I have installed OMV several times without problems. I currently have a network composed of Server 2008R2 domain server + 15 Windows 10 computers. From any computer with Windows 10 it is possible to access OMV folders before logging in. But since Windows Server 2008R2 it is not possible to login, it always gives a user error or password on any folder, even though the credentials are correct. Previously I used a Lacie d2 network2 NAS (based on Linux) with no problems accessing both Windows 10 and Server 2008R2. Even at this moment, I can access this NAS, but not OMV. I have searched the Internet if the problem is Samba or Server 2008 without being able to find a solution that solves the problem. The OMV version is 4.1.22. I already appreciate.
Server 2008R2 unable access samba shares OMV
-
- OMV 4.x
- towerpc
-
-
Are you actually running a domain or is it peer to peer?
Take a look at this How-To. Specifically take a look at the section titled Domain Connected Windows 10 Clients / Servers. Be sure to follow the link "guide to levels 1 through 5", to Microsoft's reference on the security levels and read the notes related to Server2008R2. Be aware of the risks - given the age of the server OS, I'm assuming it has no exposure to the internet. ( ? )
_______________________Perhaps @geaves might chime in.
-
If you're open for a structured attempt to resolve issues then please do not start to fiddle around with adjusting settings here and there right now but follow basic troubleshooting principles allowing to improve situation with OMV.
From any computer with Windows 10 it is possible to access OMV folders before logging in
I don't get the meaning of ' before logging in' but anyway. Please try to access any of your OMV shares this way from a Win10 system and then on the OMV's server provide output of these two commands as root:
The smbstatus output allows us to diagnose the status of authentication, user/group (important to diagnose potential permission issues), SMB version, Encryption and Signing and also which share is affected:
Sample output:
Code
Alles anzeigenroot@OMV:/# smbstatus Samba version 4.5.16-Debian PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 20591 John users 192.168.83.145 (ipv4:192.168.83.145:55123) SMB3_02 - partial(AES-128-CMAC) 20761 tk users 192.168.83.144 (ipv4:192.168.83.144:52437) SMB3_11 - partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- SAMBA_BTRFS 20761 192.168.83.144 Fri May 17 11:21:24 2019 UTC - - SAMBA_BTRFS 20591 192.168.83.145 Fri May 17 11:16:51 2019 UTC - - Locked files: Pid Uid DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 20591 1000 DENY_NONE 0x20087 RDWR NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS LanTest-6.0.0-172.16.160.1-mac-tk-2018.log Fri May 17 11:17:09 2019 20591 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:17:11 2019 20761 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:21:23 2019 20761 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:21:23 2019 20761 1000 DENY_NONE 0x100081 RDONLY NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS . Fri May 17 11:21:23 2019 20591 1000 DENY_NONE 0x20087 RDWR NONE /srv/dev-disk-by-id-usb-Samsung_SSD_750_EVO_000000123ADA-0-0-part1/SAMBA_BTRFS LanTest-tmp 172.16.160.1 mac-tk-2018/LanTest-Bigfile Fri May 17 11:20:22 2019
If you provide the output you can skip the 'Locked files' section and obfuscate IP addresses. But rest of information should remain intact. Then output from testparm will give an overview about your Samba settings. It should contain the [global] section as well as the share definition the client actually accesses.
This is the first step to get an idea what's happening. Adjusting settings here or there is only the next step.
-
If you're open for a structured attempt to resolve issues then please do not start to fiddle around with adjusting settings here and there right now but follow basic troubleshooting principles allowing to improve situation with OMV.
Well this is going to be interesting this will be my only post in here;
The OP cannot access OMV shares from Sever2008, client access to OMV works! As yet we don't know if the OP is using OMV in a peer to peer environment or a domain, and FYI I have integrated OMV into an MS domain but for a specific use.
@towerpc I hope you get this sorted, but it is doable.
-
The OP cannot access OMV shares from Sever2008, client access to OMV works!
