Hello samba users,
Im trying to setup samba 2.2.5 with winbindd to work with nt4.0 domain
style. Samba is working OK without winbindd - users can see server,
share. Also they can write to directorie with read, write list
enabled.
I have added that server to NT DOMAIN through SERVER MANAGER from NT,
and smpasswd -j DOMAIN -r PCD -U Admin from linux box - that stage is
OK - i can see the server from NT User Manager so my linux box is in
DOMAIN.
As the faq said I added the following lines to my smb.conf:
workgroup = SZPERACZE
security = DOMAIN
encrypt passwords = Yes
password server = PASSSERV
domain logons = no
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind cache time = 5
winbind use default domain = No
template shell = /bin/bash
template homedir = /home/%D/%U
wbinfo -u gives me a proper list of user from DOMAIN (DOMAIN+username
style)
wbinfo -g gives me proper list of groups from DOMAIN
[root@srubka samba]# wbinfo -n user
S-1-5-21-901448495-183529283-701057205-1327 1
[root@srubka samba]# wbinfo -n user2
S-1-5-21-901448495-183529283-701057205-1565 1
[root@srubka samba]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1327 1
DOMAIN+user 1
[root@srubka samba]# wbinfo -s S-1-5-21-901448495-183529283-701057205-1565 1
DOMAIN+user2 1
[root@srubka samba]# wbinfo -S S-1-5-21-901448495-183529283-701057205-1327 1
10026 - it is ok - getent passwd|grep 10026 - user
Output from getent passwd and getent group looks also ok - i can users
and groups - ofcourse when winbindd is switch on.
My /etc/pam.d/samba looks like:
#%PAM-1.0
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
account required /lib/security/pam_winbind.so
I made [test] share:
[test]
path = /home/test
read list = DOMAIN+user DOMAIN+user2
write list = DOMAIN+user DOMAIN+user2
read only = No
vfs object = /usr/lib/samba/vfs/recycle.so
vfs options = /etc/samba/recycle.conf
The problem is:
user or user2 cant connect [test] share because:
/var/log/samba/log.winbind
[2002/07/20 21:41:48, 1] nsswitch/winbindd_util.c:init_domain_list(152)
getting trusted domain list
[2002/07/20 21:43:41, 3] nsswitch/winbindd_group.c:winbindd_getgroups(770)
[ 4228]: getgroups nobody
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(37)
[ 4228]: lookupsid S-1-5-21-901448495-183529283-701057205-513
[2002/07/20 21:43:41, 3] libsmb/namequery.c:resolve_lmhosts(768)
resolve_lmhosts: Attempting lmhosts lookup for name PASSSERV<0x20>
[2002/07/20 21:43:41, 4] libsmb/namequery.c:getlmhostsent(532)
getlmhostsent: lmhost entry: 127.0.0.1 localhost
[2002/07/20 21:43:41, 3] libsmb/namequery.c:resolve_hosts(808)
resolve_hosts: Attempting host lookup for name PASSSERV<0x20>
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_in(813)
bind succeeded on port 0
[2002/07/20 21:43:41, 4] libsmb/nmblib.c:debug_nmb_packet(107)
nmb packet from 10.10.12.27(137) header: id=16507 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=DOMAIN<1c> rr_type=33 rr_class=1 ttl=0
answers 0 char .PASSSERV hex 0B5255444F4C46202020202020202020
answers 10 char D.PASSSERV hex 2044005255444F4C4620202020202020
answers 20 char .D.DOMAIN hex 2020004400535A50455241435A452020
answers 30 char ...DOMAIN hex 2020202000C400535A50455241435A45
answers 40 char ...DOMAIN hex 2020202020201CC400535A5045524143
answers 50 char ZE ...PASS hex 5A452020202020201EC4005255444F4C
answers 60 char F .D.ADM hex 4620202020202020202003440041444D
answers 70 char INISTRATOR .D.P hex 494E4953545241544F52202003440052
answers 80 char SSSERV .D hex 55444F4C462020202020202020200144
answers 90 char .DOMAIN hex 00535A50455241435A45202020202020
answers a0 char .D.DOMAIN hex 1B4400535A50455241435A4520202020
answers b0 char .D...__MSBROWS hex 20201D440001025F5F4D5342524F5753
answers c0 char E__............. hex 455F5F0201C400000102B1E8A7000000
answers d0 char ................ hex 00000000000000000000000000000000
answers e0 char ................ hex 00000000000000000000000000000000
answers f0 char ..... hex 0000000000
[2002/07/20 21:43:41, 3] nsswitch/winbindd_cm.c:cm_get_dc_name(205)
cm_get_dc_name: Returning DC PASSSERV (10.10.12.27) for domain SZPERACZE
[2002/07/20 21:43:41, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(236)
IPC$ connections done anonymously
[2002/07/20 21:43:41, 3] libsmb/cliconnect.c:cli_full_connection(980)
Connecting to host=PASSSERV share=IPC$
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_out(845)
Connecting to 10.10.12.27 at port 445
[2002/07/20 21:43:41, 2] lib/util_sock.c:open_socket_out(873)
error connecting to 10.10.12.27:445 (Connection refused)
[2002/07/20 21:43:41, 3] lib/util_sock.c:open_socket_out(845)
Connecting to 10.10.12.27 at port 139
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(140)
[ 4228]: sid to gid S-1-5-21-901448495-183529283-701057205-513
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_lookupsid(37)
[ 4228]: lookupsid S-1-5-21-901448495-183529283-701057205-512
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(140)
[ 4228]: sid to gid S-1-5-21-901448495-183529283-701057205-512
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(201)
[ 4228]: gid to sid 10000
[2002/07/20 21:43:41, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(201)
[ 4228]: gid to sid 10001
[2002/07/20 21:43:41, 3] nsswitch/winbindd_group.c:winbindd_getgroups(770)
[ 4228]: getgroups nobody
^^^^^^ ????????
Logging in my smb.conf is:
log file = /var/log/samba/samba-log.%U
and the file is ok - it is samba-log.user so samba see that user is
connected
What is wrong with my conf ?
ps. Thanks for Your responses about my "recycle bin" problem !!!!!
--
Best regards,
gnu_is_not_unix