s3-auth: Add extra error messages on authentication or authorization failure

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index b190cf3ab761dd05bca94e82afe142741768fd04..1a498e8f7432fd0716545402cfcc2c456f091356 100644 (file)
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -568,6 +568,10 @@ NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state,
                                                  &state->user_session_key,
                                                  &state->lm_session_key);
        if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+                        __location__,
+                        ntlmssp_state->domain, ntlmssp_state->user,
+                        nt_errstr(nt_status)));
                TALLOC_FREE(state);
                return nt_status;
        }

diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 3e809a7a2151878b3fa5cce52cd2b415aab92004..f0c96ab1685edbd36734917c38986ef9ca8b727b 100644 (file)
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -176,6 +176,13 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
        nt_status = auth_context->check_ntlm_password(auth_context,
                                                      mapped_user_info, &server_info);
 
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
+                        user_info->client.domain_name,
+                        user_info->client.account_name,
+                        nt_errstr(nt_status)));
+       }
+
        username_was_mapped = mapped_user_info->was_mapped;
 
        free_user_info(&mapped_user_info);
@@ -329,6 +336,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
                                                         user_session_key, lm_session_key);
        }
        talloc_free(user_info);
+
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               DEBUG(5,("%s: Checking NTLMSSP password for %s\\%s failed: %s\n",
+                        __location__,
+                        user_info->client.domain_name,
+                        user_info->client.account_name,
+                        nt_errstr(nt_status)));
+       }
+
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
        talloc_steal(mem_ctx, user_session_key->data);

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1741f4ff9069ca13406332565159952b3d3b5a54..987b626d6bcc2d7e96cfeab08f5a6b436f7b27c4 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -257,6 +257,9 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                                             talloc_tos(),
                                             &session_info);
                if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(1,("Failed to generate session_info "
+                                "(user and group token) for session setup: %s\n",
+                                nt_errstr(status)));
                        /* Kill the intermediate vuid */
                        data_blob_free(&out_blob);
                        invalidate_vuid(sconn, vuid);