Hello,
I'm facing a little problem with my OMV installation that I didn't have before.
My OMV server is hosted on a private network behind a firewall. This firewall acts as a VPN server.
A lot of users can access this server from outside the private network using an OpenVPN client with the following method :
- Connection to the VPN server with an active directory account (windows 10 environment)
- connection to the server via a windows explorer using the "\\ip.of.the.server" adress
- fill of the openmediavault login/password on the windows pop-up (different login & password than those set on the active directory)
- Then the list of the SMB shares are visible and we can navigate respecting the users rights set on OMV
Now, for one and only one of the user, I have the following beahvior :
- Connection to the VPN server with an active directory account (windows 10 environment)
- connection to the server via a windows explorer using the "\\ip.of.the.server" adress
- Then the list of the SMB shares are visible while the login/password has never been filled, but impossible to navigate of course
- Trying to navigate in a SMB share, windows displays a pop-up asking for login&password (but not the same than the other users. For this one, windows seems to try first with the session id and fails, and after proposes to try with another account)
- after completion of login&password --> Fail
When I try this user account from my computer, everything is OK.
When I try with the user's computer --> fail.
When I activate the SMB logs, I can see that in this user case, windows seems to send a request as soon as he tries to connect to the smb:\\server before requiring login&password. On the log I can read that :
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: [2021/03/02 10:58:21.153308, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: check_ntlm_password: Checking password for unmapped user []\[]@[YYYYYYYYYYY] with the new password interface
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: [2021/03/02 10:58:21.153339, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: check_ntlm_password: mapped user is: []\[]@[YYYYYYYYYYY]
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: [2021/03/02 10:58:21.153373, 3] ../source3/auth/auth.c:256(auth_check_ntlm_password)
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: auth_check_ntlm_password: anonymous authentication for user [] succeeded
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: [2021/03/02 10:58:21.153460, 3] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: Auth: [SMB2,(null)] user []\[] at [mar., 02 mars 2021 10:58:21.153413 CET] with [(null)] status [NT_STATUS_OK] workstation [YYYYYYYYYYY] remote host [ipv4:YYYYYYYYYYY] became [YYYYYYYYYYY]\[YYYYYYYYYYY1]. local host [ipv4:YYYYYYYYYYY]
Mar 2 10:58:21 xxxxxxxxxxx smbd[13226]: {"timestamp": "2021-03-02T10:58:21.153602+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:YYYYYYYYYYY", "remotepv4:YYYYYYYYYYY", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "YYYYYYYYYYY", "becameAccount": "nobody", "becameDomain": "YYYYYYYYYYY", "becameSid": "YYYYYYYYYYY", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": null, "d9851}}
I turned in bold something that seems strange to me (what is this new password interface ?) but that I can't really understand now.
Would you have any idea about what could explain this strange behavior ?
Thanks a lot