He configurado Samba para que utilice el mismo nombre de usuario y contraseña que mi cuenta de Microsoft, por lo que en Windows la autenticación es automática al abrir los recursos compartidos. Sin embargo, con la misma configuración no puedo conectarme desde MacOS 10.14, obteniendo un error de autenticación.
Estoy sirviendo desde Ubuntu 19.04 con samba 4.10.0+dfsg-0ubuntu2.4
.
- Hay una cuenta de linux normal para cada usuario, con el nombre de usuario establecido como
user@example.com
. - Las cuentas de linux tienen el shell configurado en
/usr/sbin/nologin
. - La contraseña es la misma que la de la cuenta de Microsoft.
- También se han añadido cuentas Samba, con el mismo nombre de usuario y contraseña.
Cuando me conecto desde Windows 10, veo que envía un dominio de MicrosoftAccount
y funciona bien. También funciona bien desde la página de Samba smbclient
.
Desde MacOS, no importa si envío MicrosoftAccount\user@example.com
o user@example.com
como nombre de usuario, siempre envía el dominio como example.com
y la autentificación falla. Veo el mismo comportamiento en el buscador y con smbview
.
Pude solucionar esto añadiendo username map = /etc/samba/username_map
a [global]
en smb.conf
con una línea user@example.com = user
.
¿Hay alguna configuración en el lado de MacOS para hacer que respete el dominio como se ha especificado? ¿O se trata de una configuración estándar que la mayoría de los NAS y otras unidades utilizarán para que funcionen con MacOS?
Editar: Aquí hay una entrada de registro de una autenticación fallida, intentando como microsoftaccount\user@example.com
. Cabe destacar que la primera línea de autentificación muestra example.com, y no microsoftaccount
como el dominio:
[2019/10/06 00:22:54.879743, 3] ../../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth) Got user=[microsoftaccount \user ] domain=[ejemplo.com] workstation=[MAC] len1=24 len2=184
[2019/10/06 00:22:54.740866, 3] ../../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.20.104 (192.168.20.104)
[2019/10/06 00:22:54.741239, 3] ../../source3/smbd/oplock.c:1422(init_oplocks)
init_oplocks: initializing messages.
[2019/10/06 00:22:54.741382, 3] ../../source3/smbd/process.c:1948(process_smb)
Transaction 0 of length 73 (0 toread)
[2019/10/06 00:22:54.741464, 3] ../../source3/smbd/process.c:1541(switch_message)
switch message SMBnegprot (pid 2332) conn 0x0
[2019/10/06 00:22:54.774931, 3] ../../source3/smbd/negprot.c:636(reply_negprot)
Requested protocol [NT LM 0.12]
[2019/10/06 00:22:54.775036, 3] ../../source3/smbd/negprot.c:636(reply_negprot)
Requested protocol [SMB 2.002]
[2019/10/06 00:22:54.775114, 3] ../../source3/smbd/negprot.c:636(reply_negprot)
Requested protocol [SMB 2.???]
[2019/10/06 00:22:54.775380, 3] ../../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2019/10/06 00:22:54.836522, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2019/10/06 00:22:54.836625, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2019/10/06 00:22:54.836700, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2019/10/06 00:22:54.836786, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2019/10/06 00:22:54.836845, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2019/10/06 00:22:54.837231, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2019/10/06 00:22:54.837334, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2019/10/06 00:22:54.837408, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2019/10/06 00:22:54.837486, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2019/10/06 00:22:54.837566, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2019/10/06 00:22:54.837639, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2019/10/06 00:22:54.837751, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_negotiate' registered
[2019/10/06 00:22:54.837827, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2019/10/06 00:22:54.841888, 3] ../../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2019/10/06 00:22:54.842332, 3] ../../source3/smbd/negprot.c:771(reply_negprot)
Selected protocol SMB 2.???
[2019/10/06 00:22:54.844972, 3] ../../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_02
[2019/10/06 00:22:54.874939, 3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62888215
[2019/10/06 00:22:54.879743, 3] ../../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[microsoftaccount\user] domain=[example.com] workstation=[MAC] len1=24 len2=184
[2019/10/06 00:22:54.879870, 3] ../../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/10/06 00:22:54.880055, 3] ../../source3/param/loadparm.c:550(init_globals)
Initialising global parameters
[2019/10/06 00:22:54.880219, 3] ../../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2019/10/06 00:22:54.880649, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[printers]"
[2019/10/06 00:22:54.880859, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[print$]"
[2019/10/06 00:22:54.881558, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[photos]"
[2019/10/06 00:22:54.881761, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
adding IPC service
[2019/10/06 00:22:54.882109, 3] ../../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [example.com]\[microsoftaccount\user]@[MAC] with the new password interface
[2019/10/06 00:22:54.882189, 3] ../../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [example.com]\[microsoftaccount\user]@[MAC]
[2019/10/06 00:22:54.882352, 3] ../../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'microsoftaccount\user' in passdb.
