I'm having a *terrible* time trying to get Samba 3 to communicate with my Windows 2003 Active Directory Server (the primary and only domain on my network). Basically this is what I'm trying to do: create a Linux File Server to replace my old WinNT 4 File Server. I would like it to show up under all my XP clients on network neighborhood just like the old server, with each account on my network having a folder on the file server that they can work with i.e. John Doe (jdoe account name on the Windows 2003 domain) has a folder on "Hobbes" (the Linux File Server running Samba 3) named "jdoe" that only he and anyone in the Administrators group can access. This is how I had it setup with the old WinNT 4 file server. Obviously I'm not looking for anything fancy, just some decent security by using the same users/groups between the file server and the domain server, and some folder shares for each account. I've done some research on the web, read the Samba HOWTO, the Unofficial HOWTO, and a paper on this website: http://www.wlug.org.nz/ActiveDirectorySamba I'm running a Slackware 10 operating system, removed the original Samba 3.0.4 (wasn't compiled with several required options) package and compiled Samba 3.0.5 with the correct options (after installing numerous other libraries such as PAM and OpenLDP). I've primarily been trying to follow the tutorial posed here: http://www.wlug.org.nz/ActiveDirectorySamba. I have run into things that simply don't exist on my system, such as /etc/pam.d/samba, etc. shown as steps in that tutorial. I am able to see the system in my Active Directory on the Win2k3 machine, and I can access shares if I go in manually (shares that I have set up with SWAT) on my WinXP clients using \\Hobbes (presented with login/pass prompt). However, it does not show up as an icon under Network Places, and is shown as a Domain Controller under the Active Directory. Here's a copy of my log.winbindd: Last login: Mon Jul 26 16:07:11 2004 from 10.0.0.3 Linux 2.4.26. root@hobbes:/usr/local/samba/var# more log.winbindd [2004/07/27 09:13:23, 1] nsswitch/winbindd.c:main(843) winbindd version 3.0.5 started. Copyright The Samba Team 2000-2004 [2004/07/27 09:13:23, 0] param/loadparm.c:map_parameter(2420) Unknown parameter encountered: "winbind seperator" [2004/07/27 09:13:23, 0] param/loadparm.c:lp_do_parameter(3110) Ignoring unknown parameter "winbind seperator" [2004/07/27 09:13:23, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain NLES NLES.LOCAL S-0-0 [2004/07/27 09:13:30, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain NLES failed: No such file or directory [2004/07/27 09:13:30, 1] nsswitch/winbindd_util.c:init_domain_list(327) Could not fetch sid for our domain NLES [2004/07/27 09:14:20, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain NLES failed: Transport endpoint is not connected [2004/07/27 10:41:26, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain NLES failed: Transport endpoint is not connected [2004/07/27 11:00:02, 1] nsswitch/winbindd.c:main(843) winbindd version 3.0.5 started. Copyright The Samba Team 2000-2004 [2004/07/27 11:00:02, 0] lib/pidfile.c:pidfile_create(84) ERROR: winbindd is already running. File /usr/local/samba/var/locks/winbindd.p id exists and process id 18315 is running. [2004/07/27 11:01:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain NLES failed: No such file or directory [2004/07/27 11:06:18, 1] nsswitch/winbindd.c:main(843) winbindd version 3.0.5 started. Copyright The Samba Team 2000-2004 [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain NLES NLES.LOCAL S-0-0 [2004/07/27 11:06:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain HOBBES S-1-5-21-1198646081-1480357316-948041017 [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) winbindd_create_user: Refusing to create user that already exists (Administrat or) [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) winbindd_create_user: Refusing to create user that already exists (Administrat or) [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) winbindd_create_user: Refusing to create user that already exists (Administrat or) [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) winbindd_create_user: Refusing to create user that already exists (Administrat or) root@hobbes:/usr/local/samba/var# So basically, does anyone have some steps they went through to get a basic samba 3 file server running on their 2003 ADS network? Also, I'd *really* like to be able to use ACL to control folder permissions from WinXX clients rather than fudging with unix permissions. Does ReiserFS support ACL, or do I need to use another file system? Samba n00b, frusterated but hanging in there...
1) "winbind separator" is spelled wrong in your smb.conf file. 2) Can you post a snip of the server config section of smb.conf (e.g. not the share section)? 3) Did you configure /etc/krb5.conf and run kinit? Does klist give you any values? On Tue, 27 Jul 2004 13:59:55 -0500, Chris Goff <cgoff@nles.k12.wi.us> wrote:> I'm having a *terrible* time trying to get Samba 3 to communicate with my > Windows 2003 Active Directory Server (the primary and only domain on my > network). Basically this is what I'm trying to do: create a Linux File > Server to replace my old WinNT 4 File Server. I would like it to show up > under all my XP clients on network neighborhood just like the old server, > with each account on my network having a folder on the file server that > they can work with i.e. > > John Doe (jdoe account name on the Windows 2003 domain) has a folder on > "Hobbes" (the Linux File Server running Samba 3) named "jdoe" that only he > and anyone in the Administrators group can access. This is how I had it > setup with the old WinNT 4 file server. > > Obviously I'm not looking for anything fancy, just some decent security by > using the same users/groups between the file server and the domain server, > and some folder shares for each account. > > I've done some research on the web, read the Samba HOWTO, the Unofficial > HOWTO, and a paper on this website: > http://www.wlug.org.nz/ActiveDirectorySamba > > I'm running a Slackware 10 operating system, removed the original Samba > 3.0.4 (wasn't compiled with several required options) package and compiled > Samba 3.0.5 with the correct options (after installing numerous other > libraries such as PAM and OpenLDP). > > I've primarily been trying to follow the tutorial posed here: > http://www.wlug.org.nz/ActiveDirectorySamba. I have run into things that > simply don't exist on my system, such as /etc/pam.d/samba, etc. shown as > steps in that tutorial. I am able to see the system in my Active Directory > on the Win2k3 machine, and I can access shares if I go in manually (shares > that I have set up with SWAT) on my WinXP clients using \\Hobbes > (presented with login/pass prompt). However, it does not show up as an > icon under Network Places, and is shown as a Domain Controller under the > Active Directory. > > Here's a copy of my log.winbindd: > > Last login: Mon Jul 26 16:07:11 2004 from 10.0.0.3 > Linux 2.4.26. > root@hobbes:/usr/local/samba/var# more log.winbindd > [2004/07/27 09:13:23, 1] nsswitch/winbindd.c:main(843) > winbindd version 3.0.5 started. > Copyright The Samba Team 2000-2004 > [2004/07/27 09:13:23, 0] param/loadparm.c:map_parameter(2420) > Unknown parameter encountered: "winbind seperator" > [2004/07/27 09:13:23, 0] param/loadparm.c:lp_do_parameter(3110) > Ignoring unknown parameter "winbind seperator" > [2004/07/27 09:13:23, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain NLES NLES.LOCAL S-0-0 > [2004/07/27 09:13:30, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: No such file or directory > [2004/07/27 09:13:30, 1] nsswitch/winbindd_util.c:init_domain_list(327) > Could not fetch sid for our domain NLES > [2004/07/27 09:14:20, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: Transport endpoint is not connected > [2004/07/27 10:41:26, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: Transport endpoint is not connected > [2004/07/27 11:00:02, 1] nsswitch/winbindd.c:main(843) > winbindd version 3.0.5 started. > Copyright The Samba Team 2000-2004 > [2004/07/27 11:00:02, 0] lib/pidfile.c:pidfile_create(84) > ERROR: winbindd is already running. File > /usr/local/samba/var/locks/winbindd.p > id exists and process id 18315 is running. > [2004/07/27 11:01:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: No such file or directory > [2004/07/27 11:06:18, 1] nsswitch/winbindd.c:main(843) > winbindd version 3.0.5 started. > Copyright The Samba Team 2000-2004 > [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain NLES NLES.LOCAL S-0-0 > [2004/07/27 11:06:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) > krb5_cc_get_principal failed (No credentials cache found) > [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain BUILTIN S-1-5-32 > [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain HOBBES S-1-5-21-1198646081-1480357316-948041017 > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > root@hobbes:/usr/local/samba/var# > > So basically, does anyone have some steps they went through to get a basic > samba 3 file server running on their 2003 ADS network? > > Also, I'd *really* like to be able to use ACL to control folder > permissions from WinXX clients rather than fudging with unix permissions. > Does ReiserFS support ACL, or do I need to use another file system? > > Samba n00b, frusterated but hanging in there... > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
On Tue, 2004-07-27 at 14:59, Chris Goff wrote: [snip a buncha]> So basically, does anyone have some steps they went through to get a basic > samba 3 file server running on their 2003 ADS network? > > Also, I'd *really* like to be able to use ACL to control folder > permissions from WinXX clients rather than fudging with unix permissions. > Does ReiserFS support ACL, or do I need to use another file system?Not properly. Use either XFS or ext3 with ACL support compiled into the kernel.> Samba n00b, frusterated but hanging in there...Even me being as good as I am in general, Samba hath shamed me these past 2 weeks. I want you to know that reference really works well. That at least got me in the RIGHT direction. The thing that made everything work for me, was making sure the kerberos setup was absolutely proper, and making sure the shared libraries that winbind uses are the proper versions. I had a three shared libraries not get replaced... screwed up everything. Anyhow, I suggest you take a look back at the samba archive and look for an e-mail by me called: Chasing the "ads_add_machine_acct: Insufficient access" problem Everything in there in the building of samba and kerberos is very crucial. Make and install kerberos v1.3.4 first. Then without setting up kerberos just make and install samba (was 3.0.4) 3.0.5 that way. Things should be very good. It is a good baseline. Now, as far as smb.conf thingers... things in smb.conf and ads and kerberos have to line up exactly , domain names, realm names, etc... Once you do that, you should be golden. -- greg, greg@gregfolkert.net The technology that is Stronger, better, faster: Linux -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040727/f1d25a5d/attachment.bin
Reasonably Related Threads
- Can't login from Windows PC to Samba using ADS?
- winbindd_create_user: Refusing to create user that already exists
- Samba 3.0.2 on HPUX 11i with winbind; Get_Pwnam_internals didn't find user + NT_STATUS_NO_SUCH_USER
- SID-UID mapping issue on Samba 3.0.4 in an AD Domain
- Windbindd restarts and lost uids