Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1975: Stock Samba and Centrify will not work if security = share

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

12 April,16 at 11:11 AM

Applies to:

All version of Centrify DirectControl on Linux and Unix platforms

 

Problem:

Given security = share (non-extended security) in the  smb.conf with stock Samba 3.3.8-.52.el5_5 running Centrify DirectControl 4.4.3, users are not able to access the share and returns with an error "you are not authorized to access the share, access denied".  Looking through samba.log, you will find this error:

 

smbd/notify.c:notify_callback(216)
auth/auth_sam.c:check_sam_security(282) notify_callback called for company/load check_sam_security: Couldn't find user 'smith.jones' in passdb.

smbd/notify_inotify.c:inotify_dispatch(163)
auth/auth.c:check_ntlm_password(272) inotify_dispatch called with mask=2, name=[smb.log] check_ntlm_password: sam authentication for user [smith.jones]

FAILED with error NT_STATUS_NO_SUCH_USER

 

Cause:

When both the Windows client and the Samba server machine are joined to the domain, the Windows client can get Kerberos service tickets for the computer where the samba server is running.  It wants to extend security negotiations which the Samba server in share level mode is not providing in the SMB Negotiate Protocol Response, so it breaks the connection.  Even if you try to remove all the Kerberos service tickets, Windows is too smart and will get its own ticket on the fly.

 

Solution:

You will either have to provide an alias by following KB-0546 or upgrade to Centrify-enabled Samba

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles