Hey Gang,
I'm having some trouble getting my domain authentication to work.
My config looks like this:
[global]
workgroup = MYWORKGROUP
realm = MYDOMAIN
server string = SERVER22
security = DOMAIN
password server = SERVER5
obey pam restrictions = Yes
smb passwd file = /etc/samba/smbpasswd
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log level = 3
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = 192.168.74.23
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind cache time = 10
Pretty Basic.
So, I tried to hit the server and I see this:
check_ntlm_password: Checking password for unmapped user
[MYDOMAIN]\[jgauthier]@[JGAUTHIER] with the new password interface
[2003/12/19 10:20:42, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: mapped user is: [MYDOMAIN]\[jgauthier]@[JGAUTHIER]
[2003/12/19 10:20:42, 3] smbd/sec_ctx.c:push_sec_ctx(255)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/12/19 10:20:42, 3] smbd/uid.c:push_conn_ctx(286)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/12/19 10:20:42, 3] smbd/sec_ctx.c:set_sec_ctx(287)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/12/19 10:20:42, 3] smbd/sec_ctx.c:pop_sec_ctx(385)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/12/19 10:20:42, 2] auth/auth.c:check_ntlm_password(310)
check_ntlm_password: Authentication for user [jgauthier] -> [jgauthier]
FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT
[2003/12/19 10:20:42, 3] smbd/process.c:timeout_processing(1104)
timeout_processing: End of file from client (client has disconnected).
Great! My account is locked out. That's EASY to fix. So I unlock my account
and try again:
check_ntlm_password: Checking password for unmapped user
[MYDOMAIN]\[jgauthier]@[JGAUTHIER] with the new password interface
[2003/12/19 10:23:02, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: mapped user is: [MYDOMAIN]\[jgauthier]@[JGAUTHIER]
[2003/12/19 10:23:02, 3] smbd/sec_ctx.c:push_sec_ctx(255)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/12/19 10:23:02, 3] smbd/uid.c:push_conn_ctx(286)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/12/19 10:23:02, 3] smbd/sec_ctx.c:set_sec_ctx(287)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/12/19 10:23:02, 3] smbd/sec_ctx.c:pop_sec_ctx(385)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/12/19 10:23:02, 3] auth/auth_util.c:make_server_info_info3(1071)
User jgauthier does not exist, trying to add it
[2003/12/19 10:23:02, 0] auth/auth_util.c:make_server_info_info3(1080)
make_server_info_info3: pdb_init_sam failed!
[2003/12/19 10:23:02, 2] auth/auth.c:check_ntlm_password(310)
check_ntlm_password: Authentication for user [jgauthier] -> [jgauthier]
FAILED with error NT_STATUS_NO_SUCH_USER
[2003/12/19 10:23:02, 3] smbd/process.c:timeout_processing(1104)
timeout_processing: End of file from client (client has disconnected).
No such user?!? But it found it 3 minutes ago to determine it was locked :(
I'd really appreciate any help anyone can offer me. I'm completely
stuck,
and I've been tinkering with this for over a week.
Thanks!
Jason
Gerald (Jerry) Carter
2003-Dec-22 16:18 UTC
[Samba] 3.0.1 problem with domain authentication.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Gauthier wrote: | User jgauthier does not exist, trying to add it winbind is not setup correctly and is not returning a uid for this user. There have so numerous threads on this in the past. cheers, jerry ~ ---------------------------------------------------------------------- ~ Hewlett-Packard ------------------------- http://www.hp.com ~ SAMBA Team ---------------------- http://www.samba.org ~ GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/5xk9IR7qMdg1EfYRAusdAKC7cKMmK0PtZUKmzBL6LuJXJ8DSRwCg7utP lvWD2ezR9Ud+G6AVGHJTyxw=LfWt -----END PGP SIGNATURE-----