Yes, @towerpc wrote that in the first post here. That's why I asked for smbstatus and testparmoutput with such a client connected to get an idea whether this connection is established as guest or authenticated (and whether it's authentication against local user accounts on the OMV server or AD).
All these questions can be answered in a single step by using the troubleshooting tools the Samba project provides for exactly this reason
-
-
Apologies if I express myself badly. I do not speak English and everything is translated with Google.
The network structure is formed in the following way:1 Microsoft Server 2008R2 computer with domain server
1 OMV 4.1.22
1 NAS Lacie d2 network2
10 Microsoft Windows 10 attached to the domain
5 Microsoft Windows 10 not attached to the domainThe 15 computers with Windows 10 can access the shared folders of Lacie NAS and OMV 4.1.22. No problem to access the contents of the folders and to log into them.
The Microsoft Server 2008R2 computer can access the shared Lacie NAS folders without problem.
The Microsoft Server 2008R2 computer CAN NOT access the shared folders of OMV 4.1.22. Always incorrect user error or password. Both accessing with the name of the team and with the IP thereof.I hope the translation is clearer.
Thanks. -
Still a little confused but if the only one not working is the 2008 server try mapping a network drive. You can enter a different user and password that way.
-
The 15 computers with Windows 10 can access the shared folders of Lacie NAS and OMV 4.1.22
So it doesn't matter whether they've joined the domain or not and as such this looks like an authentication issue.
Again: please connect with one of the Win10 machines to the OMV server and then provide output of smbstatus and testparm commands on the server. For this you need SSH access to the server or you install the shellinabox plugin and authenticate on the OMV server as root.
To help further nailing the problem down please open cmd.exe on your Win2008 server and provide the output of net view \\$server for both the OMV box and your LaCie NAS. Therefore replace $server in the aforementioned command with the IP addresses of the OMV machine and the LaCie box.
-
Still a little confused but if the only one not working is the 2008 server try mapping a network drive. You can enter a different user and password that way.
Right. Only Server 2008R2 can not connect to OMV shared folders. Error login always with any of the accounts created in OMV.
So it doesn't matter whether they've joined the domain or not and as such this looks like an authentication issue.
10 Microsoft Windows 10 ATTACHED TO THE DOMAIN
5 Microsoft Windows 10 NOT ATTACHED TO THE DOMAINsummarizing. Only server 2008r2 can not access the shared OMV folders. all the rest works perfectly.
-
Only server 2008r2 can not access the shared OMV folders. all the rest works perfectly
You wote this already multiple times. What about now providing output from the commands as you've been asked for?
-
You wote this already multiple times. What about now providing output from the commands as you've been asked for?
Here the results:
net view (10.152.15.131 IP for OMV, 10.152.15.133 IP for Lacie d2
Code
Alles anzeigenMicrosoft Windows [Versión 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Reservados todos los derechos. C:\Users\administrador.DEMAG>net view \\10.152.15.131 Error de sistema 5. Acceso denegado. C:\Users\administrador.DEMAG>net view \\10.152.15.133 Recursos compartidos en \\10.152.15.133 SCH-BAK002 Nombre de recurso compartido Tipo Usado como Comentario ------------------------------------------------------------------------------- aldana_chazarreta Disco alejandra_mejia Disco carlos_badell Disco carlos_boveri Disco casimiro_polledo Disco cecilia_albarracin Disco chantal_fechser Disco claudio_lopez Disco edgar_ortiz Disco gonzalez_note Disco nadia_ziegler Disco nicolas_luraghi Disco pablo_brancato Disco rafael_perez Disco ricardo_marote Disco roberto_gonzalez Disco roberto_schulzen Disco servicio_tecnico Disco servidor Disco towerpc Disco Se ha completado el comando correctamente. C:\Users\administrador.DEMAG>
