Several questions really (all on the stable 2.2.2 samba compiled with
winbind and acls (and Brandon Stone's recycle bin), with a 2.4.14 kernel
along with acls from acl.bestbits.at on a RedHat 7.2 box)...
1) Does anyone know how to stop the security event log on an NT PDC filling
up with lots of ANONYMOUS accesses to the Security Account Manager eg:
Object Open:
Object Server: Security Account Manager
Object Type: SAM_GROUP
Object Name: DOMAINS\Account\Groups\0000045E
New Handle ID: 1841992
Operation ID: {0,70068560}
Process ID: 2161235584
Primary User Name: SYSTEM
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E7)
Client User Name:
Client Domain:
Client Logon ID: (0x0,0x2DD7)
Accesses READ_CONTROL
ReadInformation
ListMembers
Privileges -
I suspect it is winbind that is causing this as I have just started using it
and I have never seen this before. The last part of the object name changes
every time, and there is then a corresponding Handle Closed entry.
2) If I change the default winbind separator from \ to + as suggested (I
agree that at the unix level the backslash is problematic with a shell) then
the Permissions tab on a file shows either a)No user/groupnames at all from
an NT4sp6a box or b)User/groupnames like domain+user or domain+group from a
Win9x box using the nexus sysadmin tools. When using the \ the names appear
correctly on both boxes. My C isn't up to changing this but surely
regardless of the separator used on the samba box, it should return a
backslash to the external client such that user/groupnames are displayed
correctly.
3) Also, is there an easy way of interrogating the winbind table that stores
the NT->UID lookup to get a complete list rather than a one by one
"getent passwd user"?
Thanks for any help to a winbind newcomer.
Mike
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This message has been scanned for viruses.
Blaby District Council - 0116 275 0555
**********************************************************************
On Fri, 23 Nov 2001, Mike Pain wrote:> 3) Also, is there an easy way of interrogating the winbind table that > stores the NT->UID lookup to get a complete list rather than a one by > one "getent passwd user"?$ getent passwd chau, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org http://www.hp.com Hewlett-Packard gerald_carter_at_hp.com --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
I am having problems with Samba and Winbind on RedHat 8.0. Just to let you know I am a Samba and Linux newbie.... please be gentle. I have put the settings of my files at the end of this message in case these can help. Here is my problem. I can access a share created in the smb.conf file from my NT domain, if that share is shared to a domain group. (valid users = domain+group). However when I issue the command wbinfo -u or wbinfo - g i get the following reponse: 'Error looking up domain users' or 'groups'. If I issues wbinfo -r domainname+usersname I get a listing of the gid's that these groups are using. If I issue: getent -groups only local groups are enumerated What I need to understand is: Why do wbinfo -u and -g and getent not work? If I get them to work, I also need to understand one other thing, will the domain groups be visible in the "User and Groups" in the Gnome Gui? I have read the manpages, and applied the settings as they instruct. I have joined the domain, wbinfo -t tells me "the secret is good". Also if you can let me know. Is Samba working and not winbind? or is part of Winbind working? Any help or directions on what book to buy, or site to visit will be appreciated. ******************************************************************* My smb.conf file has the following items in it: [global] winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind cache time = 15 # workgroup = NT-Domain-Name or Workgroup-Name workgroup = MyDomain # server string is the equivalent of the NT Description field server string = Sfa-SMB1 security = domain My nsswitch.conf file looks like this: passwd: files nis winbind shadow: files nis winbind group: files nis winbind My Pam.d\samba file looks like #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth required /lib/security/pam_smb_auth.so auth sufficient /lib/security/pam_winbind.so ;auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok auth required /lib/security/pam_pwdb.so account required /lib/security/pam_winbind.so ;session required pam_stack.so service=system-auth ;password required pam_stack.so service=system-auth password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so use_first_pass shadow nullok session required /lib/security/pam_pwdb.so
I have RH 8.0, and Samba 2.2.5. I have followed the Man pages and setup Samba,Winbind, and edited PAM settings. I am having some problems I was hoping you could help with. Here is some basic testing info I have performed based on the questions you seem to ask. I have joined the domain successfully. (smbpasswd -j Domain -r PDC - U administrator) I can create a share, and browse if from Network Neighborhood. ** wbinfo - t Secret is Good wbinfo -n DOMAINUSERNAME gives me the users sid wbinfo -m no results wbinfo -a domain+user%password Plaintext password authentication succeeded error code was NT_STATUS_OK (0X0) wbinfo -u or -g Error looking up domain (users/groups) getent passwd lists only local users getent group lists only local groups. Does anyone know what I might have done incorrectly? Or what I still need to do to get this to work properly. I am assuming that since the group and user listings fail that something is just not right. Thanks for any and all help Rich
---- Original Message ----- From: "Richard Coyle" <rcoyle@SuccessForAll.net> To: <samba@lists.samba.org> Sent: Friday, December 20, 2002 3:06 PM Subject: [Samba] Winbind issues> I have RH 8.0, and Samba 2.2.5. > > I have followed the Man pages and setup Samba,Winbind, and edited PAM > settings. I am having some problems I was hoping you could help with. > > > Here is some basic testing info I have performed based on the questionsyou> seem to ask. > > I have joined the domain successfully. (smbpasswd -j Domain -r PDC - U > administrator) > I can create a share, and browse if from Network Neighborhood. > > ** > wbinfo - t > Secret is Good > wbinfo -n DOMAINUSERNAME > gives me the users sid > wbinfo -m > no results > wbinfo -a domain+user%password > Plaintext password authentication succeeded > error code was NT_STATUS_OK (0X0) ><snip> Check that you have copied /sambapackage/source/nsswitch/pam_winbind.so into /lib/security/pam_winbind.so Make sure you have copied /sambapackate/source/nsswitch/libnss_winbind.so to /lib/libnss_winbind.so and done ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 Make sure you have added the correct entries to nsswitch.conf Next do wbinfo -A Administrator%password (please not this IS DIFFERENT from wbinfo -a) All should be well. Regards Shaolin ***************************************************************** This email has been checked by the altohiway e-Sweeper Service *****************************************************************
Hi all :) <- newb to list I am setting up RedHat 9 running samba 2.2.7a, i currently get the following error in my log.winbind: error connecting to xxx.xxx.xxx.xxx:445 (Connection refused) also, i get this when i run wbinfo -u or -g: 0xc0000022 and this when i run wbinfo -N xxx.xxx.xxx.xxx (this works fine if i pass the netbios name instead of the ip): Could not lookup WINS by name xxx.xxx.xxx.xxx I am assuming that these issues stem from the same problem, however i am somewhat new to samba so.... I have looked around and have not had any luck on a resolution but have found mentions of the same issues. Attached is my smb.conf, any help would be appreciated. [global] workgroup = DOM netbios name = LINUXFILESERVER server string = LINUX Samba Server security = DOMAIN encrypt passwords = Yes min passwd length = 7 map to guest = Bad User obey pam restrictions = Yes password server = * passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers log level = 2 log file = /var/log/samba/%m.log max log size = 0 large readwrite = No name resolve order = wins lmhosts host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups domain admin group = Domain Admins domain guest group = Domain Guests preferred master = No local master = No domain master = No dns proxy = No wins server = 198.210.229.10 winbind uid = 10000-20000 winbind gid = 10000-20000 printer admin = root hosts allow = 198.210.229. 12.30.74. 127. printing = cups hide unreadable = Yes [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = root