Hello! I set debug level 10 to samba 2.2.0 and now see in log: [2001/05/10 08:31:48, 10] smbd/uid.c:gid_to_sid(409) gid_to_sid: winbind lookup for gid 5284 failed - trying local. How can I say to samba to not try use winbind? -- Wire connection and Windows reinstallation senior engineer Dmitry Melekhov http://www.belkam.com/~dm 2:5050/11.23@fidonet
I would like to know if there's someone out there that got winbind working
in a Conectiva Linux plataform, please contact me. (PLEASE HELP).
Thanks,
Rafael
-------------- next part --------------
HTML attachment scrubbed and removed
Hi, Is winbind in cvs working at the mo? wbinfo -t sez 'secret is bad', though all other aspects of my samba installation work. Any idea what might cause that? Thanks, Mike
Hi,
I got my samba working well, i can see the directories of the samba server
from my nt machine, but when i start winbindd and try to access the samba server
i get the message "The server is not configured for transactions"
Rafael
-------------- next part --------------
HTML attachment scrubbed and removed
Hi guys, thanks to my older question about pam_winbind.so. Now I have another problem of authentication using samba & winbind. I'm able to login via telnet to my Linux box using DOMAIN+user, but (from Windows) I'm not able to create a new file into a L.B. share because "denied access"; in Linux my share is owned of DOMAIN+user:DOMAIN+user and is 775 permissions. I have configured "/etc/pam.d/login", "/etc/pam.d/samba ?" like exmples in HowTo. Some1 can help me. Tanks, Dadi
HI,
I wonder if there is a way that I can see the DOMAIN+Users of a
SambaServer from a linuxbox-client ?
Thanks,
Rafael
-------------- next part --------------
HTML attachment scrubbed and removed
i apologize if this is out of line, but is there some sort of memory leak in winbind? im running the latest stuff and ive had the mem usage at 70% and above. sometimes the daemon dies too... ive done this from source and rpm... harley .. __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
yes harley - in 2.2.2 winbindd has quite a dramatic memory leak. this seems to have been fixed in 2.2.3pre. I ran into more serious problems with that release so have fallen back to 2.2.2 again for my winbindd process. The 2.2.2 release is pretty stable despite the memory leak. To deal with the leak I run an awk script every five minutes which monitors winbindd's size in memory and at a certain threshhold (20%) kills it and restarts. Seems to work well and users do not feel it. We have about 40 users and winbindd restarts about once a day. Let me know if you want me to post the awk script, Noel -----Original Message----- From: harley mcdonald [mailto:harleyqmcdonald@yahoo.com] Sent: 18 January 2002 22:17 To: samba@samba.org Subject: winbind i apologize if this is out of line, but is there some sort of memory leak in winbind? im running the latest stuff and ive had the mem usage at 70% and above. sometimes the daemon dies too... ive done this from source and rpm... harley .. __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Dear Sirs, what is winbind and why isn't it supported under FreeBSD ? Regards, Ilia Chipitsine
Winbind is a way of getting authentication information from an NT PDC. This information is provided through the operating system's nsswitch mechanism, at which time it becomes usable in the same way information from the passwd file or NIS would be. The upshot is you can let NT domain users authenticate to a Samba system (or, for that matter, log in with telnet, ssh, ftp, etc.) without having to create local password file entries. My understanding is the reason it's not supported on FreeBSD is that FreeBSD lacks an nsswitch mechanism that allows external extensions to be added. -----Original Message----- From: Ilia E. Chipitsine [mailto:ilia@cgu.chel.su] Sent: Wednesday, February 20, 2002 11:05 PM To: samba@lists.samba.org Subject: [Samba] winbind Dear Sirs, what is winbind and why isn't it supported under FreeBSD ? Regards, Ilia Chipitsine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
What is winbind, is it automatically installed with samba 2.2.3a do I need it if I want W2k to logon to my samba server??? Thanking you guyz John -------------- next part -------------- HTML attachment scrubbed and removed
Does anybody know if it is possible to set-up winbind on an AIX server?? _____ Carl Routledge Information Systems Support Administrator UCB Films plc e-mail: <mailto:carl.routledge@ucb-group.com> carl.routledge@ucb-group.com tel: +44 (0) 16973 4-1322 \ 41709 _____
Hello IS there ANYBODY who has got winbind working on Solaris ?. Is this thing not compliant to Solaris or is there anything to work around? Please help
Hi all, I use winbind, winbind works perfect. I can see all the NT users but i can't login. No idea what the problem is pam.d ==> login is fine also This is the error i get in messages: Jul 1 09:58:36 server13 samba: smbd shutdown succeeded Jul 1 09:58:36 server13 samba: nmbd shutdown succeeded Jul 1 09:58:36 server13 samba: winbindd shutdown succeeded Jul 1 09:58:37 server13 samba: smbd startup succeeded Jul 1 09:58:37 server13 samba: nmbd startup succeeded Jul 1 09:58:37 server13 samba: winbindd startup succeeded Jul 1 09:59:00 server13 PAM_pwdb[11638]: check pass; user unknown Jul 1 09:59:01 server13 login[11638]: FAILED LOGIN 1 FROM (null) FOR SEARO+Administrator, User not known to the underlying authentication module Jul 1 09:59:10 server13 PAM_pwdb[11638]: check pass; user unknown Jul 1 09:59:11 server13 login[11638]: FAILED LOGIN 2 FROM (null) FOR SEARO+philippe, User not known to the underlying authentication module Philippe Dhont HELP PLZ!
