Hi. I'm not subscribed to the list, so if you can help, please e-mail me or CC me in the response. I've been using Samba for quite a while, and just set up a 2.2.2 server with winbind support. Console logins and SMB access work fine, wbinfo -t reports "Secret is good", and wbinfo -r domain+ntuser shows the right group number. In fact, the UID/GIDs are translated properly when I do an 'ls' on the filesystem. However, getent passwd or getent group only displays the local files - it does not seem to import any NT information. Likewise, wbinfo -u and wbinfo -g both fail with "Error looking up domain users/groups". /etc/nsswitch.conf has the required "passwd: files winbind" and "group: files winbind", and the system otherwise works fine, but its near impossible to figure out what groups are available/in use without looking at the NT server (and since our domain is more than 8 characters, Linux reports file ownership like: -rwxrwx--- 5 root OURDOMAI 4096 Dec 4 10:10 myfile.txt 'ls -ln' shows things to be numerically correct, but why does wbinfo -u or -g and getent fail to work properly. Thanks for any help you can provide
Hi everyone, I've been trying to use winbind in order to connect to WinNT PDC for authenticating user and also mapping user/group ids. We are using RH 7.3 Samba 2.2.3a I've followed the instruction provided in the document "Unified Logons between WindowsNT and UNIX using Winbind" We only want to authenticate SAMBA users so I've skipped the /etc/pam.d/* changes. This is the "impertant" entries of my smb.conf file workgroup = groupserv_melb netbios name = linux-smb netbios aliases = linux-test winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U template shell = /bin/bash password server = 138.79.130.20 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u add user script = /usr/sbin/useradd -d /home/winnt/%D/%U -s /bin/false -M %U The domain has been joined using smbpasswd Here are my questions: Everytime I enable domain logons on SAMBA and try the "wbinfo -t" I get Bad secret When the domain logons is disabled then the secret is good. if I type "wbinfo -u" I get all the domain users not a problem the same with the "wbinfo -g" for groups. Using the "add user script =" parameter trying to access the domain using smbclient eg. "smbclient //linux-smb/homes -W groupserv_melb -I 138.79.161.225 -U tst-steve" The home directory doesn't get created properly. The %D option is EMPTY. The user gets created in passwd/group/shadow but the HOME directory DOESN'T?? I get something like tst-steve:x:10058:10058::/home/winnt//tst-steve:/bin/false in the passwd file (with 2 // instead of the DOMAIN Name). Also winbindd log file complains about port 445 on the PDC [2002/09/30 16:02:24, 2] lib/util_sock.c:open_socket_out(858) error connecting to 138.79.130.20:445 (Connection refused) What does that port do? So what is the best way to do it if I want to authenticate the users from the WindowsNT PDC and also give them access to SAMBA shares using the Windows NT permissions? Thanks in advance. -- Steve Simeonidis Network Engineer, Spherion Education Spherion Group Ltd 1st Floor, 493 St. Kilda Rd, Melbourne VIC 3004, Australia Phone: +61 3 9243 2382 Fax: +61 3 9820 2010 Email: stevesimeonidis@spherion.com The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it.
> Message: 4 > From: "Simeonidis, Steve" <simes@cpgen.cpg.com.au> > Reply-To: SteveSimeonidis@spherion.com > To: samba@lists.samba.org > Date: Mon, 30 Sep 2002 16:48:52 +1000 > Subject: [Samba] Winbind help > > Hi everyone, > > I've been trying to use winbind in order to > connect to WinNT PDC for authenticating user and > also mapping user/group ids. > > We are using RH 7.3 Samba 2.2.3a > > I've followed the instruction provided in the document > "Unified Logons between WindowsNT and UNIX using Winbind" > > We only want to authenticate SAMBA users so I've skipped the > /etc/pam.d/* changes. > > This is the "impertant" entries of my smb.conf file > workgroup = groupserv_melb > netbios name = linux-smb > netbios aliases = linux-test > > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > template homedir = /home/winnt/%D/%U > template shell = /bin/bash > > password server = 138.79.130.20Rather use 'password server = *' for winbind> encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > unix password sync = Yes > passwd program = /usr/bin/passwd %u > > add user script = /usr/sbin/useradd -d /home/winnt/%D/%U -s /bin/false -M > %UDon't use this.> > The domain has been joined using smbpasswd > > Here are my questions: > Everytime I enable domain logons on SAMBA and try the > "wbinfo -t" I get Bad secret > When the domain logons is disabled then the secret is good.You shouldn't have domain logons enabled with winbind in 2.2.x.> > if I type "wbinfo -u" I get all the domain users not a problem > the same with the "wbinfo -g" for groups.Even when wbinfo -t doesn't work?> > > Using the "add user script =" parameter trying to access the domain > using smbclient eg. > "smbclient //linux-smb/homes -W groupserv_melb -I 138.79.161.225 -U > tst-steve" > The home directory doesn't get created properly. The %D option is EMPTY. > The user gets created in passwd/group/shadow but the HOME directory > DOESN'T?? > > I get something like > tst-steve:x:10058:10058::/home/winnt//tst-steve:/bin/false > in the passwd file (with 2 // instead of the DOMAIN Name).Rather use pam_mkhomedir, and enable pam session support in smb.conf to force samba to use pam_mkhomedir.> > Also winbindd log file complains about port 445 on the PDC > [2002/09/30 16:02:24, 2] lib/util_sock.c:open_socket_out(858) > error connecting to 138.79.130.20:445 (Connection refused) > What does that port do? >This isn't relevant to your problem AFAIK.> > So what is the best way to do it if I want to authenticate the users from the > WindowsNT PDC and also give them access to SAMBA shares using the Windows > NT permissions?Install Mandrake 9.0 using a network install, you can join the domain during installation. If you can't do a network install, you may need to do some stuff manually. ACLs are supported on XFS and ext2/ext3 (but, you must choose 'acl' as a mount option for them before it will work). If you can't get 9.0, 8.2 with the Mandrake RPMs from ftp.samba.org will get you about the same place as a non-network install of 9.0, except only ACLs on XFS. To get ACLs on RH7.x, you need to get the install ISO from SGI's XFS site, or rebuild the kernel and samba yourselfwith acl support. I am not sure about 8.0. You will find some relevant files in either samba CVS or Mandrake CVS, with examples for using pam_mkhomedir etc. Some of this is covered in http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html#winbind Regards, Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Hello, When I put 'wbinfo -u' always give me an error, can any one help me ?? ==> Error looking up domain users Thank you so much ! Agus ========================================================================Ikuti polling TELKOM Memo 166 di www.plasa.com dan menangkan hadiah masing-masing Rp 250.000 tunai. =========================================================================
> -----Original Message----- > From: Agus Santosa [mailto:agus.santosa@telkom.net]> When I put 'wbinfo -u' > > always give me an error, can any one help me ?? > > ==> Error looking up domain usersWhat do you get from 'wbinfo -t'? If it says 'Secret is bad', you aren't joined to the domain properly.
> -----Original Message----- > From: Agus Santosa [mailto:agus.santosa@telkom.net]> The message when I type : winbind -t is > > [root@att /]# wbinfo -t > Could not check secret > > Do you have any ideas??I'd try re-joining the domain. Be sure to remove the machine account and create a new one, first, using Server Manager. Then use smbpasswd -j to join. (I've had better luck with this method than with trying to do the whole procedure automatically using smbpasswd.)