Hey everyone,
I'm having some strange responses, and a bit of trouble with getting
access to a member server on my domain. I've got Samba running on
another Linux box as a PDC, and my Win2k clients can login just fine,
and share between one another. The problem comes in with another
Linux workstation that's setup as a member server.
Here's the relevant smb.conf section from the member server:
[global]
workgroup = 102010
server string = Samba Server %v
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
netbios name = miru
security = domain
printcap name = cups
disable spoolss = yes
show add printer wizard = no
printing = cups
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind enable local accounts = no
use sendfile = yes
testparm comes out okay, with the caveat that using '+' as a separator
might cause problems with group membership. I also get success
response from wbinfo -t
What's strange is this:
miru root # wbinfo -u
root
sak
michael
Shouldn't it show the domain+user output?
When I do:
miru root # getent passwd
...
guest:x:405:100:guest:/dev/null:/dev/null
nobody:x:65534:65534:nobody:/:/bin/false
sak:x:1000:100::/home/sak:/bin/bash
ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false
root:x:15007:15001:root:/home/102010/root:/bin/false
sak:x:15006:15001::/home/102010/sak:/bin/false
michael:x:15008:15001::/home/102010/michael:/bin/false
If I understand correctly, this is okay; listing the local users and
then the domain users.
When I do:
miru root # getent passwd sak
sak:x:1000:100::/home/sak:/bin/bash
which is probably correct, but when I do:
miru root # getent passwd 102010+sak
I get no response whatsoever.
All of this results in the shares on the member server showing up on
the domain, but unable to access them. From a Win2k client, logged
into the domain, I can't get it to accept any type of login to access
a share on the member server. When I try to access a share it asks
for a username and password. If I try sak, it doesn't work, if I try
102010+sak it gives me an hourglass for about thirty seconds, and then
gives me "\\Miru\sak is not accessible. The specified username is
invalid."
Anyway, I'm stuck. I don't know what else to try. Anyone have any
thoughts or suggestions?
--
Thanks,
Sak.
-----
i've got this epic problem
this epic problem's not a problem for me
and inside i know i'm broken
but i'm working as far as you can see
and outside it's all production
it's all illusion set scenery
i've got this epic problem
this epic problem's not a problem for me
-fugazi
Gerald (Jerry) Carter
2004-May-13 17:26 UTC
[Samba] winbind problems with linux domain member
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sak wrote: | miru root # wbinfo -u | root | sak | michael | | Shouldn't it show the domain+user output? Not since you have 'winbind use default domain = yes' | When I do: | miru root # getent passwd | ... | guest:x:405:100:guest:/dev/null:/dev/null | nobody:x:65534:65534:nobody:/:/bin/false | sak:x:1000:100::/home/sak:/bin/bash | ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false | root:x:15007:15001:root:/home/102010/root:/bin/false | sak:x:15006:15001::/home/102010/sak:/bin/false | michael:x:15008:15001::/home/102010/michael:/bin/false | | If I understand correctly, this is okay; listing the local users and | then the domain users. | | When I do: | | miru root # getent passwd sak | sak:x:1000:100::/home/sak:/bin/bash | | which is probably correct, but when I do: | | miru root # getent passwd 102010+sak | | I get no response whatsoever. What version is this ? There were some bugs that addressed 'winbind use default domain' issues post 3.0.1 and post 3.0.2a IIRC. See the WHATSNEW for details. cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAo6+bIR7qMdg1EfYRAm48AKCV34NHUy78UTDa2NeWr/WuhqD6XgCgonnb KudnVLvXrNAZSkxqzmpAnZA=EwPj -----END PGP SIGNATURE-----
Hi, not to get you hopes down, but I think this is the same problem that is adressed in: http://lists.samba.org/archive/samba/2004-May/085521.html http://lists.samba.org/archive/samba/2004-May/085808.html Look at: <http://www.linuxquestions.org/questions/showthread.php?s=&threadid=161506>http://www.linuxquestions.org/questions/showthread.php?s=&threadid=161506 that may help. Appart from that, and countless postings about this problem, there is little. That said. I am not sure its is the same problem. I am just one that has got a similar problem (except want a access from a XP client to a samba server in a Win2003 DMC). I think its a kerberos problem so far. YS. Anders Berg At 09:43 13.05.2004 -0700, you wrote:>Hey everyone, > >I'm having some strange responses, and a bit of trouble with getting >access to a member server on my domain. I've got Samba running on >another Linux box as a PDC, and my Win2k clients can login just fine, >and share between one another. The problem comes in with another >Linux workstation that's setup as a member server. > >Here's the relevant smb.conf section from the member server: > >[global] > workgroup = 102010 > server string = Samba Server %v > log file = /var/log/samba3/log.%m > max log size = 50 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > > netbios name = miru > security = domain > printcap name = cups > disable spoolss = yes > show add printer wizard = no > printing = cups > > idmap uid = 15000-20000 > idmap gid = 15000-20000 > winbind separator = + > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind enable local accounts = no > use sendfile = yes > >testparm comes out okay, with the caveat that using '+' as a separator >might cause problems with group membership. I also get success >response from wbinfo -t > >What's strange is this: > >miru root # wbinfo -u >root >sak >michael > >Shouldn't it show the domain+user output? > >When I do: >miru root # getent passwd >... >guest:x:405:100:guest:/dev/null:/dev/null >nobody:x:65534:65534:nobody:/:/bin/false >sak:x:1000:100::/home/sak:/bin/bash >ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false >root:x:15007:15001:root:/home/102010/root:/bin/false >sak:x:15006:15001::/home/102010/sak:/bin/false >michael:x:15008:15001::/home/102010/michael:/bin/false > >If I understand correctly, this is okay; listing the local users and >then the domain users. > >When I do: > >miru root # getent passwd sak >sak:x:1000:100::/home/sak:/bin/bash > >which is probably correct, but when I do: > >miru root # getent passwd 102010+sak > >I get no response whatsoever. > >All of this results in the shares on the member server showing up on >the domain, but unable to access them. From a Win2k client, logged >into the domain, I can't get it to accept any type of login to access >a share on the member server. When I try to access a share it asks >for a username and password. If I try sak, it doesn't work, if I try >102010+sak it gives me an hourglass for about thirty seconds, and then >gives me "\\Miru\sak is not accessible. The specified username is >invalid." > >Anyway, I'm stuck. I don't know what else to try. Anyone have any >thoughts or suggestions? > >-- >Thanks, >Sak. >----- > >i've got this epic problem >this epic problem's not a problem for me >and inside i know i'm broken >but i'm working as far as you can see >and outside it's all production >it's all illusion set scenery >i've got this epic problem >this epic problem's not a problem for me > -fugazi >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba***************************************************************** Denne fotnoten bekrefter at denne e-postmeldingen ble skannet av MailSweeper og funnet fri for virus. ***************************************************************** This footnote confirms that this email message has been swept by MailSweeper for the presence of computer viruses. *****************************************************************
Hi Jerry ! Hi everyone ! I'm currently working on a Mandrake 9.2 with a domain member server 3.0.4 and winbind If I can be of any help, I'll be very to pleased to ! I also am trying to apply the patch you've uploaded earlier. Do you use diff, or something else to apply it ? Sorry for what that may be stupid questions to you ! Thanks for reading. Bertram>From: "Gerald (Jerry) Carter" <jerry@samba.org> >To: Sak <sak@102010.org> >CC: samba@lists.samba.org >Subject: Re: [Samba] winbind problems with linux domain member >Date: Fri, 14 May 2004 08:03:09 -0500 > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Sak wrote: > >| Another bit of output that raises an eyebrow is... >| >| miru root # wbinfo --authenticate=sak%password >| plaintext password authentication failed >| error code was NT_STATUS_NO_SUCH_USER (0xc0000064) >| error messsage was: No such user >| Could not authenticate user sak%password with plaintext password >| challenge/response password authentication succeeded >| >| Anyway, hope this extra bit of output might offer some clues as to >| what might be going wrong. > >Send me the level 10 debug log from winbindd for thie failure.... > >And Try the patch in https://bugzilla.samba.org/show_bug.cgi?id=1315 > > > > > >cheers, jerry >- ---------------------------------------------------------------------- >Hewlett-Packard ------------------------- http://www.hp.com >SAMBA Team ---------------------- http://www.samba.org >GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc >"...a hundred billion castaways looking for a home." ----------- Sting >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iD8DBQFApMONIR7qMdg1EfYRAoc2AJ4wPnym7bP2ANMkXKtwkrxMFZdz2gCgpmqb >gflnWjEiM2+TNYl5pp98hkA>=FfFf >-----END PGP SIGNATURE----- >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba_________________________________________________________________ MSN Actions Solidaires : http://www.msn.fr/actionssolidaires/ la solidarit? ? port?e de click
Hi again Jerry ! Hi everyone ! I've successfully applied the winbind patch on a samba 3.0.4 : Made 'make clean', ./configure --with-fhs --prefix=/usr --sysconfdir=/etc --with-privatedir=/etc/samba --localstatedir=/var --with-netatalk= --with-smbmount --with-pam --with-syslog --with-utmp --with-readline --with-smb_pass --with-libsmbclient --with-winbind --with-msdfs --with-acl-support --with-quotas --enable-cups --with-ads --with-ldap --with-krb5 --with-ldapsam, make, make install, kinit admin net ads join -U admin Joined Domain bla bla successfull, then, /usr/sbin/smbd -D, /usr/sbin/nmbd -D, /usr/sbin/winbindd -s /etc/samba/smb.conf ( smbd -V = Version 3.0.4...) wbinfo -ugmt are working well, but ... getent passwd and getent group don't show me any 200x groups In 3.0.2a, actually, it did, of course ! Did I make any mistakes ? Do you want any futher info ? (BTW : Remove the three previous lines in /etc/krb5.conf) (#default_tgs_enctypes = des-cbc-crc des-cbc-md5) (#default_tkt_enctypes = des-cbc-crc des-cbc-md5) (#permitted_enctypes = des-cbc-crc des-cbc-md5) Thanks for reading ! Bertram _________________________________________________________________ Bloquez les fen?tres pop-up, c'est gratuit ! http://toolbar.msn.fr