Looking for some help on getting winbind to work correctly with our NT domain. I can see all of the domain users, but can not authenticate as one. wbinfo -t yields "bad secret" error message. Looking for any guidance. Thanks
G'day all I am tring to get winbind to connect to my samba PDC, am I able to do this or does it NEED to be a windows PDC? Thanks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | Message: 19 | Date: Fri, 6 Sep 2002 08:53:52 +0200 | To: samba@lists.samba.org | Subject: Re: [Samba] winbind | From: Grzegorz Kusnierz <konik@v-lo.krakow.pl> | | On Fri, Sep 06, 2002 at 06:21:08AM +0000, abartlet@dp.samba.org wrote: | |> On Fri, Sep 06, 2002 at 04:14:11PM +1000, cj wrote: | |> > G'day all |> > |> > I am tring to get winbind to connect to my samba PDC, |> > am I able to do this or does it NEED to be a windows PDC? | |> |> PDC must be running Samba 3.0alpha aka Samba HEAD. See pserver.samba.org |> |> Samba 2.2 does not support the required RPCs |> | | | Hm... we've got Samba 2.2 running as a PDC and a file server with winbind also on Samba 2.2 and it actually works. Then you should probably upgrade the samba on the PDC, as it is probably running 2.2.2 or older. Anyway, it is a much better solution to run LDAP instead, since then uid's will be consistent between your server and the client (which they won't be now), and then you can use NFS instead of smbfs. Plus you can start migrating to LDAP and eventually have your samba store passwords in LDAP. Plus, LDAP has it's uses. Buchan - -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9eJFfrJK6UGDSBKcRAn6YAKCyE1wLWFcMWQD1g0U4F5UMFB3rrgCeKceT ydSXn0F9abUKwzO+75p/rkg=odQD -----END PGP SIGNATURE-----
G'day all Im trying to get winbind to connect to a samba 2.2 PDC. on the samba client I run "/usr/local/samba/bin/smbpasswd -j OUTTHERE -r JANGO -U root" it than askes for a password, I type the correct password, but I get this error message "error setting trust account password: NT_STATUS_ACCESS_DENIED" "Unable to join domain OUTTHERE." On the PDC server I check the log files and this is what is displayed "libsmb/smbencrypt.c:decode_pw_buffer(263)" " decode_pw_buffer: incorrect password length (1147142624)" Any one have any ideas as to what these errors mean. Thanks
I've seen several posts now relating to winbind and NT domain authentication. Has anyone managed to get this working or are there just a group of us trying to do the impossible? I've seen the posts ignored or the person advised to use security = anything other that domain and create the user accounts. I have more than 2000 users here, I'm not about to create another 2000 user accounts just to use a samba server. Could people please let me know is anyone else sucessfully using winbind and if not, why not? If there is anyone out there who has cracked this could you please pint the rest of us in the right direction. Sue
Thanks to everyone who has provided information on this. I have a lot to read and try out now. Thanks again Sue
Sorry I missed the original post I think. We have been using winbinnd successfully for over a year now. Since 2.2.4 it has been trouble free, interacting with both NT4 domains and Win2000 ADS domains. If someone can repost the problem outline? Noel -----Original Message----- From: jra@dp.samba.org [mailto:jra@dp.samba.org] Sent: 30 September 2002 17:27 To: suzanne.davies@btinternet.com Cc: samba@samba.org Subject: Re: [Samba] Winbind On Mon, Sep 30, 2002 at 11:19:05AM +0100, suzanne.davies@btinternet.com wrote:> I've seen several posts now relating to winbind and NT domainauthentication. Has anyone managed to get this working or are there just a group of us trying to do the impossible? I've seen the posts ignored or the person advised to use security = anything other that domain and create the user accounts. I have more than 2000 users here, I'm not about to create another 2000 user accounts just to use a samba server. Could people please let me know is anyone else sucessfully using winbind and if not, why not? If there is anyone out there who has cracked this could you please pint the rest of us in the right direction.>Yes, we (HP) are successgfully using winbindd in the print server appliance product. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.384 / Virus Database: 216 - Release Date: 21/08/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 19/09/2002
I, too, have been successfully using winbindd, albeit in a smaller environment. (~30 users) It's worked very well on our file server. I've been using it since pre-2.2.2, I think. More recently I started using it to authenticate ssh logins to one of our machines, to avoid having to deal with multiple passwords for users. So far it's worked well for that, too.
