------- -------------
      18. edgar_ortiz 1168 10.152.15.25 lun may 20 18:00:03 2019 -03 - -
      19. pablo_brancato 1087 10.152.15.15 lun may 20 18:00:02 2019 -03 - -
      20. Locked files:
      21. Pid Uid DenyMode Access R/W Oplock Share Path Name Time
      22. -------------------------------------------------------------------------------- ------------------
      23. 1168 1009 DENY_ALL 0x17019f RDWR LEASE(RWH) /srv/ dev-disk-by-label-DISC02/edgar_ortiz _gsdata_/63aafc98d584c775ba03f3e728f48282 .pst Mon May 20 18:19:56 2019
      24. 1087 1012 DENY_NONE 0x100081 RDONLY NONE /srv/ dev-disk-by-label-DISC02/pablo_brancato . Mon May 20 18:00:02 2019
      25. 1168 1009 DENY_NONE 0x100081 RDONLY NONE /srv/ dev-disk-by-label-DISC02/edgar_ortiz . Mon May 20 18:00:23 2019
      26. 1087 1012 DENY_ALL 0x17019f RDWR LEASE(RWH) /srv/ dev-disk-by-label-DISC02/pablo_brancato _gsdata_/c0a1a5426d9f317aeded1d11e7159 caa.pst Mon May 20 18:00:02 2019
      Display All
    • testparm

      Source Code

      1. root@SCH-BAK001:~# testparm
      2. Load smb config files from /etc/samba/smb.conf
      3. rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
      4. Processing section "[aldana_chazarreta]"
      5. Processing section "[ex-empleados]"
      6. Processing section "[servicio_tecnico]"
      7. Processing section "[roddy_bonilla]"
      8. Processing section "[roberto_schulzen]"
      9. Processing section "[roberto_gonzalez]"
      10. Processing section "[ricardo_marote]"
      11. Processing section "[rafael_perez]"
      12. Processing section "[pablo_brancato]"
      13. Processing section "[natalia_hermann]"
      14. Processing section "[nadia_ziegler]"
      15. Processing section "[javier_pastini]"
      16. Processing section "[edgar_ortiz]"
      17. Processing section "[claudio_lopez]"
      18. Processing section "[chantal_fechser]"
      19. Processing section "[cecilia_albarracin]"
      20. Processing section "[casimiro_polledo]"
      21. Processing section "[carlos_boveri]"
      22. Processing section "[carlos_badell]"
      23. Processing section "[alejandra_mejia]"
      24. Loaded services file OK.
      25. WARNING: You have some share names that are longer than 12 characters.
      26. These may not be accessible to some older clients.
      27. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
      28. Server role: ROLE_STANDALONE
      29. Press enter to see a dump of your service definitions
      30. # Global parameters
      31. [global]
      32. server string = %h server
      33. workgroup = DEMAG
      34. log file = /var/log/samba/log.%m
      35. logging = syslog
      36. max log size = 1000
      37. panic action = /usr/share/samba/panic-action %d
      38. disable spoolss = Yes
      39. load printers = No
      40. printcap name = /dev/null
      41. pam password change = Yes
      42. passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
      43. passwd program = /usr/bin/passwd %u
      44. socket options = TCP_NODELAY IPTOS_LOWDELAY
      45. dns proxy = No
      46. idmap config * : backend = tdb
      47. printing = bsd
      48. acl allow execute always = Yes
      49. create mask = 0777
      50. directory mask = 0777
      51. aio read size = 16384
      52. aio write size = 16384
      53. use sendfile = Yes
      54. [aldana_chazarreta]
      55. path = /srv/dev-disk-by-label-DISC02/aldana_chazarreta
      56. hide special files = Yes
      57. create mask = 0664
      58. directory mask = 0775
      59. force create mode = 0664
      60. force directory mode = 0775
      61. inherit acls = Yes
      62. read only = No
      63. valid users = Administrador aldana_chazarreta
      64. write list = Administrador aldana_chazarreta
      65. [ex-empleados]
      66. path = /srv/dev-disk-by-label-DISC02/ex-empleados
      67. hide special files = Yes
      68. create mask = 0664
      69. directory mask = 0775
      70. force create mode = 0664
      71. force directory mode = 0775
      72. inherit acls = Yes
      73. read only = No
      74. valid users = Administrador alejandra_mejia claudio_lopez roberto_schulzen
      75. write list = Administrador alejandra_mejia claudio_lopez roberto_schulzen
      76. [servicio_tecnico]
      77. path = /srv/dev-disk-by-label-DISC02/servicio_tecnico
      78. hide special files = Yes
      79. create mask = 0664
      80. directory mask = 0775
      81. force create mode = 0664
      82. force directory mode = 0775
      83. inherit acls = Yes
      84. read only = No
      85. valid users = Administrador servicio_tecnico
      86. write list = Administrador servicio_tecnico
      87. [roddy_bonilla]
      88. path = /srv/dev-disk-by-label-DISC02/roddy_bonilla
      89. hide special files = Yes
      90. create mask = 0664
      91. directory mask = 0775
      92. force create mode = 0664
      93. force directory mode = 0775
      94. inherit acls = Yes
      95. read only = No
      96. valid users = Administrador roddy_bonilla
      97. write list = Administrador roddy_bonilla
      98. [roberto_schulzen]
      99. path = /srv/dev-disk-by-label-DISC02/roberto_schulzen
      100. hide special files = Yes
      101. create mask = 0664
      102. directory mask = 0775
      103. force create mode = 0664
      104. force directory mode = 0775
      105. inherit acls = Yes
      106. read only = No
      107. valid users = Administrador roberto_schulzen
      108. write list = Administrador roberto_schulzen
      109. [roberto_gonzalez]
      110. path = /srv/dev-disk-by-label-DISC02/roberto_gonzalez
      111. hide special files = Yes
      112. create mask = 0664
      113. directory mask = 0775
      114. force create mode = 0664
      115. force directory mode = 0775
      116. inherit acls = Yes
      117. read only = No
      118. valid users = Administrador roberto_gonzalez
      119. write list = Administrador roberto_gonzalez
      120. [ricardo_marote]
      121. path = /srv/dev-disk-by-label-DISC02/ricardo_marote
      122. hide special files = Yes
      123. create mask = 0664
      124. directory mask = 0775
      125. force create mode = 0664
      126. force directory mode = 0775
      127. inherit acls = Yes
      128. read only = No
      129. valid users = Administrador ricardo_marote
      130. write list = Administrador ricardo_marote
      131. [rafael_perez]
      132. path = /srv/dev-disk-by-label-DISC02/rafael_perez
      133. hide special files = Yes
      134. create mask = 0664