-
smbstatus
Code
Alles anzeigenlogin as: root root@10.152.15.131's password: Linux SCH-BAK001 4.19.0-0.bpo.4-amd64 #1 SMP Debian 4.19.28-2~bpo9+1 (2019-03-27 ) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon May 20 13:55:26 2019 from 10.152.15.14 root@SCH-BAK001:~# smbstatus Samba version 4.5.16-Debian PID Username Group Machine Prot ocol Version Encryption Signing -------------------------------------------------------------------------------- -------------------------------------------------------- 1168 edgar_ortiz users 10.152.15.25 (ipv4:10.152.15.25:51754) SMB3 _11 - partial(AES-128-CMAC) 1087 pablo_brancato users 10.152.15.15 (ipv4:10.152.15.15:50908) SM B3_11 - partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing -------------------------------------------------------------------------------- ------------- edgar_ortiz 1168 10.152.15.25 lun may 20 18:00:03 2019 -03 - - pablo_brancato 1087 10.152.15.15 lun may 20 18:00:02 2019 -03 - - Locked files: Pid Uid DenyMode Access R/W Oplock Share Path Name Time -------------------------------------------------------------------------------- ------------------ 1168 1009 DENY_ALL 0x17019f RDWR LEASE(RWH) /srv/ dev-disk-by-label-DISC02/edgar_ortiz _gsdata_/63aafc98d584c775ba03f3e728f48282 .pst Mon May 20 18:19:56 2019 1087 1012 DENY_NONE 0x100081 RDONLY NONE /srv/ dev-disk-by-label-DISC02/pablo_brancato . Mon May 20 18:00:02 2019 1168 1009 DENY_NONE 0x100081 RDONLY NONE /srv/ dev-disk-by-label-DISC02/edgar_ortiz . Mon May 20 18:00:23 2019 1087 1012 DENY_ALL 0x17019f RDWR LEASE(RWH) /srv/ dev-disk-by-label-DISC02/pablo_brancato _gsdata_/c0a1a5426d9f317aeded1d11e7159 caa.pst Mon May 20 18:00:02 2019
-
testparm
Code
Alles anzeigenroot@SCH-BAK001:~# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[aldana_chazarreta]" Processing section "[ex-empleados]" Processing section "[servicio_tecnico]" Processing section "[roddy_bonilla]" Processing section "[roberto_schulzen]" Processing section "[roberto_gonzalez]" Processing section "[ricardo_marote]" Processing section "[rafael_perez]" Processing section "[pablo_brancato]" Processing section "[natalia_hermann]" Processing section "[nadia_ziegler]" Processing section "[javier_pastini]" Processing section "[edgar_ortiz]" Processing section "[claudio_lopez]" Processing section "[chantal_fechser]" Processing section "[cecilia_albarracin]" Processing section "[casimiro_polledo]" Processing section "[carlos_boveri]" Processing section "[carlos_badell]" Processing section "[alejandra_mejia]" Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] server string = %h server workgroup = DEMAG log file = /var/log/samba/log.%m logging = syslog max log size = 1000 panic action = /usr/share/samba/panic-action %d disable spoolss = Yes load printers = No printcap name = /dev/null pam password change = Yes passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u socket options = TCP_NODELAY IPTOS_LOWDELAY dns proxy = No idmap config * : backend = tdb printing = bsd acl allow execute always = Yes create mask = 0777 directory mask = 0777 aio read size = 16384 aio write size = 16384 use sendfile = Yes [aldana_chazarreta] path = /srv/dev-disk-by-label-DISC02/aldana_chazarreta hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador aldana_chazarreta write list = Administrador aldana_chazarreta [ex-empleados] path = /srv/dev-disk-by-label-DISC02/ex-empleados hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador alejandra_mejia claudio_lopez roberto_schulzen write list = Administrador alejandra_mejia claudio_lopez roberto_schulzen [servicio_tecnico] path = /srv/dev-disk-by-label-DISC02/servicio_tecnico hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador servicio_tecnico write list = Administrador servicio_tecnico [roddy_bonilla] path = /srv/dev-disk-by-label-DISC02/roddy_bonilla hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador roddy_bonilla write list = Administrador roddy_bonilla [roberto_schulzen] path = /srv/dev-disk-by-label-DISC02/roberto_schulzen hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador roberto_schulzen write list = Administrador roberto_schulzen [roberto_gonzalez] path = /srv/dev-disk-by-label-DISC02/roberto_gonzalez hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador roberto_gonzalez write list = Administrador roberto_gonzalez [ricardo_marote] path = /srv/dev-disk-by-label-DISC02/ricardo_marote hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador ricardo_marote write list = Administrador ricardo_marote [rafael_perez] path = /srv/dev-disk-by-label-DISC02/rafael_perez hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador rafael_perez write list = Administrador rafael_perez [pablo_brancato] path = /srv/dev-disk-by-label-DISC02/pablo_brancato hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador pablo_brancato write list = Administrador pablo_brancato [natalia_hermann] path = /srv/dev-disk-by-label-DISC02/natalia_hermann hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador natalia_hermann write list = Administrador natalia_hermann [nadia_ziegler] path = /srv/dev-disk-by-label-DISC02/nadia_ziegler hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador nadia_ziegler write list = Administrador nadia_ziegler [javier_pastini] path = /srv/dev-disk-by-label-DISC02/javier_pastini hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador javier_pastini write list = Administrador javier_pastini [edgar_ortiz] path = /srv/dev-disk-by-label-DISC02/edgar_ortiz hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador edgar_ortiz write list = Administrador edgar_ortiz [claudio_lopez] path = /srv/dev-disk-by-label-DISC02/claudio_lopez hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador claudio_lopez write list = Administrador claudio_lopez [chantal_fechser] path = /srv/dev-disk-by-label-DISC02/chantal_fechser hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador chantal_fechser write list = Administrador chantal_fechser [cecilia_albarracin] path = /srv/dev-disk-by-label-DISC02/cecilia_albarracin hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador cecilia_albarracin write list = Administrador cecilia_albarracin [casimiro_polledo] path = /srv/dev-disk-by-label-DISC02/casimiro_polledo hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador casimiro_polledo write list = Administrador casimiro_polledo [carlos_boveri] path = /srv/dev-disk-by-label-DISC02/carlos_boveri hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador carlos_boveri write list = Administrador carlos_boveri [carlos_badell] path = /srv/dev-disk-by-label-DISC02/carlos_badell hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador carlos_badell write list = Administrador carlos_badell [alejandra_mejia] path = /srv/dev-disk-by-label-DISC02/alejandra_mejia hide special files = Yes create mask = 0664 directory mask = 0775 force create mode = 0664 force directory mode = 0775 inherit acls = Yes read only = No valid users = Administrador alejandra_mejia write list = Administrador alejandra_mejia
-
net view (10.152.15.131 IP for OMV, 10.152.15.133 IP for Lacie d2
Thank you a lot. What happens if you use 'Credential Manager' on your 2008R2 server to add logon credentials of an OMV user? See starting at step 6) here: [HOW-TO] Connect to OMV SMB shares with Windows 10
Really interesting that there's no issue accessing the LaCie NAS (most probably also using Samba).
-
To get an idea what's happening with regard to authentication problems in OMV the following might help:
- In the OMV UI in the SMB/CIFS section change 'Log level' from None to Normal
- Then in a terminal window on the OMV server start tail -f /var/log/syslog | grep -i authentication
Then connecting from a client (again using net view for example) will reveal what really happens. More information can be gathered by switching Log level to Full and filtering for smbd instead of authentication. But then output is really verbose and it's recommended to switch to a lower Log level like Minimum or None when debugging is finished since log files get huge and even NAS performance can be affected negatively with the higher Log Levels.