Hi, I have winbind working, as wbinfo -u wbinfo -g wbinfo -t getent passwd getent group all displays valide results. However, when I clicked on tried to get to the shared home from network neighborhood I keep getting prompt for password. No matter what I enter the prompt continues. I see /home/MY_SERVER/user1 is created, and I did login as user1 on W2K station. I don't have a samba user1 though. Would someone please give me a few pointers? Does entering %H for path %S for valid user on the HOME share matters? Thanks. Regards, Norman
Problem: Getting 'Access Denied' when trying to create or modify files
on
samba
share.
I'd add some log files and my 'samba' and 'login' files from
'pam.d' but am
concerned already about the length of my post.
Is there anything obvious that I am missing with what I have provided?
==================================================================
Goal: Create samba share from where we may (1)install and run various
applications.
Additionally, we'd like the share to have 'NT-like permissions' of
'Everyone -
Full Control' and (2) serve up certain files with certain account-based
security.
*and* we'd like to not have to create duplicate user accounts on Linux.
=================================================================
Setup:
Samba server: Redhat 7.2, Samba 2.2.6
Domain PDC: NT 4.0
Clients: Windows 98SE; Windows2000 Professional SP2; Windows NT 4.0
=================================================================testparm -- ok
wbinfo -g and -u are also ok
secret is good
===================================================================smb.conf
# Global parameters
[global]
workgroup = GPSC
netbios name = WILLIAM
server string = GPSC Application Samba Server
interfaces = lo eth0
bind interfaces only = Yes
security = DOMAIN
encrypt passwords = Yes
map to guest = Bad User
password server = *
log level = 3
log file = /var/log/samba.%m
max log size = 50
keepalive = 30
os level = 2
local master = No
dns proxy = No
wins server = 192.168.1.2
kernel oplocks = No
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/win/%D/%U
winbind separator = +
invalid users = root
printer admin = @DOM+PRINTADMIN
hosts allow = 127. 192.168.
print command lpq command lprm command
[homes]
comment = Home Directories
read only = No
create mask = 0750
browseable = No
[test]
comment = Trying to get winbind to work
path = /home/apps
read only = No
Warm regards,
Steven S. Macfarlane
tel 712.204.8875
I have been looking a t winbind recently. Is it possible to configure winbind and not join the microsoft network and use nss_wins to retrieve the window host address? So far the It organization has not responded to a request to allow the machine to join the microsoft network. I need to get the window machines host ip address for the Linux system. -- Joseph Loo jloo@acm.org
We are in the process of implementing Linux-cum-samba in our NT environment. We are trying to integrate the security with winbind. Joined the NT domain, no problem. Can list the users and groups thru wbinbfo. Gave a uid and gid range to the nt users in smb.conf. made couple of changes in nsswitch as suggested by the documentation, password: files winbind and groups: files winbind. It seems that this version of samba had already winbind integrated so that we didn't have to compile it again and we didn't do anything in the PAM area. The permissions on the linux box map to:owner, group and everyone only. No more users/groups can be added but it seems you can amend this three entries. How can we implement the file and directory permissions with the same granularity as the NT, using samba and winbind, since there is no concept of local and global groups on the linux box? I am not a linux or unix expert, so any seemingly simple stuff could help in my case. Any help is appreciated. Yousef PS: We have downloaded all the relevant documentation, but they seem to be for earlier versions of linux and samba such as 7.1. Nothing specifically written for Linux 8.0 and samba 2.2.7. -------------- next part -------------- HTML attachment scrubbed and removed
