samba - Aug 2002 - Winbind Auth with 2K ADS Domain Problems

Hi there,

I'm not that new in Samba, just paused a little while ;) My actual problem
is, that I try to setup a FreeBSD Samba Server who should control share access
with authenticating users in a win2k ads domain. The 2K Domain is setup
correctly (I think so). Now I created three test shares on the samba server
after setting up smbb, nmbd and winbindd. Problem now is any time I try
accessing one of the shares, I get a permission denied from any 2k or XP
Workstation. Even tried the server but the same problem. If I enter root/pass in
the appearing dialog, access is granted as root, but not one of the domain user
or the administrator can login. If I put a domain user in the master.passwd
manually (tried it with the "Administrator" account") everything
works as expected. Why isn't winbindd authenticating my users correctly?

Another thing is, that if I authenticate now as root or Administrator a new
share with the name of the entered user appears with the basedir set to the
defined /homes dir. Why?

wbinfo -t shows: "Secret is good"
wbinfo -u shows all users which reside in the Domain Datahaven. But I wonder why
they are listed as:

user1
user2
etc

instead of:

Datahaven+user1
Datahaven+user2
etc

Here's my smbd.conf:

# Global parameters
[global]
        workgroup = DATAHAVEN
        netbios name = MORGANA
        security = DOMAIN
        encrypt passwords = Yes
        null passwords = Yes
        min passwd length = 0
        password server = *
        log level = 3
        log file = /var/log/log.%m
        max log size = 50
        name resolve order = host lmhosts wins bcast
        load printers = No
        local master = No
        domain master = False
        dns proxy = No
        valid chars = - _
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template homedir = /data120/home/%U
        winbind use default domain = Yes
        winbind separator = +
        hosts allow = 10.2.0.

[homes]
        comment = Home
        path = /data120/home
        read only = No

[test]
        comment = Testing
        path = /data120/test
        valid users = root Administrator Datahaven\Administrator
        read only = No

[Download]
        comment = Test share to /data80
        path = /data80
        read only = No

---

and in my /etc/nsswitch.conf I entered:

passwd: files winbind
group: files winbind

---

Another thing is that in my FreeBSD installation there is no /lib so i copied
the files in /usr/lib (where I found the other .so's).

I would have tried it on Linux but there were extreme problems with my hardware
and BSD installed in half an hour correctly ;))

Would be very nice if any of you gurus could solve one of the problems!!

(I know, best way is to kick the 2K Server to trash ;))


Greets,

Jens

<snip>
> Datahaven. But I wonder why they are listed as:
> 
> user1
> user2
> etc
> 
> instead of:
> 
> Datahaven+user1
> Datahaven+user2
> etc
> 
You have "winbind use default domain = Yes" set in smb.conf.  Set it
to No
and you will see the domains the way you expect.

<snip>
> [test]
>         comment = Testing
>         path = /data120/test
>         valid users = root Administrator Datahaven\Administrator
>         read only = No
>
You might have better luck if you change Datahaven\Administrator to
Datahaven+Administrator.  This is a guess here, but the original looks
wrong.
 
<snip>
> Another thing is that in my FreeBSD installation there is no 
> /lib so i copied the files in /usr/lib (where I found the 
> other .so's).
> 
winbindd started and is returning users, so the library is apparently there.
I know this isn't much, but I hope this helps.

Cary

Hi!
> <snip>
> > Datahaven. But I wonder why they are listed as:
> > 
> > user1
> > user2
> > etc
> > 
> > instead of:
> > 
> > Datahaven+user1
> > Datahaven+user2
> > etc
> > 
> 
> You have "winbind use default domain = Yes" set in smb.conf.  Set
it to No
> and you will see the domains the way you expect.
Yes. Thanx.
 
> <snip>
> > [test]
> >         comment = Testing
> >         path = /data120/test
> >         valid users = root Administrator Datahaven\Administrator
> >         read only = No
> >
> 
> You might have better luck if you change Datahaven\Administrator to
> Datahaven+Administrator.  This is a guess here, but the original looks
> wrong.
Oops, my mistake. It is a "+" ;)
> <snip>
> > Another thing is that in my FreeBSD installation there is no 
> > /lib so i copied the files in /usr/lib (where I found the 
> > other .so's).
> > 
> 
> winbindd started and is returning users, so the library is apparently
there.
> 
> I know this isn't much, but I hope this helps.
> 
Thanx for trying to help. It's not much but a little bit. I thought winbindd
should insert User/groups into the passwd file so that they can login but
it's not working.

?!?

Jens