Good to Know Database

Samba 3: Authentifizierung mit LM-Hashes erlauben


Seit Samba 3.2 ist die Authentifizierung mit LAN-Manager-Hashes standardmäßig deaktiviert. Sollten Sie noch Clients einsetzen welche ausschließlich LM-Hashes verwenden (z.B. Bart's Network Boot Disk), können Sie wie folgt die Authentifizierung mit LM-Hashes in der Samba-Konfigurationsdatei aktivieren.

Dazu öffnen Sie die Samba-Konfigurationsdatei mit einem Editor.

[root@centos5 ~]# vi /etc/samba/smb.conf

Fügen Sie im globalen Abschnitt die Direktive lanman auth ein und setzen diese auf yes.

[global]
        [...]
        lanman auth = yes

Anschließend starten Sie den Samba-Daemon neu.

[root@centos5 ~]# service smb restart

Wenn die Authentifizierung mit LM-Hashes deaktiviert ist, werden die folgenden Meldungen bei der Authentifizierung eines Clients in die Logdatei /var/log/samba/log.smbd geschrieben.

[2011/05/08 11:53:40.329611,  5] auth/auth.c:487(make_auth_context_subsystem)
  Making default auth method list for standalone security=user, encrypt passwords = yes
[2011/05/08 11:53:40.329665,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend sam
[2011/05/08 11:53:40.329680,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'sam'
[2011/05/08 11:53:40.329692,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend sam_ignoredomain
[2011/05/08 11:53:40.329705,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'sam_ignoredomain'
[2011/05/08 11:53:40.329718,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend unix
[2011/05/08 11:53:40.329733,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'unix'
[2011/05/08 11:53:40.329747,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend winbind
[2011/05/08 11:53:40.329759,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'winbind'
[2011/05/08 11:53:40.329771,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend wbc
[2011/05/08 11:53:40.329784,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'wbc'
[2011/05/08 11:53:40.329795,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend smbserver
[2011/05/08 11:53:40.329808,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'smbserver'
[2011/05/08 11:53:40.329821,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend trustdomain
[2011/05/08 11:53:40.329834,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'trustdomain'
[2011/05/08 11:53:40.329846,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend ntdomain
[2011/05/08 11:53:40.329858,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'ntdomain'
[2011/05/08 11:53:40.329871,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend guest
[2011/05/08 11:53:40.329884,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'guest'
[2011/05/08 11:53:40.329896,  5] auth/auth.c:46(smb_register_auth)
  Attempting to register auth backend netlogond
[2011/05/08 11:53:40.329909,  5] auth/auth.c:58(smb_register_auth)
  Successfully added auth method 'netlogond'
[2011/05/08 11:53:40.329921,  5] auth/auth.c:383(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2011/05/08 11:53:40.329957,  5] auth/auth.c:408(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2011/05/08 11:53:40.329970,  5] auth/auth.c:383(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2011/05/08 11:53:40.329983,  5] auth/auth.c:408(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2011/05/08 11:53:40.329995,  5] auth/auth.c:97(get_ntlm_challenge)
  auth_get_challenge: module guest did not want to specify a challenge
[2011/05/08 11:53:40.330007,  5] auth/auth.c:97(get_ntlm_challenge)
  auth_get_challenge: module sam did not want to specify a challenge
[2011/05/08 11:53:40.330030,  5] auth/auth.c:132(get_ntlm_challenge)
  auth_context challenge created by random
[2011/05/08 11:53:40.330042,  5] auth/auth.c:133(get_ntlm_challenge)
  challenge is:
[2011/05/08 11:53:40.330279,  5] auth/auth_util.c:211(make_user_info_map)
  Mapping user []\[PXEUSER] from workstation [pc-313106]