In order to assign more than one user/group permissions you need to have EA/ACL's enabled on the kernel and have Samba compiled with them enabled as well. You won't be able to be as granular with the permissions as NT, you are still limited to r-w-x permission bits. Check out http://acl.bestbits.at <http://acl.bestbits.at> HTH Josh -----Original Message----- From: Yousef I. Adan [mailto:yousef@emirates.net.ae] Sent: Tuesday, December 03, 2002 12:43 AM To: samba@lists.samba.org Subject: [Samba] winbind We are in the process of implementing Linux-cum-samba in our NT environment. We are trying to integrate the security with winbind. Joined the NT domain, no problem. Can list the users and groups thru wbinbfo. Gave a uid and gid range to the nt users in smb.conf. made couple of changes in nsswitch as suggested by the documentation, password: files winbind and groups: files winbind. It seems that this version of samba had already winbind integrated so that we didn't have to compile it again and we didn't do anything in the PAM area. The permissions on the linux box map to:owner, group and everyone only. No more users/groups can be added but it seems you can amend this three entries. How can we implement the file and directory permissions with the same granularity as the NT, using samba and winbind, since there is no concept of local and global groups on the linux box? I am not a linux or unix expert, so any seemingly simple stuff could help in my case. Any help is appreciated. Yousef PS: We have downloaded all the relevant documentation, but they seem to be for earlier versions of linux and samba such as 7.1. Nothing specifically written for Linux 8.0 and samba 2.2.7. -------------- next part -------------- HTML attachment scrubbed and removed
It sounds like you want to include ACL Support, which I don't believe is the default in most samba packages. As ACL support is still an experimental kernel feature, you will need to patch your kernel, and install Extended Attribute, ACL support and a modified e2fsprogs so that ls, chmod, etc. work properly. These, along with very good installation instructions, can be found at http://www.acl.bestbits.at . We set it up on a Debian machine with minimal headaches, the RPM packages should make it a no-brainer on Redhat. Then you will need to build a new samba rpm --with-acl-support to enable the ability for granular permissions. Good luck! Tom Hallewell Network and Information Services Department Radio Free Asia Washington, DC Message: 11 Date: Tue, 03 Dec 2002 10:43:25 +0400 From: "Yousef I. Adan" <yousef@emirates.net.ae> To: samba@lists.samba.org Subject: [Samba] winbind> We are in the process of implementing Linux-cum-samba in our NT > environment. We are trying to integrate the security with > winbind. Joined the NT domain, no problem. Can list the users and > groups thru wbinbfo. Gave a uid and gid range to the nt users in > smb.conf. made couple of changes in nsswitch as suggested by the > documentation, password: files winbind and groups: files winbind. > It seems that this version of samba had already winbind > integrated so that we didn't have to compile it again and we > didn't do anything in the PAM area. > > The permissions on the linux box map to:owner, group and everyone > only. No more users/groups can be added but it seems you can > amend this three entries. How can we implement the file and > directory permissions with the same granularity as the NT, using > samba and winbind, since there is no concept of local and global > groups on the linux box? I am not a linux or unix expert, so any > seemingly simple stuff could help in my case. > > Any help is appreciated. > > Yousef > > PS: We have downloaded all the relevant documentation, but they > seem to be for earlier versions of linux and samba such as 7.1. > Nothing specifically written for Linux 8.0 and samba 2.2.7. >
Hi all.
Have been running samba fine for ages now, have started to play with
winbind. Sad to say I am not having any luck in getting the winbind to work.
Here is my winbind part of the smb.conf
#Windbind Global Settings
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
and here is what the log.winbind is saying
Could not look up dc's for domain SPORTODDS
[2003/01/02 12:59:59, 3]
nsswitch/winbindd_cm.c:get_connection_from_cache(406)
Could not open a connection to SPORTODDS for \PIPE\lsarpc
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2003/01/02 13:00:09, 1] nsswitch/winbindd_util.c:init_domain_list(144)
Retrying startup domain sid fetch for SPORTODDS
[2003/01/02 13:00:09, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(98)
Could not look up dc's for domain SPORTODDS
[2003/01/02 13:00:09, 3]
nsswitch/winbindd_cm.c:get_connection_from_cache(406)
Could not open a connection to SPORTODDS for \PIPE\lsarpc
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
[2003/01/02 13:00:19, 1] nsswitch/winbindd_util.c:init_domain_list(144)
Retrying startup domain sid fetch for SPORTODDS
[2003/01/02 13:00:19, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(98)
Could not look up dc's for domain SPORTODDS
[2003/01/02 13:00:19, 3]
nsswitch/winbindd_cm.c:get_connection_from_cache(406)
Could not open a connection to SPORTODDS for \PIPE\lsarpc
(NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND
Is anyone able to point me the right direction.