      135. directory mask = 0775
      136. force create mode = 0664
      137. force directory mode = 0775
      138. inherit acls = Yes
      139. read only = No
      140. valid users = Administrador rafael_perez
      141. write list = Administrador rafael_perez
      142. [pablo_brancato]
      143. path = /srv/dev-disk-by-label-DISC02/pablo_brancato
      144. hide special files = Yes
      145. create mask = 0664
      146. directory mask = 0775
      147. force create mode = 0664
      148. force directory mode = 0775
      149. inherit acls = Yes
      150. read only = No
      151. valid users = Administrador pablo_brancato
      152. write list = Administrador pablo_brancato
      153. [natalia_hermann]
      154. path = /srv/dev-disk-by-label-DISC02/natalia_hermann
      155. hide special files = Yes
      156. create mask = 0664
      157. directory mask = 0775
      158. force create mode = 0664
      159. force directory mode = 0775
      160. inherit acls = Yes
      161. read only = No
      162. valid users = Administrador natalia_hermann
      163. write list = Administrador natalia_hermann
      164. [nadia_ziegler]
      165. path = /srv/dev-disk-by-label-DISC02/nadia_ziegler
      166. hide special files = Yes
      167. create mask = 0664
      168. directory mask = 0775
      169. force create mode = 0664
      170. force directory mode = 0775
      171. inherit acls = Yes
      172. read only = No
      173. valid users = Administrador nadia_ziegler
      174. write list = Administrador nadia_ziegler
      175. [javier_pastini]
      176. path = /srv/dev-disk-by-label-DISC02/javier_pastini
      177. hide special files = Yes
      178. create mask = 0664
      179. directory mask = 0775
      180. force create mode = 0664
      181. force directory mode = 0775
      182. inherit acls = Yes
      183. read only = No
      184. valid users = Administrador javier_pastini
      185. write list = Administrador javier_pastini
      186. [edgar_ortiz]
      187. path = /srv/dev-disk-by-label-DISC02/edgar_ortiz
      188. hide special files = Yes
      189. create mask = 0664
      190. directory mask = 0775
      191. force create mode = 0664
      192. force directory mode = 0775
      193. inherit acls = Yes
      194. read only = No
      195. valid users = Administrador edgar_ortiz
      196. write list = Administrador edgar_ortiz
      197. [claudio_lopez]
      198. path = /srv/dev-disk-by-label-DISC02/claudio_lopez
      199. hide special files = Yes
      200. create mask = 0664
      201. directory mask = 0775
      202. force create mode = 0664
      203. force directory mode = 0775
      204. inherit acls = Yes
      205. read only = No
      206. valid users = Administrador claudio_lopez
      207. write list = Administrador claudio_lopez
      208. [chantal_fechser]
      209. path = /srv/dev-disk-by-label-DISC02/chantal_fechser
      210. hide special files = Yes
      211. create mask = 0664
      212. directory mask = 0775
      213. force create mode = 0664
      214. force directory mode = 0775
      215. inherit acls = Yes
      216. read only = No
      217. valid users = Administrador chantal_fechser
      218. write list = Administrador chantal_fechser
      219. [cecilia_albarracin]
      220. path = /srv/dev-disk-by-label-DISC02/cecilia_albarracin
      221. hide special files = Yes
      222. create mask = 0664
      223. directory mask = 0775
      224. force create mode = 0664
      225. force directory mode = 0775
      226. inherit acls = Yes
      227. read only = No
      228. valid users = Administrador cecilia_albarracin
      229. write list = Administrador cecilia_albarracin
      230. [casimiro_polledo]
      231. path = /srv/dev-disk-by-label-DISC02/casimiro_polledo
      232. hide special files = Yes
      233. create mask = 0664
      234. directory mask = 0775
      235. force create mode = 0664
      236. force directory mode = 0775
      237. inherit acls = Yes
      238. read only = No
      239. valid users = Administrador casimiro_polledo
      240. write list = Administrador casimiro_polledo
      241. [carlos_boveri]
      242. path = /srv/dev-disk-by-label-DISC02/carlos_boveri
      243. hide special files = Yes
      244. create mask = 0664
      245. directory mask = 0775
      246. force create mode = 0664
      247. force directory mode = 0775
      248. inherit acls = Yes
      249. read only = No
      250. valid users = Administrador carlos_boveri
      251. write list = Administrador carlos_boveri
      252. [carlos_badell]
      253. path = /srv/dev-disk-by-label-DISC02/carlos_badell
      254. hide special files = Yes
      255. create mask = 0664
      256. directory mask = 0775
      257. force create mode = 0664
      258. force directory mode = 0775
      259. inherit acls = Yes
      260. read only = No
      261. valid users = Administrador carlos_badell
      262. write list = Administrador carlos_badell
      263. [alejandra_mejia]
      264. path = /srv/dev-disk-by-label-DISC02/alejandra_mejia
      265. hide special files = Yes
      266. create mask = 0664
      267. directory mask = 0775
      268. force create mode = 0664
      269. force directory mode = 0775
      270. inherit acls = Yes
      271. read only = No
      272. valid users = Administrador alejandra_mejia
      273. write list = Administrador alejandra_mejia
      Display All
    • To get an idea what's happening with regard to authentication problems in OMV the following might help:

