Leandro Ariel Gomez Chavarria
2003-Nov-21 14:57 UTC
[Samba] Re: samba + winbindd with NT-DC problem... i'm stuck.
I think your problem is this:> passwd: files winbind > group: files winbind > shadow: files winbind nisthe correct modification for nsswitch is passwd: files winbind group: files winbind shadow: files nis DON'T put winbind in shadow line! then try with "getenet passwd" or "getent group" and you should see all users in /etc/passwd and after them domain users. let me know if it works good luck, leandro.->>> leopardb <leopardb@club-internet.fr> 11/21/03 07:30am >>>Bj?rn Andersen wrote:>Hello Group, > >I'm really stuck here. I try to get an samba to authenticate it'susers>nicely >against an NT-DC, which will later be upgraded to W2K or W2K3 > >My system : Suse 8.1, samba-2.2.5-80, samba-client-2.2.5-80 > >My test-config for smb: >[global] > winbind separator = + > winbind cache time = 0 > template shell = /bin/bash > template homedir = /home/%D/%U > winbind uid = 10000-20000 > winbind gid = 10000-20000 > workgroup = FOERDE > security = domain > encrypt passwords = Yes > password server = SMSERVER SERVER01 >[daten] > path = /srv/samba/daten > writeable = no > write list = root FOERDE+300 > valid users = root 300 FOERDE+300 @FOERDE+218 > >winbindd runs as daemon, "wbinfo -u" and "wbinfo -g" gives theright>domain users & groups, >as well as "getent group" and "getent passwd". >strangely even ... > # wbinfo -a foerde+300%password >works with an output of... > plaintext password authentication succeeded > error code was NT_STATUS_OK (0x0) > challenge/response password authentication succeeded > error code was NT_STATUS_OK (0x0) > >I inserted in /etc/nsswitch.conf > passwd: files winbind > group: files winbind > shadow: files winbind nis >to activate winbind. I have not changed anything in PAM because I onlyneed>Domain Users >to access Win-Shares, not to login or anything else. >But with ... : > web1-50:~ # smbclient //web3-77/daten -U 300 -W foerde >i only get this output... : > added interface ip=150.10.30.50 bcast=150.10.30.255nmask=255.255.255.0> added interface ip=10.1.110.20 bcast=10.1.110.255nmask=255.255.255.0> Password: ***** > Domain=[FOERDE] OS=[Unix] Server=[Samba 2.2.5] > tree connect failed: NT_STATUS_WRONG_PASSWORD > >Logfiles : >messages: nothing >log.winbind : nothing >log.smbd : nothing >log.nmbd : nothing > >With a wrong PW i get logentries "Error wasNT_STATUS_WRONG_PASSWORD.">which seems right. But nothing with right PW. Sadly no logon as well.My>Testuser is "300", >as you can see i tryed some different syntax for user in smb.conf aswell as>in smbclient. No good. > >What am I doing wrong ? Especially because "wbinfo -a" works, Ithought I>was quite close. >But I didn't make any progress for days now.. >What did I forget ? > >Please Help.. > >Bj?rn Andersen > > > > > >I've exactly the same problem. Did you receive any answer ?
leopardb
2003-Nov-21 19:10 UTC
[Samba] Re: samba + winbindd with NT-DC problem... i'm stuck.
Leandro Ariel Gomez Chavarria wrote:>I think your problem is this: > > >> passwd: files winbind >> group: files winbind >> shadow: files winbind nis >> >> > >the correct modification for nsswitch is > passwd: files winbind > group: files winbind > shadow: files nis > >DON'T put winbind in shadow line! > >then try with "getenet passwd" or "getent group" and you should see all >users in /etc/passwd and after them domain users. > >let me know if it works > >good luck, leandro.- > > > >>>>leopardb <leopardb@club-internet.fr> 11/21/03 07:30am >>> >>>> >>>> >Bj?rn Andersen wrote: > > > >>Hello Group, >> >>I'm really stuck here. I try to get an samba to authenticate it's >> >> >users > > >>nicely >>against an NT-DC, which will later be upgraded to W2K or W2K3 >> >>My system : Suse 8.1, samba-2.2.5-80, samba-client-2.2.5-80 >> >>My test-config for smb: >>[global] >> winbind separator = + >> winbind cache time = 0 >> template shell = /bin/bash >> template homedir = /home/%D/%U >> winbind uid = 10000-20000 >> winbind gid = 10000-20000 >> workgroup = FOERDE >> security = domain >> encrypt passwords = Yes >> password server = SMSERVER SERVER01 >>[daten] >> path = /srv/samba/daten >> writeable = no >> write list = root FOERDE+300 >> valid users = root 300 FOERDE+300 @FOERDE+218 >> >>winbindd runs as daemon, "wbinfo -u" and "wbinfo -g" gives the >> >> >right > > >>domain users & groups, >>as well as "getent group" and "getent passwd". >>strangely even ... >> # wbinfo -a foerde+300%password >>works with an output of... >> plaintext password authentication succeeded >> error code was NT_STATUS_OK (0x0) >> challenge/response password authentication succeeded >> error code was NT_STATUS_OK (0x0) >> >>I inserted in /etc/nsswitch.conf >> passwd: files winbind >> group: files winbind >> shadow: files winbind nis >>to activate winbind. I have not changed anything in PAM because I only >> >> >need > > >>Domain Users >>to access Win-Shares, not to login or anything else. >>But with ... : >> web1-50:~ # smbclient //web3-77/daten -U 300 -W foerde >>i only get this output... : >> added interface ip=150.10.30.50 bcast=150.10.30.255 >> >> >nmask=255.255.255.0 > > >> added interface ip=10.1.110.20 bcast=10.1.110.255 >> >> >nmask=255.255.255.0 > > >> Password: ***** >> Domain=[FOERDE] OS=[Unix] Server=[Samba 2.2.5] >> tree connect failed: NT_STATUS_WRONG_PASSWORD >> >>Logfiles : >>messages: nothing >>log.winbind : nothing >>log.smbd : nothing >>log.nmbd : nothing >> >>With a wrong PW i get logentries "Error was >> >> >NT_STATUS_WRONG_PASSWORD." > > >>which seems right. But nothing with right PW. Sadly no logon as well. >> >> >My > > >>Testuser is "300", >>as you can see i tryed some different syntax for user in smb.conf as >> >> >well as > > >>in smbclient. No good. >> >>What am I doing wrong ? Especially because "wbinfo -a" works, I >> >> >thought I > > >>was quite close. >>But I didn't make any progress for days now.. >>What did I forget ? >> >>Please Help.. >> >>Bj?rn Andersen >> >> >> >> >> >> >> >> >I've exactly the same problem. Did you receive any answer ? > > > >Thx for your answer btw the solution is to get rid of the line "valid users = %S" in smb.conf...