Thanks
Pete
> -----Original Message----- > From: Peter Milburn [mailto:peterm@sportodds.com]> and here is what the log.winbind is saying > > > Could not look up dc's for domain SPORTODDS > [2003/01/02 12:59:59, 3] > nsswitch/winbindd_cm.c:get_connection_from_cache(406) > Could not open a connection to SPORTODDS for \PIPE\lsarpc > (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)Try specifying your domain controller directly in smb.conf, using a "password server =" line. I've had really bad luck with "password server *", it just doesn't work reliably for me.
Thanks for the little work around David. inthe password server I had the IP address changed it to the name of the machine was abale to get users and groups from the nt domain conroller. A problem I am having now is when I am trying ./wbinfo -r user "Could not get groups for user peter" [2003/01/03 09:28:25, 3] nsswitch/winbindd_group.c:winbindd_getgroups(791) [17886]: getgroups peterm this is what I get from winbind on log level3. Any suggestions on this ? Thanks heaps again Pete -----Original Message----- From: David Brodbeck [mailto:DavidB@mail.interclean.com] Sent: Friday, 3 January 2003 5:20 AM To: Peter Milburn; Samba (E-mail) Subject: RE: [Samba] Winbind> -----Original Message----- > From: Peter Milburn [mailto:peterm@sportodds.com]> and here is what the log.winbind is saying > > > Could not look up dc's for domain SPORTODDS > [2003/01/02 12:59:59, 3] > nsswitch/winbindd_cm.c:get_connection_from_cache(406) > Could not open a connection to SPORTODDS for \PIPE\lsarpc > (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)Try specifying your domain controller directly in smb.conf, using a "password server =" line. I've had really bad luck with "password server *", it just doesn't work reliably for me.
Update on my previous email OK when I setup a config and write a file to the share. I get the permissions from the file saying domain+user. But I can still not do the ./wbinfo -u or -g any ideas one what I am missing Thanks heaps (again) Pete
i'm tryin to make a suse-linux box to log into an windows 2k server.... i trying.. using winbind.. coz i don't know other way... i took a look at samba.org home page.. and i readed a how to which explains what to do.. but 2 of the '.so' files which i need to set at /etc/pam.d/login .. does not exists.. pam_stack.so pam_console.so thanx in advance Igor ps. i just sent this mail to samba@samba.org.. how can i subscribe to read the answers and other guys questions ? -------------- next part -------------- HTML attachment scrubbed and removed
Greetings from Brazil, I installed winbind and everything seems good, but i have kde installed and i'm trying to run windowmaker.. if i choose 'failsafe' or log into the black terminal it runs ok.. but when i try to log into the windowmaker.. it does not log in... what should i do ? other question.. is there a way to log with the local accounts when winbind is runnning ? i can only login with the Win 2k server account.. local accounts as 'root' and others.. can't be logged.. what should i change and where ? Thanx in advance... Igor Debacker igor@ccj.ufsc.br -------------- next part -------------- HTML attachment scrubbed and removed
Ola a todos da LISTA.... Estou tentando connectar o meu winbind e recebo Could not connect to a dc for domain SURSON , qdo dou winbindd -i -d 100 O mais gozado ? que qdo dou smbclient //firewall/homes e a senha ele devolve: session setup failed: NT_STATUS_LOGON_FAILURE qdo dou smbclient //firewall/homes -U Administrador e depois a senha ele devolve [root@firewall init.d]# smbclient //firewall/homes -U Administrator added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Got a positive name query response from 192.168.1.2 ( 192.168.1.1 ) Password: Domain=[SURSON] OS=[Unix] Server=[Samba 2.2.3a] tree connect failed: NT_STATUS_WRONG_PASSWORD O problema ? que //firewall ? o BOX LINUX...... se eu der :smbclient //cleo/downloads -U Administrator e a senha eu recebo a resposta correta Got a positive name query response from 192.168.1.2 ( 192.168.1.2 ) Password: Domain=[SURSON] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] smb: \> O mais gozado ? que se eu for via EXPLORER DO WIN2K e der \\firewall logado como Administrator tudo ROLA NORMAL e ele entra e lista as diretorios. O QUE SERA QUE TA ROLANDO??????? --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/2/2003
hello users! thanx ianux :-) i've installed winbind aon my linux computer and i have a win 2k server. i've succeed to insert the linux box into the ad but when i try getent passwd on the linux, i have only the local users .... how can i do if i want that my domain win 2k users can open a session on linux ..... ? (does someone have a good doc on winbind, how it works etx ... ?) thanks a lot !! chris ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en fran?ais ! Yahoo! Mail : http://fr.mail.yahoo.com