summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-01-31 12:53:30 +1100
committerStefan Metzmacher <metze@samba.org>2012-02-17 10:48:09 +0100
commit2f74f2f18056e83c396b196939bc8f89bd4d0702 (patch)
treee2f0879065cb6fa61109f58ad6aa816865ae3472
parentb0aa49e9a3238b6395be78c2de101f2b98387686 (diff)
downloadsamba-2f74f2f18056e83c396b196939bc8f89bd4d0702.tar.gz
samba-2f74f2f18056e83c396b196939bc8f89bd4d0702.tar.bz2
samba-2f74f2f18056e83c396b196939bc8f89bd4d0702.zip
s3-auth: Add extra error messages on authentication or authorization failure
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--auth/ntlmssp/ntlmssp_server.c4
-rw-r--r--source3/auth/auth_ntlmssp.c16
-rw-r--r--source3/smbd/sesssetup.c3
3 files changed, 23 insertions, 0 deletions
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index b190cf3ab7..1a498e8f74 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -568,6 +568,10 @@ NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
&state->user_session_key,
&state->lm_session_key);
if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+ __location__,
+ ntlmssp_state->domain, ntlmssp_state->user,
+ nt_errstr(nt_status)));
TALLOC_FREE(state);
return nt_status;
}
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 3e809a7a21..f0c96ab168 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -176,6 +176,13 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
nt_status = auth_context->check_ntlm_password(auth_context,
mapped_user_info, &server_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
+ user_info->client.domain_name,
+ user_info->client.account_name,
+ nt_errstr(nt_status)));
+ }
+
username_was_mapped = mapped_user_info->was_mapped;
free_user_info(&mapped_user_info);
@@ -329,6 +336,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
user_session_key, lm_session_key);
}
talloc_free(user_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+ __location__,
+ user_info->client.domain_name,
+ user_info->client.account_name,
+ nt_errstr(nt_status)));
+ }
+
NT_STATUS_NOT_OK_RETURN(nt_status);
talloc_steal(mem_ctx, user_session_key->data);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1741f4ff90..987b626d6b 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -257,6 +257,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
talloc_tos(),
&session_info);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("Failed to generate session_info "
+ "(user and group token) for session setup: %s\n",
+ nt_errstr(status)));
/* Kill the intermediate vuid */
data_blob_free(&out_blob);
invalidate_vuid(sconn, vuid);