samba - May 2003 - Winbind + ADS small issues

Ok guys after reading a ton of documentation etc I have finally got my Linux
machine to work in a ADS enviroment. I can actually go on a windows machine
type in \\linuxboxname and access shares on my Linux box.

First of all I joined the ADS correctly. wbinfo -u and -g show proper values
and everything works except my Linux computer does not show up in Network
Neighborhood on windows machines. Looking through ADS it does show as a
registered on the domain.

So I have no clue what is causing this. Here is my smb.conf file:

[global]
        realm = CORP.DELINEA.COM
        remote announce = 10.2.41.101
        netbios name = DEMARC
#       workgroup = CORP
        ADS server = 10.2.20.4
        server string = Linux File Server
        security = ADS
        preferred master = No
        local master = No
        domain master = No
        wins server = 10.2.20.4
#       ldap ssl = no
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind cache time = 10
        winbind use default domain = No
        encrypt passwords = yes
        password server = 10.2.20.4
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
[opt]
        guest ok = no
        read only = no
        nt acl Supprt = yes
        path = /opt
        admin users = CORP+sjordan
[homes]
        comment = Home Directories
        read only = no
        guest ok = no
        nt acl Supprt = yes
        admin users = CORP+sjordan


One thing you will notice is that i commented out the workgroup line. If I
enable this I get a prompt for a username and password that does not go
through.
In the log files I get this for log.smbd
[2003/05/08 15:21:05, 0]
auth/auth_domain.c:connect_to_domain_password_server(215)
  connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine CORPSVCS. Error was : NT_STATUS_ACCESS_DENIED.
[2003/05/08 15:21:05, 0] auth/auth_domain.c:domain_client_validate(327)
  domain_client_validate: Domain password server not available.

[2003/05/08 15:21:04, 0] nsswitch/winbindd_cm.c:cm_get_netlogon_cli(885)
  error connecting to domain password server: NT_STATUS_ACCESS_DENIED

With that option turned off it works fine other than not showing up in
Network Neighborhood. Is this option required if your on a ADS Domain? BTW
CORPSVCS is 10.2.20.4


Thanks in advance!

Shane

Follow up:
Forgot to mention that when I do enable WORKGROUP = CORP the computer does
show up in network neighborhood...

-----Original Message-----
From: Jordan, Shane 
Sent: Thursday, May 08, 2003 3:25 PM
To: 'samba@lists.samba.org'
Subject: [Samba] Winbind + ADS small issues


Ok guys after reading a ton of documentation etc I have finally got my Linux
machine to work in a ADS enviroment. I can actually go on a windows machine
type in \\linuxboxname and access shares on my Linux box.

First of all I joined the ADS correctly. wbinfo -u and -g show proper values
and everything works except my Linux computer does not show up in Network
Neighborhood on windows machines. Looking through ADS it does show as a
registered on the domain.

So I have no clue what is causing this. Here is my smb.conf file:

[global]
        realm = CORP.DELINEA.COM
        remote announce = 10.2.41.101
        netbios name = DEMARC
#       workgroup = CORP
        ADS server = 10.2.20.4
        server string = Linux File Server
        security = ADS
        preferred master = No
        local master = No
        domain master = No
        wins server = 10.2.20.4
#       ldap ssl = no
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind cache time = 10
        winbind use default domain = No
        encrypt passwords = yes
        password server = 10.2.20.4
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
[opt]
        guest ok = no
        read only = no
        nt acl Supprt = yes
        path = /opt
        admin users = CORP+sjordan
[homes]
        comment = Home Directories
        read only = no
        guest ok = no
        nt acl Supprt = yes
        admin users = CORP+sjordan


One thing you will notice is that i commented out the workgroup line. If I
enable this I get a prompt for a username and password that does not go
through.
In the log files I get this for log.smbd
[2003/05/08 15:21:05, 0]
auth/auth_domain.c:connect_to_domain_password_server(215)
  connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine CORPSVCS. Error was : NT_STATUS_ACCESS_DENIED.
[2003/05/08 15:21:05, 0] auth/auth_domain.c:domain_client_validate(327)
  domain_client_validate: Domain password server not available.

[2003/05/08 15:21:04, 0] nsswitch/winbindd_cm.c:cm_get_netlogon_cli(885)
  error connecting to domain password server: NT_STATUS_ACCESS_DENIED

With that option turned off it works fine other than not showing up in
Network Neighborhood. Is this option required if your on a ADS Domain? BTW
CORPSVCS is 10.2.20.4


Thanks in advance!

Shane
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hrmm nobody followed up on this.

Does anyone know if WORKGROUP is required? How do I tell Samba to only use
the trusted domain corp? 

I have everything partly working. I can actually ftp/ssh or login using
CORP+username but the machine still dosen't want to show up in network
neighborhood....please help!! I did a quick look and noticed that the Linux
machine now shows up in a new WORKGROUP called Workgroup. But like i said if
I specify WORKGROUP=CORP then everything breaks.


-----Original Message-----
From: Jordan, Shane 
Sent: Thursday, May 08, 2003 3:29 PM
To: 'samba@lists.samba.org'
Subject: RE: [Samba] Winbind + ADS small issues


Follow up:
Forgot to mention that when I do enable WORKGROUP = CORP the computer does
show up in network neighborhood...

-----Original Message-----
From: Jordan, Shane 
Sent: Thursday, May 08, 2003 3:25 PM
To: 'samba@lists.samba.org'
Subject: [Samba] Winbind + ADS small issues


Ok guys after reading a ton of documentation etc I have finally got my Linux
machine to work in a ADS enviroment. I can actually go on a windows machine
type in \\linuxboxname and access shares on my Linux box.

First of all I joined the ADS correctly. wbinfo -u and -g show proper values
and everything works except my Linux computer does not show up in Network
Neighborhood on windows machines. Looking through ADS it does show as a
registered on the domain.

So I have no clue what is causing this. Here is my smb.conf file:

[global]
        realm = CORP.DELINEA.COM
        remote announce = 10.2.41.101
        netbios name = DEMARC
#       workgroup = CORP
        ADS server = 10.2.20.4
        server string = Linux File Server
        security = ADS
        preferred master = No
        local master = No
        domain master = No
        wins server = 10.2.20.4
#       ldap ssl = no
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind cache time = 10
        winbind use default domain = No
        encrypt passwords = yes
        password server = 10.2.20.4
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
[opt]
        guest ok = no
        read only = no
        nt acl Supprt = yes
        path = /opt
        admin users = CORP+sjordan
[homes]
        comment = Home Directories
        read only = no
        guest ok = no
        nt acl Supprt = yes
        admin users = CORP+sjordan


One thing you will notice is that i commented out the workgroup line. If I
enable this I get a prompt for a username and password that does not go
through.
In the log files I get this for log.smbd
[2003/05/08 15:21:05, 0]
auth/auth_domain.c:connect_to_domain_password_server(215)
  connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine CORPSVCS. Error was : NT_STATUS_ACCESS_DENIED.
[2003/05/08 15:21:05, 0] auth/auth_domain.c:domain_client_validate(327)
  domain_client_validate: Domain password server not available.

[2003/05/08 15:21:04, 0] nsswitch/winbindd_cm.c:cm_get_netlogon_cli(885)
  error connecting to domain password server: NT_STATUS_ACCESS_DENIED

With that option turned off it works fine other than not showing up in
Network Neighborhood. Is this option required if your on a ADS Domain? BTW
CORPSVCS is 10.2.20.4


Thanks in advance!

Shane
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba