After reading through the doc for setting up 3.0beta with ADS, I have gotten it to work along the lines of the the doc said. I can use wbinfo -g or -u top get the users and groups, I can use the net user or net group command to do it as well. I can login with the kinit program, perfectly well as well. Unfortunately, I cannot seem to connect to the linux machine from a Windows machine. I keep getting a "The username could not be found" error and in the smb.log for that machine I get: [2003/06/19 08:57:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(221) Username bnorris is invalid on this system So it is like it isn't using AD for the usernames. Does anyone have an idea what setting I might have missed in the setup? Brent Norris Assistant DTC, Edmonson County Schools Cell: 270.246.0152
Sounds like you set up winbind..did you do pam? -----Original Message----- From: Norris, Brent [mailto:bnorris@Edmonson.k12.ky.us] Sent: Thursday, June 19, 2003 9:58 AM To: 'samba@lists.samba.org' Subject: [Samba] Setting up 3.0 to authenticate to AD After reading through the doc for setting up 3.0beta with ADS, I have gotten it to work along the lines of the the doc said. I can use wbinfo -g or -u top get the users and groups, I can use the net user or net group command to do it as well. I can login with the kinit program, perfectly well as well. Unfortunately, I cannot seem to connect to the linux machine from a Windows machine. I keep getting a "The username could not be found" error and in the smb.log for that machine I get: [2003/06/19 08:57:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(221) Username bnorris is invalid on this system So it is like it isn't using AD for the usernames. Does anyone have an idea what setting I might have missed in the setup? Brent Norris Assistant DTC, Edmonson County Schools Cell: 270.246.0152 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Ok I changed my samba entries in pam.d and now I get a login box, but I still cannot login. Here is what the log file for my machine shows now: [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:34:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(221) Username bnorris is invalid on this system Anyone got any ideas?> Well, I have the same exact problem as you. I have > everything setup right so that wbinfo pulls all information > fine. I can Kerberos too. But, can't login from the network. > I thought it was PAM, but no for me either. I've posted > about this a couple of times, to no avail. Hope someone > answers yours! > > -----Original Message----- > From: Norris, Brent [mailto:bnorris@Edmonson.k12.ky.us] > Sent: Thursday, June 19, 2003 10:14 AM > To: Chip Bell > Subject: RE: [Samba] Setting up 3.0 to authenticate to AD > > > Sounds like you set up winbind..did you do pam? > > I was under the impression from the documentation that pam > only needed to be changed if you wanted to be able to use the > accounts to login as far as telnet, ssh, ftp type stuff. It > states that winbindd and samba should be working together and > that they /etc/pam.d/samba didn't need changing. Though mine > looks like this: > > auth required pam_nologin.so > auth required pam_stack.so service=system-auth > account required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > > While the doc's only has the two lines: > > auth required /lib/security/pam_stack.so service=system-auth > account required /lib/security/pam_stack.so service=system-auth > > I wasn't attempting to change it though since that is what > the samba rpm put in there. Perhaps I should change it to > look like the one in the docs?? > > Brent > > <------ output from testparm -----> > > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[printers]" > Processing section "[public]" > Loaded services file OK. > 'winbind separator = +' might cause problems with group > membership. Server role: ROLE_DOMAIN_MEMBER Press enter to > see a dump of your service definitions > > # Global parameters > [global] > workgroup = STU > realm = STU.EDMONSON.K12.KY.US > server string = Linux File Server > security = ADS > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = No > wins server = 10.76.16.50 > winbind separator = + > winbind use default domain = Yes > > [homes] > comment = Home Directories > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [public] > comment = Public Stuff > path = /home/samba > write list = bnorris > guest ok = Yes >
While trying to work on my problem with logging in to my 2000 AD, I decided to try and do it will my account from the NT4.0 domain that I run which has a trust to the AD. That crashed SAMBA, here is the log file: [2003/06/19 12:36:26, 0] lib/fault.c:fault_report(36) ==============================================================[2003/06/19 12:36:26, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 7188 (3.0.0beta1) Please read the appendix Bugs of the Samba HOWTO collection [2003/06/19 12:36:26, 0] lib/fault.c:fault_report(39) ==============================================================[2003/06/19 12:36:26, 0] lib/util.c:smb_panic(1462) PANIC: internal error [2003/06/19 12:36:26, 0] lib/util.c:smb_panic(1469) BACKTRACE: 9 stack frames: #0 smbd(smb_panic+0x11c) [0x81b280c] #1 smbd [0x81a1432] #2 /lib/i686/libc.so.6 [0x4016a5d8] #3 smbd(tdb_close+0xe7) [0x81c3ec7] #4 smbd(gencache_shutdown+0x65) [0x81bfa15] #5 smbd(namecache_shutdown+0xb) [0x80f192b] #6 smbd(main+0x4d7) [0x821af17] #7 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x40157a07] #8 smbd(chroot+0x35) [0x8073381] Thought someone might want that.