[2011/05/08 11:53:40.330301,  5] auth/auth_util.c:232(make_user_info_map)
  Mapped domain from [] to [CENTOS5] for user [PXEUSER] from workstation [pc-313106]
[2011/05/08 11:53:40.330316,  5] auth/auth_util.c:122(make_user_info)
  attempting to make a user_info for PXEUSER (PXEUSER)
[2011/05/08 11:53:40.330329,  5] auth/auth_util.c:132(make_user_info)
  making strings for PXEUSER's user_info struct
[2011/05/08 11:53:40.330342,  5] auth/auth_util.c:164(make_user_info)
  making blobs for PXEUSER's user_info struct
[2011/05/08 11:53:40.330355, 10] auth/auth_util.c:182(make_user_info)
  made an encrypted user_info for PXEUSER (PXEUSER)
[2011/05/08 11:53:40.330369,  3] auth/auth.c:216(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[PXEUSER]@[pc-313106] with the new password interface
[2011/05/08 11:53:40.330384,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  mapped user is: [CENTOS5]\[PXEUSER]@[pc-313106]
[2011/05/08 11:53:40.330397, 10] auth/auth.c:228(check_ntlm_password)
  check_ntlm_password: auth_context challenge created by random
[2011/05/08 11:53:40.330409, 10] auth/auth.c:230(check_ntlm_password)
  challenge is:
[2011/05/08 11:53:40.330422, 10] auth/auth.c:256(check_ntlm_password)
  check_ntlm_password: guest had nothing to say
[2011/05/08 11:53:40.330480, 10] passdb/pdb_get_set.c:608(pdb_set_username)
  pdb_set_username: setting username pxeuser, was
[2011/05/08 11:53:40.330496, 10] passdb/pdb_get_set.c:631(pdb_set_domain)
  pdb_set_domain: setting domain CENTOS5, was
[2011/05/08 11:53:40.330509, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username)
  pdb_set_nt_username: setting nt username , was
[2011/05/08 11:53:40.330522, 10] passdb/pdb_get_set.c:677(pdb_set_fullname)
  pdb_set_full_name: setting full name , was
[2011/05/08 11:53:40.330540, 10] passdb/pdb_get_set.c:770(pdb_set_homedir)
  pdb_set_homedir: setting home dir \\centos5\pxeuser, was
[2011/05/08 11:53:40.330554, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive)
  pdb_set_dir_drive: setting dir drive , was NULL
[2011/05/08 11:53:40.330569, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script)
  pdb_set_logon_script: setting logon script , was
[2011/05/08 11:53:40.330585, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path)
  pdb_set_profile_path: setting profile path \\centos5\pxeuser\profile, was
[2011/05/08 11:53:40.330598, 10] passdb/pdb_get_set.c:813(pdb_set_workstations)
  pdb_set_workstations: setting workstations , was
[2011/05/08 11:53:40.330637, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid)
  pdb_set_user_sid: setting user sid S-1-5-21-1161862113-373446228-2921908420-2032
[2011/05/08 11:53:40.330656, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid)
  pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1161862113-373446228-2921908420-2032 from rid 2032
[2011/05/08 11:53:40.330944, 10] passdb/pdb_get_set.c:608(pdb_set_username)
  pdb_set_username: setting username pxeuser, was
[2011/05/08 11:53:40.330960, 10] passdb/pdb_get_set.c:631(pdb_set_domain)
  pdb_set_domain: setting domain CENTOS5, was
[2011/05/08 11:53:40.330982, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username)
  pdb_set_nt_username: setting nt username , was
[2011/05/08 11:53:40.330995, 10] passdb/pdb_get_set.c:677(pdb_set_fullname)
  pdb_set_full_name: setting full name , was
[2011/05/08 11:53:40.331011, 10] passdb/pdb_get_set.c:770(pdb_set_homedir)
  pdb_set_homedir: setting home dir \\centos5\pxeuser, was
[2011/05/08 11:53:40.331024, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive)
  pdb_set_dir_drive: setting dir drive , was NULL
[2011/05/08 11:53:40.331037, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script)
  pdb_set_logon_script: setting logon script , was
[2011/05/08 11:53:40.331052, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path)
  pdb_set_profile_path: setting profile path \\centos5\pxeuser\profile, was
