samba 2.2.3 on RH7.2, trying to authenticate users from a windows 2000 domain,
all SP2 DCs.
just to show I've gotten pretty far, I think: here's what works:
1. browsing the linux box from windows machines on the domain:
H:\>net view \\newintranet
Shared resources at \\newintranet
Intranet Samba Server
Share name Type Used as Comment
------------------------------------------------------------
webdata Disk J: Intranet web server data
The command completed successfully.
2. winbindd binding to domain DCs:
[root@newintranet samba]# winbindd -d 3 -i
added interface ip=10.1.4.7 bcast=10.1.255.255 nmask=255.255.0.0
getting trusted domain list
resolve_lmhosts: Attempting lmhosts lookup for name GRASSROOTS<0x1c>
resolve_wins: Attempting wins lookup for name GRASSROOTS<0x1c>
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name GRASSROOTS<0x1c>
bind succeeded on port 0
Got a positive name query response from 10.1.4.2 ( 10.1.4.2 )
Got a positive name query response from 10.1.4.3 ( 10.1.4.3 )
bind succeeded on port 0
resolve_lmhosts: Attempting lmhosts lookup for name ADSF01<0x20>
resolve_hosts: Attempting host lookup for name ADSF01<0x20>
IPC$ connections done anonymously
Connecting to 10.1.4.2 at port 445
adding domain GRASSROOTS
(although, what's that bit about 'WINS server resolution selected' ?
WINS server resolution is certainly not "selected" in smb.conf... I
wonder what this is about - or if it even matters...)
OK, what doesn't work:
nothing's getting actually written to /etc/passwd or /etc/group. Here's
output from winbindd -d 3 -i as I browse the linux machine from a win2k machine
on the domain (I intentionally did this with a 'testuser' account rather
than my own, which is in the Domain Admins NT group and already has an account
on the Linux box with the same username/password - gee, should I get rid of that
and let winbindd add my domain user account instead ? uhhh...
***
[25091]: getpwnam GRASSROOTS+testuser
CACHESEQ GRASSROOTS/USR/testuser is 4294967295
resolve_lmhosts: Attempting lmhosts lookup for name ADSF01<0x20>
resolve_hosts: Attempting host lookup for name ADSF01<0x20>
IPC$ connections done anonymously
Connecting to 10.1.4.2 at port 445
CACHESEQ GRASSROOTS/SID/GRASSROOTS\testuser is 4294967295
cached sequence number for GRASSROOTS is 4294967295
cached sequence number for GRASSROOTS is 4294967295
cached sequence number for GRASSROOTS is 4294967295
resolve_lmhosts: Attempting lmhosts lookup for name ADSF01<0x20>
resolve_hosts: Attempting host lookup for name ADSF01<0x20>
IPC$ connections done anonymously
Connecting to 10.1.4.2 at port 445
pwnam_from_user(): error getting user info for user 'testuser'
cached sequence number for GRASSROOTS is 4294967295
[25091]: getpwnam testuser
[25091]: getpwnam TESTUSER
[25091]: getpwnam testuser
[25091]: getpwnam TESTUSER
[25091]: getpwnam testuser
[25091]: getpwnam TESTUSER
[25091]: getpwnam testuser
[25091]: getpwnam TESTUSER
[25091]: getgroups nobody
[25091]: lookupsid S-1-5-21-1229272821-789336058-1060284298-513
CACHESEQ GRASSROOTS/NAM/S-1-5-21-1229272821-789336058-1060284298-513 is 42949672
95
cached sequence number for GRASSROOTS is 4294967295
cached sequence number for GRASSROOTS is 4294967295
[25091]: sid to gid S-1-5-21-1229272821-789336058-1060284298-513
[25091]: gid to sid 10002
[25091]: getgroups nobody
***
That almost looks like good stuff, except for that "pwnam_from_user():
error getting user info for user 'testuser'". Which isn't very
surprising, since:
[root@newintranet samba]# /etc/rc.d/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
Starting Winbind services: [ OK ]
[root@newintranet samba]# wbinfo -u
Error looking up domain users
[root@newintranet samba]# wbinfo -g
Error looking up domain groups
[root@newintranet samba]#
Ok, so I'm not sure what to change! Seems like I've tried everything!
Also, I did build 2.2.3 from source (several times, actually). The last build
(clean) was done with:
./configure
--with-winbind
--with-pam
--with-pam_smbpass
--with-acl-support
--prefix=/usr
--sysconfdir=/etc/samba
--with-privatedir=/etc/samba
--with-swatdir=/usr/share/swat
--with-lockdir=/var/lock/samba
--with-logfilebase=/var/log/samba
maybe I broke everything by putting ACL support in ?
Also, notice that I specified '--with-logfilebase=/var/log/samba'. But
I'm getting a lot of "Unable to open new log file
/usr/local/samba/var/log.[hostname]: No such file or directory" in
/var/log/samba/log.*
Well, there it all is. If I left out something important, let me know. I was
trying not to take up too much space with this one (too late)
Any suggestions ?
Jonathan Ungar
Systems Administrator
Grassroots Enterprise, Inc.