Hello, I have been able to use Samba to join our Win2003 domain. I have also setup folders and permissions in the smb.conf file. I can browser to the Samba Shares 2 ways, thru network neighborhood and by UNC/ip address. Both of these methods prompt me for login which is not successful. I assumed that if I userA had permissions to a folder in the smb.conf file that Windows userA would e able to access wit no problems as long as he was logged onto the domain. Does anyone have any suggestions or troubleshooting tips? Thanks, Kevin
Kevin, Without your Samba version and smb.conf, it is hard to diagnose what the problem might be. Since many use "security = ADS" and winbind to authenticate against a W2K3 domain, see if these resources are of any help to you: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 Dale Kevin Gutch wrote:> Hello, > Mime-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Type: text/plain; charset=ISO-8859-1 > > I have been able to use Samba to join our Win2003 domain. I have also > setup folders and permissions in the smb.conf file. I can browser to the > Samba Shares 2 ways, thru network neighborhood and by UNC/ip address. > Both of these methods prompt me for login which is not successful. I > assumed that if I userA had permissions to a folder in the smb.conf file > that Windows userA would e able to access wit no problems as long as he > was logged onto the domain. > > Does anyone have any suggestions or troubleshooting tips? > > Thanks, > > Kevin >
Thanks for the link. I have read it over and it seems that my error is probably in winbind. All of these command work. * net ads join -U Administrator* wbinfo -u wbinfo -g net ads info However, the "winbind getent passwd" indicates the passwords are still coming from the local machine. I can provide you with whatever files you would like to see. Below is my nsswitch.conf file: Thanks in advance. # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: compat winbind shadow: compat group: compat winbind #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc: files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases: files nisplus -------------------------------------------------------------------------------------------------- Dale Schroeder wrote:> > Kevin, > > > > Without your Samba version and smb.conf, it is hard to diagnose what > > the problem might be. > > Since many use "security = ADS" and winbind to authenticate against a > > W2K3 domain, see if these resources are of any help to you: > > > > http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 > > http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 > > > > > > Dale > > > > Kevin Gutch wrote: > >> >> Hello, >> >> Mime-Version: 1.0 >> >> Content-Transfer-Encoding: 7bit >> >> Content-Type: text/plain; charset=ISO-8859-1 >> >> >> >> I have been able to use Samba to join our Win2003 domain. I have also >> >> setup folders and permissions in the smb.conf file. I can browser to the >> >> Samba Shares 2 ways, thru network neighborhood and by UNC/ip address. >> >> Both of these methods prompt me for login which is not successful. I >> >> assumed that if I userA had permissions to a folder in the smb.conf file >> >> that Windows userA would e able to access wit no problems as long as he >> >> was logged onto the domain. >> >> >> >> Does anyone have any suggestions or troubleshooting tips? >> >> >> >> Thanks, >> >> >> >> Kevin >> >> >> > > >
Kevin, When I had getent issues, it turned out to be the "idmap backend" parameter that got me. I should have left it at the default, but didn't. Is your pam login file set up for winbind? Although it seems only vaguely related to your problem, there was an issue about connecting _from_ a W2K3 system listed here: http://lists.samba.org/archive/samba/2007-January/128589.html . I don't know is that is an issue for you or not. If none of these help you, you will need to post your smb.conf and Samba version to let the real experts diagnose. I comment on what burned me. ;-) Good luck, Dale Kevin Gutch wrote:> Dale, > > Thanks for the link. I have read it over and it seems that my error is > probably in winbind. All of these command work. > * > net ads join -U Administrator* > wbinfo -u > wbinfo -g > net ads info > > However, the "winbind getent passwd" indicates the passwords are still > coming from the local machine. I can provide you with whatever files you > would like to see. > Below is my nsswitch.conf file: > > Thanks in advance. > > > # > # /etc/nsswitch.conf > # > # An example Name Service Switch config file. This file should be > # sorted with the most-used services at the beginning. > # > # The entry '[NOTFOUND=return]' means that the search for an > # entry should stop if the search in the previous entry turned > # up nothing. Note that if the search failed due to some other reason > # (like no NIS server responding) then the search continues with the > # next entry. > # > # Legal entries are: > # > # nisplus or nis+ Use NIS+ (NIS version 3) > # nis or yp Use NIS (NIS version 2), also called YP > # dns Use DNS (Domain Name Service) > # files Use the local files > # db Use the local database (.db) files > # compat Use NIS on compat mode > # hesiod Use Hesiod for user lookups > # [NOTFOUND=return] Stop searching if not found so far > # > > # To use db, put the "db" in front of "files" for entries you want to be > # looked up first in the databases > # > # Example: > #passwd: db files nisplus nis > #shadow: db files nisplus nis > #group: db files nisplus nis > > passwd: compat winbind > shadow: compat > group: compat winbind > > #hosts: db files nisplus nis dns > hosts: files dns > > # Example - obey only what nisplus tells us... > #services: nisplus [NOTFOUND=return] files > #networks: nisplus [NOTFOUND=return] files > #protocols: nisplus [NOTFOUND=return] files > #rpc: nisplus [NOTFOUND=return] files > #ethers: nisplus [NOTFOUND=return] files > #netmasks: nisplus [NOTFOUND=return] files > > bootparams: nisplus [NOTFOUND=return] files > > ethers: files > netmasks: files > networks: files > protocols: files winbind > rpc: files > services: files winbind > > netgroup: files winbind > > publickey: nisplus > > automount: files winbind > aliases: files nisplus > > > -------------------------------------------------------------------------------------------------- > > Dale Schroeder wrote: > >> Kevin, >> >> Without your Samba version and smb.conf, it is hard to diagnose what >> the problem might be. >> Since many use "security = ADS" and winbind to authenticate against a >> W2K3 domain, see if these resources are of any help to you: >> >> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 >> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 >> >> >> Dale >> >> Kevin Gutch wrote: >> >>> Hello, >>> Mime-Version: 1.0 >>> Content-Transfer-Encoding: 7bit >>> Content-Type: text/plain; charset=ISO-8859-1 >>> >>> I have been able to use Samba to join our Win2003 domain. I have also >>> setup folders and permissions in the smb.conf file. I can browser to the >>> Samba Shares 2 ways, thru network neighborhood and by UNC/ip address. >>> Both of these methods prompt me for login which is not successful. I >>> assumed that if I userA had permissions to a folder in the smb.conf file >>> that Windows userA would e able to access wit no problems as long as he >>> was logged onto the domain. >>> >>> Does anyone have any suggestions or troubleshooting tips? >>> >>> Thanks, >>> >>> Kevin >>> >>> > > >
Dale Schroeder
2007-Feb-14 22:07 UTC
ham,Re: [Samba] Samba Domain authentication and shares
In Debian, it is in /etc/pam.d/login. Setup example is at the bottom of: http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 The Redhat example is on the next page: http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_2 Other versions should be similar. Dale Kevin Gutch wrote:> These are great suggestions I am going to try. do you have a sample of > your pam.conf or is it the pam_smb.conf? Not sure how it should be setup. > > Dale Schroeder wrote: > >> Kevin, >> >> When I had getent issues, it turned out to be the "idmap backend" >> parameter that got me. I should have left it at the default, but didn't. >> Is your pam login file set up for winbind? >> Although it seems only vaguely related to your problem, there was an >> issue about connecting _from_ a W2K3 system listed here: >> http://lists.samba.org/archive/samba/2007-January/128589.html . >> I don't know is that is an issue