Did you get any futher? I'm still stuck and have NO IDEA where to go next. -----Original Message----- From: Norris, Brent [mailto:bnorris@Edmonson.k12.ky.us] Sent: Thursday, June 19, 2003 1:37 PM To: 'samba@lists.samba.org' Subject: RE: [Samba] Setting up 3.0 to authenticate to AD While trying to work on my problem with logging in to my 2000 AD, I decided to try and do it will my account from the NT4.0 domain that I run which has a trust to the AD. That crashed SAMBA, here is the log file: [2003/06/19 12:36:26, 0] lib/fault.c:fault_report(36) ==============================================================[2003/06/19 12:36:26, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 7188 (3.0.0beta1) Please read the appendix Bugs of the Samba HOWTO collection [2003/06/19 12:36:26, 0] lib/fault.c:fault_report(39) ==============================================================[2003/06/19 12:36:26, 0] lib/util.c:smb_panic(1462) PANIC: internal error [2003/06/19 12:36:26, 0] lib/util.c:smb_panic(1469) BACKTRACE: 9 stack frames: #0 smbd(smb_panic+0x11c) [0x81b280c] #1 smbd [0x81a1432] #2 /lib/i686/libc.so.6 [0x4016a5d8] #3 smbd(tdb_close+0xe7) [0x81c3ec7] #4 smbd(gencache_shutdown+0x65) [0x81bfa15] #5 smbd(namecache_shutdown+0xb) [0x80f192b] #6 smbd(main+0x4d7) [0x821af17] #7 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x40157a07] #8 smbd(chroot+0x35) [0x8073381] Thought someone might want that. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
For everyone...here's where we're stuck. Samba 3, winbind, pam. We can't login to the samba server using ad credentials, but wbinfo works with all options. All of us are getting slightly different errors, but we're all stuck in the same place.. -----Original Message----- From: Ernie Cline [mailto:ecline@lightspeedresearch.com] Sent: Friday, June 20, 2003 10:06 AM To: Chip Bell Cc: Norris, Brent; samba@lists.samba.org Subject: Re: [Samba] Setting up 3.0 to authenticate to AD I know I haven't, and I've been working with a samba developer in private email too. I can get just plain 'su' to work with an AD user, and webinfo -u, getent passwd, those all work. But trying to login, via telnet, ssh, ftp, whatever, none of that works. My samba doesn't crash like that though ... -e Chip Bell wrote:> Did you get any futher? I'm still stuck and have NO IDEA where to go > next. > > -----Original Message----- > From: Norris, Brent [mailto:bnorris@Edmonson.k12.ky.us] > Sent: Thursday, June 19, 2003 1:37 PM > To: 'samba@lists.samba.org' > Subject: RE: [Samba] Setting up 3.0 to authenticate to AD > > While trying to work on my problem with logging in to my 2000 AD, I > decided > to try and do it will my account from the NT4.0 domain that I runwhich> has > a trust to the AD. That crashed SAMBA, here is the log file: > > [2003/06/19 12:36:26, 0] lib/fault.c:fault_report(36) > ==============================================================> [2003/06/19 12:36:26, 0] lib/fault.c:fault_report(37) > INTERNAL ERROR: Signal 11 in pid 7188 (3.0.0beta1) > Please read the appendix Bugs of the Samba HOWTO collection > [2003/06/19 12:36:26, 0] lib/fault.c:fault_report(39) > ==============================================================> [2003/06/19 12:36:26, 0] lib/util.c:smb_panic(1462) > PANIC: internal error > [2003/06/19 12:36:26, 0] lib/util.c:smb_panic(1469) > BACKTRACE: 9 stack frames: > #0 smbd(smb_panic+0x11c) [0x81b280c] > #1 smbd [0x81a1432] > #2 /lib/i686/libc.so.6 [0x4016a5d8] > #3 smbd(tdb_close+0xe7) [0x81c3ec7] > #4 smbd(gencache_shutdown+0x65) [0x81bfa15] > #5 smbd(namecache_shutdown+0xb) [0x80f192b] > #6 smbd(main+0x4d7) [0x821af17] > #7 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x40157a07] > #8 smbd(chroot+0x35) [0x8073381] > > Thought someone might want that.