samba - Mar 2003 - RES: RES: Re: Winbind broken after 2.2.8 upgrade

I did it more then 12 times...

I have a lot of problems with winbind and NEVER I did receive a answer...
Sorry if I have a poore english:

I hve 3 installations with problems... I never saw this I think that Im not
a god SAMBA Administrator but I did read all the doc.... I dont have any
troubles with other soft, but with samba ehehehehehe

I did send e-mails to the lis in :

11/3. 12/3, 16/3, 18/3, 19, 20, 25, 27 with the same questions.... If you
want, please check it and will see if Im joking... Im 42 years old.



FIRST INSTALATION:

Can yoiu help m?

[root@firewall /etc]# smbpasswd -j surson -r cleo -U Administrator
Password:
Joined domain SURSON.
[root@firewall /etc]#


[root@firewall /etc]# smbclient //firewall/PUBLICO -UAdministrator added
interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Got a
positive name query response from 192.168.1.2 ( 192.168.1.1 )
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

When I try \\firewall\PUBLICO in the NT I receive a BOX to type USER and
PASSWD

Joe log.cleo

[2003/03/25 04:38:27, 0]
smbd/password.c:connect_to_domain_password_server(1307)
  connect_to_domain_password_server: machine CLEO rejected the tconX on the
IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:38:27, 0]
smbd/password.c:domain_client_validate(1554)
  domain_client_validate: Domain password server not available. [2003/03/25
04:38:27, 1] smbd/password.c:pass_check_smb(555)
  Couldn't find user 'surson+administrator' in passdb. [2003/03/25
04:38:27,
1] smbd/password.c:pass_check_smb(555)
  Couldn't find user 'surson+administrator' in passdb. [2003/03/25
04:38:27,
1] smbd/reply.c:reply_sesssetup_and_X(988)
  Rejecting user 'surson+administrator': authentication failed
[2003/03/25
04:38:27, 0] smbd/password.c:connect_to_domain_password_server(1307)
  connect_to_domain_password_server: machine CLEO rejected the tconX on the
IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:38:27, 0]
smbd/password.c:domain_client_validate(1554)
  domain_client_validate: Domain password server not available.


Joe.firewall

    IW   log.firewall
Row 1    Col 1    4:57    F1 for help
[2003/03/25 04:37:32, 0]
smbd/password.c:connect_to_domain_password_server(1307)
  connect_to_domain_password_server: machine CLEO rejected the tconX on the
IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:37:32, 0]
smbd/password.c:domain_client_validate(1554)
  domain_client_validate: Domain password server not available. [2003/03/25
04:37:32, 1] smbd/password.c:pass_check_smb(555)
  Couldn't find user 'surson+administrator' in passdb. [2003/03/25
04:37:32,
1] smbd/password.c:pass_check_smb(555)
  Couldn't find user 'surson+administrator' in passdb. [2003/03/25
04:37:32,
1] smbd/reply.c:reply_sesssetup_and_X(988)
  Rejecting user 'surson+administrator': authentication failed

Etc/smbusers

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest

Etc/smbpasswd

root:0:CHANGED BY MEeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:[UX
]:LCT-3E7AEA06:
Administrator:1CHANGED BY
MEeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:[UX
]:LCT-3E7FED90:
catena:500:CHANGED BY
MEeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:[UX         ]:LCT-3



Etc/passwd

Administrator:x:10032:10033::/home/Administrator:/dev/null
danilo:x:10033:10033::/home/danilo:/dev/null

Etc/pwdb.conf

#
# This is the configuration file for the pwdb library
#

user:
        unix+shadow
        nis+unix+shadow

group:
        unix+shadow
        nis+unix+shadow



etc/Pam.d/samba 

auth   required        /lib/security/pam_unix.so nullok shadow
account        required        /lib/security/pam_unix.so

#auth    required        /lib/security/pam_securetty.so
#auth    required        /lib/security/pam_nologin.so
#auth    sufficient      /lib/security/pam_winbind.so
#auth    required        /lib/security/pam_pwdb.so use_first_pass shadow
#account required        /lib/security/pam_winbind.so





SMB.conf
[global]
        workgroup = SURSON
        server string = Server FIREWALL usando  Samba
        interfaces = 192.168.1.1/24
        bind interfaces only = Yes
        security = DOMAIN
        encrypt passwords = Yes
        password server = cleo
        password level = 8
        username level = 8
        log level = 1
        log file = /var/log/samba/log.%m
        max log size = 50
        name resolve order = wins hosts lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 0
        preferred master = False
        local master = No
        domain master = False
        wins server = 192.168.1.2
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template homedir = /home/winnt/%D/%U
        template shell = /bin/bash
        winbind separator = +
        winbind cache time = 10
        hosts allow = 192.168.1. 192.168.2. 127.
        printing = lprng

[homes]
        comment = Home Directories
        valid users = %S
        admin users = root,Administrator,catena
        read only = No
        create mask = 0664
        directory mask = 0775
        strict allocate = Yes
        strict locking = Yes
[printers]
        comment = All Printers
        path = /var/spool/samba
        guest ok = Yes
        printable = Yes
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/spool/samba/netlogon
        write list = root

[Profiles]
        path = /var/spool/samba/profiles
        read only = No

[PUBLICO]
        comment = Diretorio Publico
        path = /home/samba
        guest ok = Yes

[pchome]
        comment = PC Directories
        path = /usr/pc/%u
        read only = No


SECOND Instalation:
Why this conf dont work?