[2019/10/06 00:22:54.889113, 2] ../../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [microsoftaccount\user] -> [microsoftaccount\user] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2019/10/06 00:22:54.889240, 2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [example.com]\[microsoftaccount\\user] at [Sun, 06 Oct 2019 00:22:54.889207 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MAC] remote host [ipv4:192.168.20.104:51103] mapped to [example.com]\[microsoftaccount\\user]. local host [ipv4:192.168.20.177:445]
{"timestamp": "2019-10-06T00:22:54.889398+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 1}, "eventId": 4625, "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.20.177:445", "remoteAddress": "ipv4:192.168.20.104:51103", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "example.com", "clientAccount": "microsoftaccount\\user", "workstation": "MAC", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "microsoftaccount\\user", "mappedDomain": "example.com", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 14644}}
[2019/10/06 00:22:54.889565, 3] ../../source3/auth/auth_util.c:2192(do_map_to_guest_server_info)
No such user microsoftaccount\user [example.com] - using guest account
[2019/10/06 00:22:54.903462, 3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62888215
[2019/10/06 00:22:54.907333, 3] ../../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[microsoftaccount\user] domain=[SAMBA] workstation=[MAC] len1=24 len2=184
[2019/10/06 00:22:54.907430, 3] ../../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/10/06 00:22:54.907519, 3] ../../source3/param/loadparm.c:550(init_globals)
Initialising global parameters
[2019/10/06 00:22:54.907650, 3] ../../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2019/10/06 00:22:54.907903, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[printers]"
[2019/10/06 00:22:54.907995, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[print$]"
[2019/10/06 00:22:54.917347, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[photos]"
[2019/10/06 00:22:54.917663, 3] ../../source3/param/loadparm.c:1621(lp_add_ipc)
adding IPC service
[2019/10/06 00:22:54.917730, 3] ../../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [SAMBA]\[microsoftaccount\user]@[MAC] with the new password interface
[2019/10/06 00:22:54.917852, 3] ../../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [SAMBA]\[microsoftaccount\user]@[MAC]
[2019/10/06 00:22:54.918003, 3] ../../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'microsoftaccount\user' in passdb.
[2019/10/06 00:22:54.918070, 2] ../../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [microsoftaccount\user] -> [microsoftaccount\user] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2019/10/06 00:22:54.918190, 2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [SAMBA]\[microsoftaccount\\user] at [Sun, 06 Oct 2019 00:22:54.918167 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MAC] remote host [ipv4:192.168.20.104:51103] mapped to [SAMBA]\[microsoftaccount\\user]. local host [ipv4:192.168.20.177:445]
{"timestamp": "2019-10-06T00:22:54.918332+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 1}, "eventId": 4625, "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.20.177:445", "remoteAddress": "ipv4:192.168.20.104:51103", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "SAMBA", "clientAccount": "microsoftaccount\\user", "workstation": "MAC", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "microsoftaccount\\user", "mappedDomain": "SAMBA", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 15008}}
[2019/10/06 00:22:54.918523, 3] ../../source3/auth/auth_util.c:2192(do_map_to_guest_server_info)
No such user microsoftaccount\user [SAMBA] - using guest account
[2019/10/06 00:22:54.931366, 3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62888215
[2019/10/06 00:22:54.935125, 3] ../../auth/ntlmssp/ntlmssp_server.c:552(ntlmssp_server_preauth)
Got user=[user] domain=[example.com@\samba.lan] workstation=[MAC] len1=24 len2=184
[2019/10/06 00:22:54.935213, 3] ../../source3/param/loadparm.c:3872(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/10/06 00:22:54.935573, 3] ../../source3/param/loadparm.c:550(init_globals)
Initialising global parameters
[2019/10/06 00:22:54.935798, 3] ../../source3/param/loadparm.c:2786(lp_do_section)
Processing section "[global]"
[2019/10/06 00:22:54.936127, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[printers]"
[2019/10/06 00:22:54.936260, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[print$]"
[2019/10/06 00:22:54.936359, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
Processing section "[photos]"
[2019/10/06 00:22:54.937227, 2] ../../source3/param/loadparm.c:2803(lp_do_section)
[2019/10/06 00:22:54.937520, 3] ../../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [example.com@\samba.lan]\[user]@[MAC] with the new password interface
[2019/10/06 00:22:54.937590, 3] ../../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [example.com@\samba.lan]\[user]@[MAC]
[2019/10/06 00:22:54.937705, 3] ../../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'user' in passdb.
[2019/10/06 00:22:54.937775, 2] ../../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [user] -> [user] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2019/10/06 00:22:54.937878, 2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [example.com@\\samba.lan]\[user] at [Sun, 06 Oct 2019 00:22:54.937855 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MAC] remote host [ipv4:192.168.20.104:51103] mapped to [example.com@\\samba.lan]\[user]. local host [ipv4:192.168.20.177:445]
{"timestamp": "2019-10-06T00:22:54.937988+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 1}, "eventId": 4625, "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.20.177:445", "remoteAddress": "ipv4:192.168.20.104:51103", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "example.com@\\samba.lan", "clientAccount": "user", "workstation": "MAC", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "example.com@\\samba.lan", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 6752}}
[2019/10/06 00:22:54.938073, 3] ../../source3/auth/auth_util.c:2192(do_map_to_guest_server_info)
No such user user [example.com@\samba.lan] - using guest account
Y aquí está mi smb.conf:
[global]
log level = 3
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
# Mapping users for macOS clients
# username map = /etc/samba/username_map
# Netatalk support
vfs objects = catia fruit streams_xattr
fruit:encoding = native
fruit:resource = file
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:copyfile = yes
ea support = Yes
hide files = /.DS_Store/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/Temporary Items/.TemporaryItems/.VolumeIcon.icns/Icon?/.FBCIndex/.FBCLockFolder/
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[photos]
comment = photos
browseable = yes
valid users = user@example.com
force user = media
writeable = yes
path = /main/photos
create mask = 0774
directory mask = 0775
inherit permissions = yes