I have been trying to setup a Samba 2.2.6 server on FreeBSD 4.7. I want to
use my NT4 domain for authentication of users. I am getting confused reading
all the documents as to whether I need PAM or not. I have installed Samba
successfully and as far as I can tell it looks like it's working:
wbinfo -t returns "Secret is good"
wbinfo -u returns a list of all my domain users
wbinfo -g returns a list of all domain groups
wbinfo -a mydomain+myuser%mypassword returns success for both plaintext and
challenge/response
- Do I have to use PAM if all I want is to access the following Samba share
from my W2K clients?
- Should I install Samba configured using --with-winbind, or
--with-winbind-auth-challenge as well (I have tried both but neither work)
- If I do need PAM, I am reading conflicting info from the
/swat/help/PAM-Authentication-And-Samba.html file. It states "Note that
Samba always ignores PAM for authentication in the case of encrypt passwords
= yes", which I need if I am using security = domain
- If I do not need PAM to authenticate and it "appears" that I have
installed and configured samba / winbind properly as per the wbinfo lines
above, why can't I access the share?
- Do I need to create user accounts on the samba server? (I hope not, I
understand that's what winbind is for)
- Do I need to create any machine accounts? (Other than joining the samba
server to the domain.)
Here's my smb.conf:
# Samba config file created using SWAT
# from 10.110.22.40 (10.110.22.40)
# Date: 2002/11/16 15:19:26
# Global parameters
[global]
workgroup = MYDOMAIN
security = DOMAIN
encrypt passwords = Yes
password server = *
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
log level = 2
wins server = 192.168.0.7
[work]
path = /usr/work
valid users = @"Domain Users"
read only = No
Here's my log.smbd:
[2002/11/16 15:59:13, 2] param/loadparm.c:do_section(3055)
Processing section "[work]"
[2002/11/16 15:59:13, 2] lib/interface.c:add_interface(81)
added interface ip=10.110.22.78 bcast=10.110.23.255 nmask=255.255.254.0
[2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(92)
netbios connect: name1=EDM-GEO name2=EDM-02
[2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(111)
netbios connect: local=edm-geo remote=edm-02
[2002/11/16 15:59:48, 2] libsmb/namequery.c:name_query(421)
Got a positive name query response from 10.110.22.7 ( 10.110.22.7 )
[2002/11/16 15:59:48, 2] lib/util_sock.c:open_socket_out(874)
error connecting to 10.110.22.7:445 (Invalid argument)
[2002/11/16 15:59:54, 2] smbd/service.c:make_connection(331)
Invalid username/password for work [nobody]
[2002/11/16 15:59:56, 2] smbd/service.c:make_connection(331)
Invalid username/password for work [nobody]
[2002/11/16 16:00:47, 2] smbd/server.c:exit_server(461)
Closing connections