A WIN95 machine list the shares but 98/win2k not


[root@linus init.d]# smbclient -L //linus U%
added interface ip=200.168.58.231 bcast=200.168.58.255 nmask=255.255.255.192
added interface ip=192.168.4.1 bcast=192.168.4.255 nmask=255.255.255.0
wins_srv_died(): Could not mark WINS server 127.0.0.1 down. Address not
found in server list. session request to LINUS failed (Not listening for
calling name)
wins_srv_died(): Could not mark WINS server 127.0.0.1 down. Address not
found in server list. session request to *SMBSERVER failed (Not listening
for calling name) [root@linus init.d]#




# Global parameters
[global]
    workgroup = ADVOCACIA
    netbios name = LINUS
    server string = Samba Server
    security = share
    encrypt passwords = yes
    log file = /var/log/samba/log.%m
    max log size = 50
    name resolve order = wins hosts
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    logon path = \\%N\profiles\%u
    logon home = \\LINUS\%u
    os level = 64
    preferred master = yes
    local master = No
    domain master = no
    dns proxy = No
    wins support = yes
    printing = lprng
    unix password sync = no
    map to guest = never
    password level = 0
    null passwords = no
    dead time = 0
    debug level = 0
    load printers = yes
    domain logons = no
    allow hosts = 192.168.4.0/ 255.255.255.0, 127.0.0.1

[netlogon]
    path = /usr/local/samba/lib/netlogon
    browseable = No
    available = yes

[homes]
    comment = Home Directories
    read only = No
    browseable = no
    available = yes
    public = no
    writable = no
    only user = no

[printers]
    comment = All Printers
    path = /var/spool/samba
    printable = Yes
    browseable = No

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.465 / Virus Database: 263 - Release Date: 25/3/2003
 

Franco Catena
http://www.surson.com.br
tel 011-44374040
cel:78535362
NEXTEL: 55*26006*1
MSN: facdavilla@hotmail.com
ICQ: 24755602



-----Mensagem original-----
De: Andrew Bartlett [mailto:abartlet@samba.org] 
Enviada em: quinta-feira, 27 de mar?o de 2003 18:37
Para: FRANCO
Cc: 'Andrew Bartlett'
Assunto: Re: RES: [Samba] Re: Winbind broken after 2.2.8 upgrade


On Thu, 2003-03-27 at 22:21, FRANCO wrote:
> Hi,
> 
> 
> I did send to you many e-mails where a show you manuy problems without 
> any response from you
> 
> WHY?
You should send such e-mails to the list.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.465 / Virus Database: 263 - Release Date: 25/3/2003

On Fri, 2003-03-28 at 09:46, FRANCO wrote:
> I did it more then 12 times...
> 
> I have a lot of problems with winbind and NEVER I did receive a answer...
> Sorry if I have a poore english:
There are a number of documents on 'how to get questions answered'
around on the net.  In particular, just repeating the question, or
complaining that your question isn't answered just gets people
frustrated.  Instead, show that you have tried to solve the problem
yourself.

For example, if you have downgraded back to 2.2.7, and the problem 'went
away', then this needs to be made clear.  If you didn't, how can you
claim it's a bug in 2.2.8?
> I hve 3 installations with problems... I never saw this I think that Im not
> a god SAMBA Administrator but I did read all the doc.... I dont have any
> troubles with other soft, but with samba ehehehehehe
Samba is a complex peice of software.  It's interactions with (often
separately maintained) Windows DCs is particularly complex.

If it doesn't occur on all your DCs, then you should look at what is
different.  This information should be present when you contact the
list.
> I did send e-mails to the lis in :
> 
> 11/3. 12/3, 16/3, 18/3, 19, 20, 25, 27 with the same questions.... If you
> want, please check it and will see if Im joking... Im 42 years old.
> 
> 
> 
> FIRST INSTALATION:
> 
> Can yoiu help m?
> 
> [root@firewall /etc]# smbpasswd -j surson -r cleo -U Administrator
> Password:
> Joined domain SURSON.
> [root@firewall /etc]#
> 
> 
> [root@firewall /etc]# smbclient //firewall/PUBLICO -UAdministrator added
> interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Got a
> positive name query response from 192.168.1.2 ( 192.168.1.1 )
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> When I try \\firewall\PUBLICO in the NT I receive a BOX to type USER and
> PASSWD
> 
> Joe log.cleo
> 
> [2003/03/25 04:38:27, 0]
> smbd/password.c:connect_to_domain_password_server(1307)
>   connect_to_domain_password_server: machine CLEO rejected the tconX on the
> IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:38:27, 0]
> smbd/password.c:domain_client_validate(1554)
>   domain_client_validate: Domain password server not available. [2003/03/25
This looks like an issue with your PDC, not with Samba.

Your PDC is has 'restrict anonymous = 2' set.  The two options are to
set a username for Samba to use (wbinfo -Auser%pass), or to disable it. 

However, setting this only really works for Samba 3.0 - for 2.2 you
really can't run with this set. 

If you already have a username/pw set (by wbinfo -A), then I would
suspect that you have SMB signing required, on a 'fixed' DC (MS did not
used to enforce this).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20030328/cb75723f/attachment.bin