fabelli@strategie-info.com
2006-Feb-24 15:14 UTC
[Samba] Winbindd_privileged permissions pb on RHEL 4 AS
Hi,
I've got an unbelievable problem : I'm trying to setup samba on RHEL 4
AS
PPC(iSeries) to work with a Win2K domain controler.
I use the same smb.conf file (and the same configuration procedure) on a
Fedora 3 box too. I have no problem with the Fedora server, but on the
RHEL 4 server, Windows clients are unable to browse the server and I've
this strange error appearing in the log.winbindd file :
[2006/02/23 18:16:35, 2]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429)
winbindd_pam_auth_crap: non-privileged access denied. !
winbindd_pam_auth_crap: Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly.
[2006/02/23 18:16:35, 2]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642)
NTLM CRAP authentication for user [(null)]\[(null)] returned
NT_STATUS_ACCESS_DENIED (PAM: 4)
The winbindd_privileged permissions are :
drwxr-x--- 2 root root
My smb.conf file is :
[global]
printing = cups
disable spoolss = Yes
show add printer wizard = No
dns proxy = no
security = DOMAIN
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind use default domain = Yes
use sendfile = Yes
workgroup = STRATEGIE
netbios name = Svrlinux1
server string = Serveur Linux1
os level = 64
preferred master = yes
local master = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
log level = 2
log file = /var/log/samba/log.%m
load printers = no
printcap name = lpstat
max log size = 50
I've followed these configuration steps without any problem :
- Add the machine to the domain with net net rpc join -UmyUser%myPasswd
- Run wbinfo -t
- Run wbinfo -u et wbinfo -g to retrieve user and groups from the domain
controler
- Checked that winbind is working with getent passwd anWindowsUser
- Tried to authenticate a user with wbinfo -a
myWindowsUser%myWindowsPassword
The latter command returns :
plaintext password authentication succeeded
challenge/response password authentication succeeded
A google search about the winbind's error give me answers relating to
squid, but I do not have it installed on my server.
I've also tried to change the directory's permissions to 777 but then
winbind crashes and complains with :
lib/util_sock.c:create_pipe_sock(1056)
invalid permissions on socket directory
/var/cache/samba/winbindd_privileged
My samba version is : 3.0.10-1.4E.2
Any clue would be appreciated.
Regards.
Fabrice ABELLI
fabrice.abelli@wanadoo.fr
Gerald (Jerry) Carter
2006-Feb-24 16:16 UTC
[Samba] Winbindd_privileged permissions pb on RHEL 4 AS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fabelli@strategie-info.com wrote:> [2006/02/23 18:16:35, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) > winbindd_pam_auth_crap: non-privileged access denied. ! > winbindd_pam_auth_crap: Ensure permissions on > /var/cache/samba/winbindd_privileged are set correctly. > [2006/02/23 18:16:35, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) > NTLM CRAP authentication for user [(null)]\[(null)] returned > NT_STATUS_ACCESS_DENIED (PAM: 4)I'd check for any existing SELinux policies in effect first. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD/zE3IR7qMdg1EfYRAjCMAJ9JPpFqwF0wawz5jDmqKlC/mYgpnACglc0j Gu6/X3lxgKALu0poOvQtP/U=LLYQ -----END PGP SIGNATURE-----