Hello,
I try to implement a samba server (2.2.7a) with the authentifiactions via
winbind to a PDC W2000.
When I test winbind, it works:
[root@pxtest samba]# wbinfo -t
Secret is good
[root@pxtest samba]# wbinfo -a tli%password
plaintext password authentication succeeded
[root@pxtest samba]#
I enable the winbind on the /etc/nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
If I try to do a su to my user which is not declared in my /etc/passwd, it works
fine:
[root@pxtest samba]# su - tli
[tli@pxtest tli]$
[tli@pxtest tli]$
[tli@pxtest tli]$ id
uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain Users),10062(PRJ -
Gestion de projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ -
Sharepoint),10053(testgrp)
[tli@pxtest tli]$
Also, I assume that the winbind levell is OK.
But, If I try to open a share with smbclient, I can't:
[root@pxtest root]# smbclient -L pxtest
added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
Password:
Anonymous login successful
Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix]
Sharename Type Comment
--------- ---- -------
test Disk Share de test pour les ACL's
IPC$ IPC IPC Service (Samba Server
2.2.7a-security-rollup-fix + ACL's support)
ADMIN$ Disk IPC Service (Samba Server
2.2.7a-security-rollup-fix + ACL's support)
Server Comment
--------- -------
PXTEST Samba Server 2.2.7a-security-rollup-fix + ACL's
UDNEJ102
Workgroup Master
--------- -------
UDITIS UDNEJ102
[root@pxtest root]# smbclient //pxtest/tli -U tli
added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
[root@pxtest root]#
Here is my smb.conf configuration file:
[root@pxtest samba]# cat smb.conf
# Samba config file created using SWAT
# from udpexp07.uditis.ch (172.30.1.131)
# Date: 2003/11/21 10:22:37
# Global parameters
[global]
workgroup = UDITIS
netbios name = PXTEST
server string = Samba Server %v + ACL's support
security = DOMAIN
encrypt passwords = No
obey pam restrictions = Yes
password server = udnej102.uditis.ch
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log level = 2
log file = /var/log/samba/samba.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
domain master = No
dns proxy = No
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/test/%U
template shell = /bin/bash
winbind cache time = 0
winbind use default domain = Yes
guest account = Guest
printing = cups
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[test]
comment = Share de test pour les ACL's
path = /home/test
[root@pxtest samba]#
Thanks by advance to help me on this trouble, because I found nothing serious on
the logs and I passed through alla my ideas ...
Many thanks
Thierry
----------------------------------------------------------------------
Thierry Linder T?l. central +41 (0)32 557 55 00
Mandataire Commercial Mobile +41 (0)79 473 92 35
Key Account Manager Fax +41 (0)32 557 55 05
Rue de la Gare 4
CH 2034 Peseux (NE)
mailto:thierry.linder@uditis.ch
http://www.uditis.ch
LINDER Thierry wrote:>Hello, > >I try to implement a samba server (2.2.7a) with the authentifiactions via winbind to a PDC W2000. >When I test winbind, it works: > >[root@pxtest samba]# wbinfo -t >Secret is good >[root@pxtest samba]# wbinfo -a tli%password >plaintext password authentication succeeded >[root@pxtest samba]# > >I enable the winbind on the /etc/nsswitch.conf: > >passwd: files winbind >shadow: files >group: files winbind > >If I try to do a su to my user which is not declared in my /etc/passwd, it works fine: > >[root@pxtest samba]# su - tli >[tli@pxtest tli]$ >[tli@pxtest tli]$ >[tli@pxtest tli]$ id >uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain Users),10062(PRJ - Gestion de projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ - Sharepoint),10053(testgrp) >[tli@pxtest tli]$ > >Also, I assume that the winbind levell is OK. >But, If I try to open a share with smbclient, I can't: > >[root@pxtest root]# smbclient -L pxtest >added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 >Password: >Anonymous login successful >Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] > > Sharename Type Comment > --------- ---- ------- > test Disk Share de test pour les ACL's > IPC$ IPC IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) > ADMIN$ Disk IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) > > Server Comment > --------- ------- > PXTEST Samba Server 2.2.7a-security-rollup-fix + ACL's > UDNEJ102 > > Workgroup Master > --------- ------- > UDITIS UDNEJ102 >[root@pxtest root]# smbclient //pxtest/tli -U tli >added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 >Password: >session setup failed: NT_STATUS_LOGON_FAILURE >[root@pxtest root]# > >Here is my smb.conf configuration file: > >[root@pxtest samba]# cat smb.conf ># Samba config file created using SWAT ># from udpexp07.uditis.ch (172.30.1.131) ># Date: 2003/11/21 10:22:37 > ># Global parameters >[global] > workgroup = UDITIS > netbios name = PXTEST > server string = Samba Server %v + ACL's support > security = DOMAIN > encrypt passwords = No > obey pam restrictions = Yes > password server = udnej102.uditis.ch > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* > unix password sync = Yes > log level = 2 > log file = /var/log/samba/samba.log > max log size = 0 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > preferred master = No > local master = No > domain master = No > dns proxy = No > winbind uid = 10000-20000 > winbind gid = 10000-20000 > template homedir = /home/test/%U > template shell = /bin/bash > winbind cache time = 0 > winbind use default domain = Yes > guest account = Guest > printing = cups > >[homes] > comment = Home Directories > valid users = %S > read only = No > create mask = 0664 > directory mask = 0775 > browseable = No > >[printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > >[test] > comment = Share de test pour les ACL's > path = /home/test >[root@pxtest samba]# > >Thanks by advance to help me on this trouble, because I found nothing serious on the logs and I passed through alla my ideas ... > >Many thanks > >Thierry >---------------------------------------------------------------------- > >Thierry Linder T?l. central +41 (0)32 557 55 00 >Mandataire Commercial Mobile +41 (0)79 473 92 35 >Key Account Manager Fax +41 (0)32 557 55 05 >Rue de la Gare 4 >CH 2034 Peseux (NE) >mailto:thierry.linder@uditis.ch >http://www.uditis.ch > > >Hi, excuse my noob answer but did you alter your /etc/pam.d/* files ? there's some work to do in those. By the way, i'm in pretty much in the same situation, except for one thing : the output for my smbclient is : added interface ip=128.0.107.2 bcast=128.0.107.255 nmask=255.255.255.0 Password: Domain=[FIRM] OS=[Unix] Server=[Samba 2.2.8a] tree connect failed: NT_STATUS_WRONG_PASSWORD although the password is correct...
Hello Roger, Thanks for your note. I agree with you, I've changed the settings of the smb.conf: from: encrypt passwords = No to: encrypt passwords = Yes Now, I've still a trouble, but the error message has changed: Before: session setup failed: NT_STATUS_LOGON_FAILURE after: tree connect failed: NT_STATUS_WRONG_PASSWORD Any ideas ? Thierry ---------------------------------------------------------------------- Thierry Linder T?l. central +41 (0)32 557 55 00 Mandataire Commercial Mobile +41 (0)79 473 92 35 Key Account Manager Fax +41 (0)32 557 55 05 Rue de la Gare 4 CH 2034 Peseux (NE) mailto:thierry.linder@uditis.ch http://www.uditis.ch -----Original Message----- From: Grosswiler Roger [mailto:roger@gwch.net] Sent: vendredi, 21. novembre 2003 11:12 To: leopardb Cc: samba@lists.samba.org Subject: Re: [Samba] Re: Samba with winbind trouble or use 'encrypt password = yes' as i read, the pam.d-things are just needed if you don't submit your passwords encrypted. btw. all later windows-clients (from nt4 on) just support encrypted password=yes. all other should somehow fail in wrong password.. cheers, Roger> LINDER Thierry wrote: > >>Hello, >> >>I try to implement a samba server (2.2.7a) with the authentifiactions >>via winbind to a PDC W2000. When I test winbind, it works: >> >>[root@pxtest samba]# wbinfo -t >>Secret is good >>[root@pxtest samba]# wbinfo -a tli%password >>plaintext password authentication succeeded >>[root@pxtest samba]# >> >>I enable the winbind on the /etc/nsswitch.conf: >> >>passwd: files winbind >>shadow: files >>group: files winbind >> >>If I try to do a su to my user which is not declared in my >>/etc/passwd, it works fine: >> >>[root@pxtest samba]# su - tli >>[tli@pxtest tli]$ >>[tli@pxtest tli]$ >>[tli@pxtest tli]$ id >>uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain >>Users),10062(PRJ - Gestion de >>projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ - >> Sharepoint),10053(testgrp) >>[tli@pxtest tli]$ >> >>Also, I assume that the winbind levell is OK. >>But, If I try to open a share with smbclient, I can't: >> >>[root@pxtest root]# smbclient -L pxtest >>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 >>Password: >>Anonymous login successful >>Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] >> >> Sharename Type Comment >> --------- ---- ------- >> test Disk Share de test pour les ACL's >> IPC$ IPC IPC Service (Samba Server >> 2.2.7a-security-rollup-fix + ACL's support) >> ADMIN$ Disk IPC Service (Samba Server >> 2.2.7a-security-rollup-fix + ACL's support) >> >> Server Comment >> --------- ------- >> PXTEST Samba Server 2.2.7a-security-rollup-fix + >> ACL's >> UDNEJ102 >> >> Workgroup Master >> --------- ------- >> UDITIS UDNEJ102 >>[root@pxtest root]# smbclient //pxtest/tli -U tli >>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 >>Password: >>session setup failed: NT_STATUS_LOGON_FAILURE >>[root@pxtest root]# >> >>Here is my smb.conf configuration file: >> >>[root@pxtest samba]# cat smb.conf >># Samba config file created using SWAT >># from udpexp07.uditis.ch (172.30.1.131) >># Date: 2003/11/21 10:22:37 >> >># Global parameters >>[global] >> workgroup = UDITIS >> netbios name = PXTEST >> server string = Samba Server %v + ACL's support >> security = DOMAIN >> encrypt passwords = No >> obey pam restrictions = Yes >> password server = udnej102.uditis.ch >> pam password change = Yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *New*password* %n\n *Retype*new*password* %n\n >> *passwd:*all*authentication*tokens*updated*successfully* >> unix password sync = Yes >> log level = 2 >> log file = /var/log/samba/samba.log >> max log size = 0 >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> preferred master = No >> local master = No >> domain master = No >> dns proxy = No >> winbind uid = 10000-20000 >> winbind gid = 10000-20000 >> template homedir = /home/test/%U >> template shell = /bin/bash >> winbind cache time = 0 >> winbind use default domain = Yes >> guest account = Guest >> printing = cups >> >>[homes] >> comment = Home Directories >> valid users = %S >> read only = No >> create mask = 0664 >> directory mask = 0775 >> browseable = No >> >>[printers] >> comment = All Printers >> path = /var/spool/samba >> printable = Yes >> browseable = No >> >>[test] >> comment = Share de test pour les ACL's >> path = /home/test >>[root@pxtest samba]# >> >>Thanks by advance to help me on this trouble, because I found nothing >>serious on the logs and I passed through alla my ideas ... >> >>Many thanks >> >>Thierry >>---------------------------------------------------------------------- >> >>Thierry Linder T?l. central +41 (0)32 557 55 00 >>Mandataire Commercial Mobile +41 (0)79 473 92 35 >>Key Account Manager Fax +41 (0)32 557 55 05 >>Rue de la Gare 4 >>CH 2034 Peseux (NE) >>mailto:thierry.linder@uditis.ch >>http://www.uditis.ch >> >> >> > Hi, > excuse my noob answer but did you alter your /etc/pam.d/* files ? > there's some work to do in those. By the way, i'm in pretty much in > the same situation, except for one thing : the output for my smbclient > is : > > added interface ip=128.0.107.2 bcast=128.0.107.255 nmask=255.255.255.0 > Password: > Domain=[FIRM] OS=[Unix] Server=[Samba 2.2.8a] > tree connect failed: NT_STATUS_WRONG_PASSWORD > > although the password is correct... > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
On Fri, 21 Nov 2003, LINDER Thierry wrote: Do you have an account in /etc/passwd called 'nobody'? - John T.> Hello, > > I try to implement a samba server (2.2.7a) with the authentifiactions via winbind to a PDC W2000. > When I test winbind, it works: > > [root@pxtest samba]# wbinfo -t > Secret is good > [root@pxtest samba]# wbinfo -a tli%password > plaintext password authentication succeeded > [root@pxtest samba]# > > I enable the winbind on the /etc/nsswitch.conf: > > passwd: files winbind > shadow: files > group: files winbind > > If I try to do a su to my user which is not declared in my /etc/passwd, it works fine: > > [root@pxtest samba]# su - tli > [tli@pxtest tli]$ > [tli@pxtest tli]$ > [tli@pxtest tli]$ id > uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain Users),10062(PRJ - Gestion de projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ - Sharepoint),10053(testgrp) > [tli@pxtest tli]$ > > Also, I assume that the winbind levell is OK. > But, If I try to open a share with smbclient, I can't: > > [root@pxtest root]# smbclient -L pxtest > added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 > Password: > Anonymous login successful > Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] > > Sharename Type Comment > --------- ---- ------- > test Disk Share de test pour les ACL's > IPC$ IPC IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) > ADMIN$ Disk IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) > > Server Comment > --------- ------- > PXTEST Samba Server 2.2.7a-security-rollup-fix + ACL's > UDNEJ102 > > Workgroup Master > --------- ------- > UDITIS UDNEJ102 > [root@pxtest root]# smbclient //pxtest/tli -U tli > added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 > Password: > session setup failed: NT_STATUS_LOGON_FAILURE > [root@pxtest root]# > > Here is my smb.conf configuration file: > > [root@pxtest samba]# cat smb.conf > # Samba config file created using SWAT > # from udpexp07.uditis.ch (172.30.1.131) > # Date: 2003/11/21 10:22:37 > > # Global parameters > [global] > workgroup = UDITIS > netbios name = PXTEST > server string = Samba Server %v + ACL's support > security = DOMAIN > encrypt passwords = No > obey pam restrictions = Yes > password server = udnej102.uditis.ch > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* > unix password sync = Yes > log level = 2 > log file = /var/log/samba/samba.log > max log size = 0 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > preferred master = No > local master = No > domain master = No > dns proxy = No > winbind uid = 10000-20000 > winbind gid = 10000-20000 > template homedir = /home/test/%U > template shell = /bin/bash > winbind cache time = 0 > winbind use default domain = Yes > guest account = Guest > printing = cups > > [homes] > comment = Home Directories > valid users = %S > read only = No > create mask = 0664 > directory mask = 0775 > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [test] > comment = Share de test pour les ACL's > path = /home/test > [root@pxtest samba]# > > Thanks by advance to help me on this trouble, because I found nothing serious on the logs and I passed through alla my ideas ... > > Many thanks > > Thierry > ---------------------------------------------------------------------- > > Thierry Linder T?l. central +41 (0)32 557 55 00 > Mandataire Commercial Mobile +41 (0)79 473 92 35 > Key Account Manager Fax +41 (0)32 557 55 05 > Rue de la Gare 4 > CH 2034 Peseux (NE) > mailto:thierry.linder@uditis.ch > http://www.uditis.ch > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- John H Terpstra Email: jht@samba.org
Try smbclient //pxtest/tli -o username=yourdomain\tli or if you have a separator in your smb.conf winbind: smbclient //pxtest/tli -o username=YOURDOMAIN+tli where the + sign is the separator defined in your smb.conf winbind section hth John [root@pxtest root]# smbclient //pxtest/tli -U tli>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 >Password: >session setup failed: NT_STATUS_LOGON_FAILURE >[root@pxtest root]#====Happiness is understanding how things work. __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/