Greetings,
Normally I lurk on a list before posting, but I don't have the
luxury to take the time to lurk this time around. I apologize ahead of
time for any breaches of etiquette that you have on the list.
I have just setup a RedHat 6.0 system with Samba 2.0.6 (via RPM
packages, not source.) I've been adminning Linux for four years, but this
is my first attempt with Samba, so I'm having problems with it.
I am on a network with an NT PDC (not sure of details on the PDC
since it's not my machine to work on) and I am trying to share out
directories on the Linux box so that people can use the PDC to
authenticate and get access to the directories. I have the directories
shared out and they are visible in Windows Explorer from an NT4/SP5
workstation, but I am not able to access the contents of the directories.
Each time I try to open a share, I am prompted for a
username/password (U/P) and no matter what I type, I cannot get in. While
experimenting, I discovered that if I create a U/P set on the Linux system
that is identical to my network U/P, then I am able to enter the shares.
This solution is not good since there are over 1300 accounts on the
network and I surely don't want to duplicate them all on the Linux box.
I've read all of the documentation that I can find on the 'net and
in O'Reilly's Samba book, but I'm missing something. Here is my
smb.conf
with all of the comments and fluff removed:
[global]
workgroup = COS
netbios name = PRODMARK
server string = Super-Duper Samba (%v)
hosts allow = 10.112. 10.96. 127.
log file = /var/log/samba/log.%m
max log size = 50
security = server
password server = CPSRV1 ZIEGE GOAT CORBA
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
## These two lines wrap in email, but in the .conf it's on one line
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* \
%n\n *passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
os level = 20
domain master = no
preferred master = no
domain logons = no
name resolve order = wins host lmhosts bcast
wins support = no
wins server = 10.112.2.2
wins proxy = no
dns proxy = no
### I have multiple shares, but they all look like the following
### with different users in the write list. I am trying to create
### a share that only listed people have access to and everyone
### else is rejected.
[STIWeb]
comment = Sales Tools Intranet Web Site
path = /export/www/STIWeb
browseable = yes
admin users = pcooke jevans
write list = pcooke jhinz spalanuk lvigil lekdahl jkovalik jevans
One last bit of information. According to DOMAIN_MEMBER.txt I
needed to run the following command: smbpasswd -j COS -r CPSRV1
That command returned the following:
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC credentials to machine
CPSRV1. Error was : NT_STATUS_ACCESS_DENIED.
2000/04/04 16:15:48 : change_trust_account_password: Failed to change
password for domain COS.
Unable to join domain COS.
Could this be the cause of my problems? The box used to be an NT
machine (until I "upgraded" it to Linux yesterday) and it already had
a
machine account setup with the PDC. If this is the root of my pain, how do
I work around this?
I would really appreciate any information that you could provide
on getting "prodmark" (my Linux box) to make the PDC handle
authentication.
Thanks,
John Evans