Hey everybody,
I've been trying to get a Linux box (SuSE 7.3, Linux 2.4.10) setup as a file
server using Samba (v2.2.2) with authentication going to our WinNT PDC.
I've followed the instructions detailed in Winbind HOWTO, but I'm still
not
having any luck. It appears as though I've sucessfully added the box to the
domain and winbind seems to be running as I can obtain a listing of
users/groups from my PDC with wbinfo (and getent), but when I try to access
the share I'm getting this error:
[2002/01/14 14:34:26, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
Question #1: Does it make a difference which order i add the machine to the
domain? I've read suggestions where people say you should add it with
smbpasswd, and I've also read that you should add the machine beforehand
from the Windows side. It seems to me like they should both achieve the
same results.
Question #2: When I compiled Samba, I configured it with support for PAM and
Winbind, so shouldn't this be ok? I assume since winbind is working, that I
compiled it with the sufficient includes, but it just seems to be failing
during authentication. (I've made what I thought were the necessary changes
to /etc/pam.d/samba for this to work.)
Here's a copy of my smb.conf for reference.
# Global parameters
[global]
workgroup = PHS
server string = Samba Server
security = domain
encrypt passwords = Yes
password server = phsntpdc
template homedir = /home/%D/%U
log file = /usr/local/samba/var/log.%m
max log size = 50
domain logons = Yes
preferred master = False
local master = No
domain master = False
dns proxy = No
wins server = 159.116.5.6
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
netbios name = phslnx007
debug level = 10
[homes]
comment = Home Directories
path = /home/PHS
read only = No
guest ok = Yes
Also, here's my /etc/pam.d/samba.
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so
use_first_pass shadow nullok
account required /lib/security/pam_winbind.so
I've been searching through old messages in the list, trying to find a
solution, but I haven't found anything applicable. If this is a common
error that's been discussed before, I apologize. :)
Thanks,
Andy
Le Mercredi 16 Janvier 2002 14:17, Recknagel, Andrew a ?crit :> Question #1: Does it make a difference which order i add the machine to the > domain? I've read suggestions where people say you should add it with > smbpasswd, and I've also read that you should add the machine beforehand > from the Windows side. It seems to me like they should both achieve the > same results. >AFAIK, you have to create the machine account on the PDC first, then add it with smbpasswd. Maybe you can go only with smbpasswd, providing Admin login+passwd (I didn't tested this way myself) : -U username%password
Andrew, I ran into the same problems myself. I had to run two commands to get around this problem. First: /usr/local/samba/bin/smbpasswd -a -m MACHINENAME$ This creates a local machine account in the smbpasswd file. You will get an error if it already exists, but don't worry it will created it automatically. Second.: /usr/local/samba/bin/smbpasswd -j DOMAIN -r PDCNAME -U administratorname It will then prompt you for a password and should reply with Joined domain DOMAIN. Make sure the machine account doesn't already exist in Server Manager before doing this. Also, make sure the smbd, nmbd, winbindd daemons are stopped first. Let me know how this works out!! Good Luck, Josh Konkol On Wednesday 16 January 2002 12:39, Recknagel, Andrew wrote:> Hey everybody, > > I've been trying to get a Linux box (SuSE 7.3, Linux 2.4.10) setup as a > file server using Samba (v2.2.2) with authentication going to our WinNT > PDC. I've followed the instructions detailed in Winbind HOWTO, but I'm > still not having any luck. It appears as though I've sucessfully added the > box to the domain and winbind seems to be running as I can obtain a listing > of users/groups from my PDC with wbinfo (and getent), but when I try to > access the share I'm getting this error: > > [2002/01/14 14:34:26, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160) > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > > Question #1: Does it make a difference which order i add the machine to the > domain? I've read suggestions where people say you should add it with > smbpasswd, and I've also read that you should add the machine beforehand > from the Windows side. It seems to me like they should both achieve the > same results. > > Question #2: When I compiled Samba, I configured it with support for PAM > and Winbind, so shouldn't this be ok? I assume since winbind is working, > that I compiled it with the sufficient includes, but it just seems to be > failing during authentication. (I've made what I thought were the > necessary changes to /etc/pam.d/samba for this to work.) > > Here's a copy of my smb.conf for reference. > > # Global parameters > [global] > workgroup = PHS > server string = Samba Server > security = domain > encrypt passwords = Yes > password server = phsntpdc > template homedir = /home/%D/%U > log file = /usr/local/samba/var/log.%m > max log size = 50 > domain logons = Yes > preferred master = False > local master = No > domain master = False > dns proxy = No > wins server = 159.116.5.6 > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > template shell = /bin/bash > netbios name = phslnx007 > debug level = 10 > > > [homes] > comment = Home Directories > path = /home/PHS > read only = No > guest ok = Yes > > Also, here's my /etc/pam.d/samba. > > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_nologin.so > auth sufficient /lib/security/pam_winbind.so > auth required /lib/security/pam_pwdb.so > use_first_pass shadow nullok > account required /lib/security/pam_winbind.so > > I've been searching through old messages in the list, trying to find a > solution, but I haven't found anything applicable. If this is a common > error that's been discussed before, I apologize. :) > > Thanks, > Andy_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
On Wed, 16 Jan 2002, Recknagel, Andrew wrote:> I've been trying to get a Linux box (SuSE 7.3, Linux 2.4.10) setup as > a file server using Samba (v2.2.2) with authentication going to our > WinNT PDC. I've followed the instructions detailed in Winbind HOWTO, > but I'm still not having any luck. It appears as though I've > sucessfully added the box to the domain and winbind seems to be > running as I can obtain a listing of users/groups from my PDC with > wbinfo (and getent), but when I try to access the share I'm getting > this error: > > [2002/01/14 14:34:26, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160) > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT >...> Here's a copy of my smb.conf for reference. > > # Global parameters > [global] > workgroup = PHS > server string = Samba Server > security = domain > encrypt passwords = Yes > password server = phsntpdc > template homedir = /home/%D/%U > log file = /usr/local/samba/var/log.%m > max log size = 50 > domain logons = YesSet this to "no". Winbind is contacting the local smbd (thinking it is the PDC).> preferred master = False > local master = No > domain master = False > dns proxy = No > wins server = 159.116.5.6 > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > template shell = /bin/bash > netbios name = phslnx007 > debug level = 10