-
Right, I did everything you told me. If I did not make mistakes, this is the result (log level = Normal):
Code
Alles anzeigenMay 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579225, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[servidor]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579481, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[aldana_chazarreta]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579704, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[ex-empleados]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.579928, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[servicio_tecnico]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580146, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[roddy_bonilla]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580365, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[roberto_schulzen]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580589, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[roberto_gonzalez]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.580800, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[ricardo_marote]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581018, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[rafael_perez]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581251, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[pablo_brancato]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581477, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[natalia_hermann]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581689, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[nadia_ziegler]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.581907, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[javier_pastini]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582125, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[edgar_ortiz]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582347, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[claudio_lopez]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582565, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[chantal_fechser]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582777, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[cecilia_albarracin]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.582995, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[casimiro_polledo]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.583207, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[carlos_boveri]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.583418, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[carlos_badell]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.583630, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:45:14 SCH-BAK001 smbd[3030]: Processing section "[alejandra_mejia]" May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.584214, 2] ../libcli/auth/ntlm_check.c:424(ntlm_password_check) May 20 19:45:14 SCH-BAK001 smbd[3030]: ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.584440, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) May 20 19:45:14 SCH-BAK001 smbd[3030]: check_ntlm_password: Authentication for user [Administrador] -> [Administrador] FAILED with error NT_STATUS_WRONG_PASSWORD May 20 19:45:14 SCH-BAK001 smbd[3030]: [2019/05/20 19:45:14.593498, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg) May 20 19:45:14 SCH-BAK001 smbd[3030]: SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
-
Idem with log level = full
Code
Alles anzeigenMay 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848165, 3] ../source3/lib/access.c:338(allow_access) May 20 19:53:24 SCH-BAK001 smbd[4405]: Allowed connection from 10.152.15.102 (10.152.15.102) May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848361, 3] ../source3/smbd/oplock.c:1328(init_oplocks) May 20 19:53:24 SCH-BAK001 smbd[4405]: init_oplocks: initializing messages. May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848441, 3] ../source3/smbd/process.c:1958(process_smb) May 20 19:53:24 SCH-BAK001 smbd[4405]: Transaction 0 of length 159 (0 toread) May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.848498, 3] ../source3/smbd/process.c:1538(switch_message) May 20 19:53:24 SCH-BAK001 smbd[4405]: switch message SMBnegprot (pid 4405) conn 0x0 May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849620, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [PC NETWORK PROGRAM 1.0] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849675, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [LANMAN1.0] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849706, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [Windows for Workgroups 3.1a] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849736, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [LM1.2X002] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849765, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [LANMAN2.1] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849794, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [NT LM 0.12] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849823, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [SMB 2.002] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849851, 3] ../source3/smbd/negprot.c:603(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Requested protocol [SMB 2.???] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.849993, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Selected protocol SMB2_FF May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852517, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'gssapi_spnego' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852561, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'gssapi_krb5' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852590, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'gssapi_krb5_sasl' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852620, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'spnego' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852650, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'schannel' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852678, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'naclrpc_as_system' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852708, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'sasl-EXTERNAL' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852738, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'ntlmssp' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852766, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'ntlmssp_resume_ccache' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852797, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'http_basic' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852828, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'http_ntlm' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852858, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'krb5' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.852887, 