      • In the OMV UI in the SMB/CIFS section change 'Log level' from None to Normal
      • Then in a terminal window on the OMV server start tail -f /var/log/syslog | grep -i authentication
      Then connecting from a client (again using net view for example) will reveal what really happens. More information can be gathered by switching Log level to Full and filtering for smbd instead of authentication. But then output is really verbose and it's recommended to switch to a lower Log level like Minimum or None when debugging is finished since log files get huge and even NAS performance can be affected negatively with the higher Log Levels.

      The post was edited 1 time, last by tkaiser ().

    • Right, I did everything you told me. If I did not make mistakes, this is the result (log level = Normal):

      Source Code

      1. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579225, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      2. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[servidor]"
      3. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579481, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      4. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[aldana_chazarreta]"
      5. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579704, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      6. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[ex-empleados]"
      7. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579928, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      8. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[servicio_tecnico]"
      9. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580146, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      10. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[roddy_bonilla]"
      11. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580365, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      12. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[roberto_schulzen]"
      13. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580589, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      14. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[roberto_gonzalez]"
      15. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580800, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      16. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[ricardo_marote]"
      17. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581018, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      18. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[rafael_perez]"
      19. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581251, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      20. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[pablo_brancato]"
      21. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581477, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      22. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[natalia_hermann]"
      23. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581689, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      24. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[nadia_ziegler]"
      25. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581907, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      26. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[javier_pastini]"
      27. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582125, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      28. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[edgar_ortiz]"
      29. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582347, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      30. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[claudio_lopez]"
      31. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582565, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      32. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[chantal_fechser]"
      33. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582777, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      34. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[cecilia_albarracin]"
      35. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582995, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      36. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[casimiro_polledo]"
      37. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.583207, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      38. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[carlos_boveri]"
      39. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.583418, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      40. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[carlos_badell]"
      41. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.583630, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      42. May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[alejandra_mejia]"
      43. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.584214, 2] ../libcli/auth/ntlm_check.c:424(ntlm_password_check)
      44. May 20 19:45:14 SCH-BAK001 smbd[3030]: ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador
      45. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.584440, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
      46. May 20 19:45:14 SCH-BAK001 smbd[3030]: check_ntlm_password: Authentication for user [Administrador] -> [Administrador] FAILED with error NT_STATUS_WRONG_PASSWORD
      47. May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.593498, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
      48. May 20 19:45:14 SCH-BAK001 smbd[3030]: SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
      Display All
    • Idem with log level = full


      Source Code

      1. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848165, 3] ../source3/lib/access.c:338(allow_access)
      2. May 20 19:53:24 SCH-BAK001 smbd[4405]: Allowed connection from 10.152.15.102 (10.152.15.102)
      3. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848361, 3] ../source3/smbd/oplock.c:1328(init_oplocks)
      4. May 20 19:53:24 SCH-BAK001 smbd[4405]: init_oplocks: initializing messages.
      5. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848441, 3] ../source3/smbd/process.c:1958(process_smb)
      6. May 20 19:53:24 SCH-BAK001 smbd[4405]: Transaction 0 of length 159 (0 toread)
      7. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848498, 3] ../source3/smbd/process.c:1538(switch_message)
      8. May 20 19:53:24 SCH-BAK001 smbd[4405]: switch message SMBnegprot (pid 4405) conn 0x0
      9. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849620, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      10. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [PC NETWORK PROGRAM 1.0]
      11. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849675, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      12. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [LANMAN1.0]
      13. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849706, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      14. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [Windows for Workgroups 3.1a]
      15. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849736, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      16. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [LM1.2X002]
      17. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849765, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      18. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [LANMAN2.1]
      19. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849794, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      20. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [NT LM 0.12]
      21. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849823, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      22. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [SMB 2.002]
      23. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849851, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      24. May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [SMB 2.???]
      25. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849993, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
      26. May 20 19:53:24 SCH-BAK001 smbd[4405]: Selected protocol SMB2_FF
      27. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852517, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      28. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'gssapi_spnego' registered
      29. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852561, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      30. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'gssapi_krb5' registered
      31. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852590, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      32. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'gssapi_krb5_sasl' registered
      33. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852620, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      34. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'spnego' registered
      35. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852650, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      36. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'schannel' registered
      37. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852678, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      38. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'naclrpc_as_system' registered
      39. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852708, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      40. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'sasl-EXTERNAL' registered
      41. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852738, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      42. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'ntlmssp' registered
      43. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852766, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      44. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'ntlmssp_resume_ccache' registered
      45. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852797, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      46. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'http_basic' registered
      47. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852828, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      48. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'http_ntlm' registered
      49. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852858, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      50. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'krb5' registered
      51. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852887, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      52. May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'fake_gssapi_krb5' registered
      53. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.853038, 3] ../source3/smbd/negprot.c:744(reply_negprot)
      54. May 20 19:53:24 SCH-BAK001 smbd[4405]: Selected protocol SMB 2.???
      55. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.927086, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
      56. May 20 19:53:24 SCH-BAK001 smbd[4405]: Selected protocol SMB2_10
      57. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.928452, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
      58. May 20 19:53:24 SCH-BAK001 smbd[4405]: Got NTLMSSP neg_flags=0xe2088297
      59. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929197, 3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
      60. May 20 19:53:24 SCH-BAK001 smbd[4405]: Got user=[Administrador] domain=[DEMAG] workstation=[SCH-DS002] len1=24 len2=24
      61. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929249, 3] ../source3/param/loadparm.c:3739(lp_load_ex)
      62. May 20 19:53:24 SCH-BAK001 smbd[4405]: lp_load_ex: refreshing parameters
      63. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929339, 3] ../source3/param/loadparm.c:542(init_globals)
      64. May 20 19:53:24 SCH-BAK001 smbd[4405]: Initialising global parameters
      65. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929442, 3] ../source3/param/loadparm.c:2668(lp_do_section)
      66. May 20 19:53:24 SCH-BAK001 smbd[4405]: Processing section "[global]"
      67. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929742, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      68. May 20 19:53:24 SCH-BAK001 smbd[4405]: Processing section "[servidor]"
      69. .......
      70. May 20 19:53:24 SCH-BAK001 smbd[4405]: Processing section "[alejandra_mejia]"
      71. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934355, 3] ../source3/param/loadparm.c:1585(lp_add_ipc)
      72. May 20 19:53:24 SCH-BAK001 smbd[4405]: adding IPC service
      73. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934409, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
      74. May 20 19:53:24 SCH-BAK001 smbd[4405]: check_ntlm_password: Checking password for unmapped user [DEMAG]\[Administrador]@[SCH-DS002] with the new password interface
      75. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934442, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
      76. May 20 19:53:24 SCH-BAK001 smbd[4405]: check_ntlm_password: mapped user is: [SCH-BAK001]\[Administrador]@[SCH-DS002]
      77. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934734, 3] ../source3/passdb/lookup_sid.c:1645(get_primary_group_sid)
      78. May 20 19:53:24 SCH-BAK001 smbd[4405]: Forcing Primary Group to 'Domain Users' for Administrador
      79. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934842, 2] ../libcli/auth/ntlm_check.c:424(ntlm_password_check)
      80. May 20 19:53:24 SCH-BAK001 smbd[4405]: ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador
      81. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934873, 3] ../libcli/auth/ntlm_check.c:431(ntlm_password_check)
      82. May 20 19:53:24 SCH-BAK001 smbd[4405]: ntlm_password_check: NEITHER LanMan nor NT password supplied for user Administrador
      83. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935093, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
      84. May 20 19:53:24 SCH-BAK001 smbd[4405]: check_ntlm_password: Authentication for user [Administrador] -> [Administrador] FAILED with error NT_STATUS_WRONG_PASSWORD
      85. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935148, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
      86. May 20 19:53:24 SCH-BAK001 smbd[4405]: SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
      87. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935211, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
      88. May 20 19:53:24 SCH-BAK001 smbd[4405]: smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
      89. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935703, 3] ../source3/smbd/server_exit.c:246(exit_server_common)
      90. May 20 19:53:24 SCH-BAK001 smbd[4405]: Server exit (NT_STATUS_CONNECTION_RESET)
      91. May 20 19:53:24 SCH-BAK001 smbd[4293]: [2019/05/20 19:53:24.942793, 3] ../source3/lib/util_procid.c:54(pid_to_procid)
      92. May 20 19:53:24 SCH-BAK001 smbd[4293]: pid_to_procid: messaging_dgm_get_unique failed: No existe el fichero o el directorio
      Display All
    • towerpc wrote:

      ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador
      This means that Samba is configured to refuse older and insecure NTLMv1 authentication attempts and that your 2008 R2 install tries only with this (while 'Send NTLMv2 response only' should be default starting with 2008 R2).

      Two options:
      • Weaken security by adding "ntlm auth = yes" to Samba's 'Extra Options' at the bottom of the SMB/CIFS settings page (that's not recommended but most probably what LaCie did)
      • Fix security by configuring Windows 2008R2 to use NTLMv2 authentication. See here or there.
      But most probably the best idea is to let OMV join the domain so that clients then authenticate using Kerberos tickets instead.
    • tkaiser wrote:

      towerpc wrote:

      ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador
      This means that Samba is configured to refuse older and insecure NTLMv1 authentication attempts and that your 2008 R2 install tries only with this (while 'Send NTLMv2 response only' should be default starting with 2008 R2).
      Two options:
      • Weaken security by adding "ntlm auth = yes" to Samba's 'Extra Options' at the bottom of the SMB/CIFS settings page (that's not recommended but most probably what LaCie did)
      • Fix security by configuring Windows 2008R2 to use NTLMv2 authentication. See here or there.
      But most probably the best idea is to let OMV join the domain so that clients then authenticate using Kerberos tickets instead.
      tkaiser YOU ARE THE BEST!!!!!!

      NTLM IS THE PROBLEM!!! YOU ARE SOLVED!!!

      THANK YOU VERY MUCH!!!
    • Users Online 1

      1 Guest