[2011/05/08 11:53:40.331066, 10] passdb/pdb_get_set.c:813(pdb_set_workstations)
  pdb_set_workstations: setting workstations , was
[2011/05/08 11:53:40.331091, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid)
  pdb_set_user_sid: setting user sid S-1-5-21-1161862113-373446228-2921908420-2032
[2011/05/08 11:53:40.331107, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid)
  pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1161862113-373446228-2921908420-2032 from rid 2032
[2011/05/08 11:53:40.331164,  5] passdb/pdb_interface.c:1473(lookup_global_sam_rid)
  lookup_global_sam_rid: looking up RID 513.
[2011/05/08 11:53:40.331192,  5] passdb/pdb_tdb.c:609(tdbsam_getsampwrid)
  pdb_getsampwrid (TDB): error looking up RID 513 by key RID_00000201.
[2011/05/08 11:53:40.331244,  5] passdb/pdb_interface.c:1536(lookup_global_sam_rid)
  Can't find a unix id for an unmapped group
[2011/05/08 11:53:40.331262, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid)
  pdb_set_group_sid: setting group sid S-1-5-21-1161862113-373446228-2921908420-513
[2011/05/08 11:53:40.331282,  9] passdb/passdb.c:2182(pdb_update_autolock_flag)
  pdb_update_autolock_flag: Account pxeuser not autolocked, no check needed
[2011/05/08 11:53:40.331400,  9] passdb/passdb.c:2248(pdb_increment_bad_password_count)
  No lockout policy, don't track bad passwords
[2011/05/08 11:53:40.331436, 10] passdb/pdb_get_set.c:608(pdb_set_username)
  pdb_set_username: setting username pxeuser, was
[2011/05/08 11:53:40.331450, 10] passdb/pdb_get_set.c:631(pdb_set_domain)
  pdb_set_domain: setting domain CENTOS5, was
[2011/05/08 11:53:40.331463, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username)
  pdb_set_nt_username: setting nt username , was
[2011/05/08 11:53:40.331476, 10] passdb/pdb_get_set.c:677(pdb_set_fullname)
  pdb_set_full_name: setting full name , was
[2011/05/08 11:53:40.331491, 10] passdb/pdb_get_set.c:770(pdb_set_homedir)
  pdb_set_homedir: setting home dir \\centos5\pxeuser, was
[2011/05/08 11:53:40.331504, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive)
  pdb_set_dir_drive: setting dir drive , was NULL
[2011/05/08 11:53:40.331518, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script)
  pdb_set_logon_script: setting logon script , was
[2011/05/08 11:53:40.331533, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path)
  pdb_set_profile_path: setting profile path \\centos5\pxeuser\profile, was
[2011/05/08 11:53:40.331547, 10] passdb/pdb_get_set.c:813(pdb_set_workstations)
  pdb_set_workstations: setting workstations , was
[2011/05/08 11:53:40.331572, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid)
  pdb_set_user_sid: setting user sid S-1-5-21-1161862113-373446228-2921908420-2032
[2011/05/08 11:53:40.331587, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid)
  pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1161862113-373446228-2921908420-2032 from rid 2032
[2011/05/08 11:53:40.331633,  5] passdb/pdb_tdb.c:758(tdb_update_samacct_only)
  Storing account pxeuser with RID 2032
[2011/05/08 11:53:40.331653, 10] passdb/pdb_tdb.c:891(tdb_update_sam)
  tdb_update_sam: Updating key for RID 2032
[2011/05/08 11:53:40.331680,  5] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: sam authentication for user [PXEUSER] FAILED with error NT_STATUS_WRONG_PASSWORD
[2011/05/08 11:53:40.331698,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [PXEUSER] -> [PXEUSER] FAILED with error NT_STATUS_WRONG_PASSWORD
[2011/05/08 11:53:40.331722,  5] auth/auth_util.c:2119(free_user_info)
  attempting to free (and zero) a user_info structure
[2011/05/08 11:53:40.331738, 10] auth/auth_util.c:2123(free_user_info)
  structure was created for PXEUSER


Dieser Eintrag wurde am 13.05.2011 erstellt und zuletzt am 08.01.2014 bearbeitet.

Direkter Link zu dieser Seite: http://www.gtkdb.de/index_33_1268.html

[ Zur Startseite ]   [ Zur Kategorie ]


Valid XHTML 1.0 Transitional Valid CSS Valid Atom 1.0

© 2004-2018 by Georg Kainzbauer