3] ../auth/gensec/gensec_start.c:908(gensec_register) May 20 19:53:24 SCH-BAK001 smbd[4405]: GENSEC backend 'fake_gssapi_krb5' registered May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.853038, 3] ../source3/smbd/negprot.c:744(reply_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Selected protocol SMB 2.??? May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.927086, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) May 20 19:53:24 SCH-BAK001 smbd[4405]: Selected protocol SMB2_10 May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.928452, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) May 20 19:53:24 SCH-BAK001 smbd[4405]: Got NTLMSSP neg_flags=0xe2088297 May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929197, 3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth) May 20 19:53:24 SCH-BAK001 smbd[4405]: Got user=[Administrador] domain=[DEMAG] workstation=[SCH-DS002] len1=24 len2=24 May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929249, 3] ../source3/param/loadparm.c:3739(lp_load_ex) May 20 19:53:24 SCH-BAK001 smbd[4405]: lp_load_ex: refreshing parameters May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929339, 3] ../source3/param/loadparm.c:542(init_globals) May 20 19:53:24 SCH-BAK001 smbd[4405]: Initialising global parameters May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929442, 3] ../source3/param/loadparm.c:2668(lp_do_section) May 20 19:53:24 SCH-BAK001 smbd[4405]: Processing section "[global]" May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.929742, 2] ../source3/param/loadparm.c:2685(lp_do_section) May 20 19:53:24 SCH-BAK001 smbd[4405]: Processing section "[servidor]" ....... May 20 19:53:24 SCH-BAK001 smbd[4405]: Processing section "[alejandra_mejia]" May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934355, 3] ../source3/param/loadparm.c:1585(lp_add_ipc) May 20 19:53:24 SCH-BAK001 smbd[4405]: adding IPC service May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934409, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password) May 20 19:53:24 SCH-BAK001 smbd[4405]: check_ntlm_password: Checking password for unmapped user [DEMAG]\[Administrador]@[SCH-DS002] with the new password interface May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934442, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password) May 20 19:53:24 SCH-BAK001 smbd[4405]: check_ntlm_password: mapped user is: [SCH-BAK001]\[Administrador]@[SCH-DS002] May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934734, 3] ../source3/passdb/lookup_sid.c:1645(get_primary_group_sid) May 20 19:53:24 SCH-BAK001 smbd[4405]: Forcing Primary Group to 'Domain Users' for Administrador May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934842, 2] ../libcli/auth/ntlm_check.c:424(ntlm_password_check) May 20 19:53:24 SCH-BAK001 smbd[4405]: ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.934873, 3] ../libcli/auth/ntlm_check.c:431(ntlm_password_check) May 20 19:53:24 SCH-BAK001 smbd[4405]: ntlm_password_check: NEITHER LanMan nor NT password supplied for user Administrador May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935093, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) May 20 19:53:24 SCH-BAK001 smbd[4405]: check_ntlm_password: Authentication for user [Administrador] -> [Administrador] FAILED with error NT_STATUS_WRONG_PASSWORD May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935148, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg) May 20 19:53:24 SCH-BAK001 smbd[4405]: SPNEGO login failed: NT_STATUS_WRONG_PASSWORD May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935211, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) May 20 19:53:24 SCH-BAK001 smbd[4405]: smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134 May 20 19:53:24 SCH-BAK001 smbd[4405]: [2019/05/20 19:53:24.935703, 3] ../source3/smbd/server_exit.c:246(exit_server_common) May 20 19:53:24 SCH-BAK001 smbd[4405]: Server exit (NT_STATUS_CONNECTION_RESET) May 20 19:53:24 SCH-BAK001 smbd[4293]: [2019/05/20 19:53:24.942793, 3] ../source3/lib/util_procid.c:54(pid_to_procid) May 20 19:53:24 SCH-BAK001 smbd[4293]: pid_to_procid: messaging_dgm_get_unique failed: No existe el fichero o el directorio
-
ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador
This means that Samba is configured to refuse older and insecure NTLMv1 authentication attempts and that your 2008 R2 install tries only with this (while 'Send NTLMv2 response only' should be default starting with 2008 R2).
Two options:
- Weaken security by adding "ntlm auth = yes" to Samba's 'Extra Options' at the bottom of the SMB/CIFS settings page (that's not recommended but most probably what LaCie did)
- Fix security by configuring Windows 2008R2 to use NTLMv2 authentication. See here or there.
But most probably the best idea is to let OMV join the domain so that clients then authenticate using Kerberos tickets instead.
-
This means that Samba is configured to refuse older and insecure NTLMv1 authentication attempts and that your 2008 R2 install tries only with this (while 'Send NTLMv2 response only' should be default starting with 2008 R2).
Two options:- Weaken security by adding "ntlm auth = yes" to Samba's 'Extra Options' at the bottom of the SMB/CIFS settings page (that's not recommended but most probably what LaCie did)
- Fix security by configuring Windows 2008R2 to use NTLMv2 authentication. See here or there.
But most probably the best idea is to let OMV join the domain so that clients then authenticate using Kerberos tickets instead.
tkaiser YOU ARE THE BEST!!!!!!
NTLM IS THE PROBLEM!!! YOU ARE SOLVED!!!
THANK YOU VERY MUCH!!!
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!