for you or not. >> >> If none of these help you, you will need to post your smb.conf and >> Samba version to let the real experts diagnose. I comment on what >> burned me. ;-) >> >> Good luck, >> >> Dale >> >> Kevin Gutch wrote: >> >>> Dale, >>> >>> Thanks for the link. I have read it over and it seems that my error is >>> probably in winbind. All of these command work. >>> * >>> net ads join -U Administrator* >>> wbinfo -u >>> wbinfo -g >>> net ads info >>> >>> However, the "winbind getent passwd" indicates the passwords are still >>> coming from the local machine. I can provide you with whatever files you >>> would like to see. >>> Below is my nsswitch.conf file: >>> >>> Thanks in advance. >>> >>> >>> # >>> # /etc/nsswitch.conf >>> # >>> # An example Name Service Switch config file. This file should be >>> # sorted with the most-used services at the beginning. >>> # >>> # The entry '[NOTFOUND=return]' means that the search for an >>> # entry should stop if the search in the previous entry turned >>> # up nothing. Note that if the search failed due to some other reason >>> # (like no NIS server responding) then the search continues with the >>> # next entry. >>> # >>> # Legal entries are: >>> # >>> # nisplus or nis+ Use NIS+ (NIS version 3) >>> # nis or yp Use NIS (NIS version 2), also called YP >>> # dns Use DNS (Domain Name Service) >>> # files Use the local files >>> # db Use the local database (.db) files >>> # compat Use NIS on compat mode >>> # hesiod Use Hesiod for user lookups >>> # [NOTFOUND=return] Stop searching if not found so far >>> # >>> >>> # To use db, put the "db" in front of "files" for entries you want to be >>> # looked up first in the databases >>> # >>> # Example: >>> #passwd: db files nisplus nis >>> #shadow: db files nisplus nis >>> #group: db files nisplus nis >>> >>> passwd: compat winbind >>> shadow: compat >>> group: compat winbind >>> >>> #hosts: db files nisplus nis dns >>> hosts: files dns >>> >>> # Example - obey only what nisplus tells us... >>> #services: nisplus [NOTFOUND=return] files >>> #networks: nisplus [NOTFOUND=return] files >>> #protocols: nisplus [NOTFOUND=return] files >>> #rpc: nisplus [NOTFOUND=return] files >>> #ethers: nisplus [NOTFOUND=return] files >>> #netmasks: nisplus [NOTFOUND=return] files >>> >>> bootparams: nisplus [NOTFOUND=return] files >>> >>> ethers: files >>> netmasks: files >>> networks: files >>> protocols: files winbind >>> rpc: files >>> services: files winbind >>> >>> netgroup: files winbind >>> >>> publickey: nisplus >>> >>> automount: files winbind >>> aliases: files nisplus >>> >>> >>> -------------------------------------------------------------------------------------------------- >>> >>> Dale Schroeder wrote: >>> >>> >>>> Kevin, >>>> >>>> Without your Samba version and smb.conf, it is hard to diagnose what >>>> the problem might be. >>>> Since many use "security = ADS" and winbind to authenticate against a >>>> W2K3 domain, see if these resources are of any help to you: >>>> >>>> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 >>>> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 >>>> >>>> >>>> Dale >>>> >>>> Kevin Gutch wrote: >>>> >>>> >>>>> Hello, >>>>> Mime-Version: 1.0 >>>>> Content-Transfer-Encoding: 7bit >>>>> Content-Type: text/plain; charset=ISO-8859-1 >>>>> >>>>> I have been able to use Samba to join our Win2003 domain. I have also >>>>> setup folders and permissions in the smb.conf file. I can browser to the >>>>> Samba Shares 2 ways, thru network neighborhood and by UNC/ip address. >>>>> Both of these methods prompt me for login which is not successful. I >>>>> assumed that if I userA had permissions to a folder in the smb.conf file >>>>> that Windows userA would e able to access wit no problems as long as he >>>>> was logged onto the domain. >>>>> >>>>> Does anyone have any suggestions or troubleshooting tips? >>>>> >>>>> Thanks, >>>>> >>>>> Kevin >>>>> >>>>> >>>>> >>> >>> > >
Apparently Analagous Threads
- Bug 1465523 - smbd killed by SIGABRT daily
- kernel error smb_errno: class ERRSRV, code 91 from command 0x32
- Samba / AD authentication - one machine only !!!!
- Authentication stops working after approx 5 mins -getent passwd fixes it for 5-10 mins
- Mail has quit working