samba - Nov 2006 - Samba 3.0.10 / Solaris 8 / Windows 2003

Any help would be very much appreciated.

My Configuration-
Solaris 8 - hostname = vail
Samba 3.0.10 (downloaded from sunfreeware.com)
As per the instructions on sunfreeware, I have also installed the 
following packages-
libgcc-3.3
libiconv-1.9.2
libintl-3.4.0
ncurses-5.4
popt 1.7
readline 5.1

Also on my network-
A Windows 2003 ES domain controller: hostname = SEEDS1  domain = SEEDS
A Windows 2003 ES system: hostname = SEEDS2 member of domain SEEDS

Objective:
All I want is for my users on the windows hosts to be able to access 
shared resources from the samba server.  I want all authentication to go 
through the DC, I do not want to have to maintain a local smbpasswd file.

Problem:
When I put a directory search path of \\vail\Samba into the Windows 
system it prompts for a username and password.  When I put in the 
username and password of a domain account I do not get access to the 
share.  I can log into a windows system with the domain information, so 
I know it's not a problem with the domain configuration.


smb configuration from log.smbd:
  Processing section "[global]"
  doing parameter workgroup = SEEDS
  doing parameter server string = Samba Server
  doing parameter security = domain
  doing parameter encrypt passwords = yes
  doing parameter load printers = yes
  doing parameter log file = /usr/local/samba/var/log.%m
  doing parameter max log size = 50
  doing parameter socket options = TCP_NODELAY
  doing parameter dns proxy = no
[2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
  Processing section "[homes]"
  doing parameter comment = Home Directories
  doing parameter browseable = no
  doing parameter writable = yes
[2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
  Processing section "[SAMBA]"
  doing parameter comment = Samba Packages
  doing parameter path = /export/Samba
  doing parameter public = yes
  doing parameter writeable = no
[2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
  Processing section "[printers]"
  doing parameter comment = All Printers
  doing parameter path = /usr/spool/samba
  doing parameter browseable = no
  doing parameter guest ok = no
  doing parameter writable = no
  doing parameter printable = yes


Tests on Samba server.
These tests show that the Samba server does have access to the domain.

Test 1 : use wbinfo to authenticate user account  - SUCCESS
# wbinfo -a bisbell%PASSWORD
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user bisbell%PASSWORD with plaintext password
challenge/response password authentication succeeded

Test 2:  Use wbinfo to show that domain info is accessable - SUCCESS
# wbinfo -u
SEEDS\Administrator
SEEDS\bisbell
SEEDS\cowens
SEEDS\Guest
SEEDS\krbtgt

# wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users
SEEDS\Domain Admins
SEEDS\Domain Users
SEEDS\Domain Guests
SEEDS\Domain Computers
SEEDS\Domain Controllers
SEEDS\Schema Admins
SEEDS\Enterprise Admins
SEEDS\Group Policy Creator Owners
SEEDS\DnsUpdateProxy


Possible Related Problems-

The smbclient command does not work.
# smbclient -U bisbell //vail/Samba
Password:

session setup failed: NT_STATUS_LOGON_FAILURE


smbtree produces no output
# smbtree
password:

#


Any ideas on what I'm doing wrong?

Thanks,
   Brad

Any reason why you don't use security=ads and kerberos so that you
get single sign on for shares with your AD users?
This way they don't need to supply user/pass to samba shares as samba
kan handles the kerberos tickets issued when they logged on to the
win box.

The packages I downloaded from sunfreeware.com were compiled with the 
configure option
 --with-ads=no

I tried downloading the source code and compiling myself, but when I run 
configure it complains about the lack of a krb5.h file.

---------
checking for kerberos 5 install path... no krb5-path given
checking for krb5-config... no
checking for working krb5-config... no. Fallback to previous krb5 
detection strategy
checking for /usr/include/heimdal... no
checking for /usr/kerberos... no
checking krb5.h usability... no
checking krb5.h presence... no
checking for krb5.h... no
configure: error: Active Directory cannot be supported without krb5.h
------------

 I don't know a whole lot about Kerberos.  I see a few krb5 files  
(mech_krb5.so, pam_krb5.so and krb5_asn.h) on the system, but no krb5.h. 
  I also don't do a lot of my own compiles, so in the interest of time I 
decided to try working with the Samba package I have- because at least I 
was able to get it installed.

Any reason why you don't use security=ads and kerberos so that you  
get single sign on for shares with your AD users?
This way they don't need to supply user/pass to samba shares as samba  
kan handles the kerberos tickets issued when they logged on to the  
win box.

cheers
6 nov 2006 kl. 21:59 skrev Brad Isbell:
> Any help would be very much appreciated.
>
> My Configuration-
> Solaris 8 - hostname = vail
> Samba 3.0.10 (downloaded from sunfreeware.com)
> As per the instructions on sunfreeware, I have also installed the  
> following packages-
> libgcc-3.3
> libiconv-1.9.2
> libintl-3.4.0
> ncurses-5.4
> popt 1.7
> readline 5.1
>
> Also on my network-
> A Windows 2003 ES domain controller: hostname = SEEDS1  domain = SEEDS
> A Windows 2003 ES system: hostname = SEEDS2 member of domain SEEDS
>
> Objective:
> All I want is for my users on the windows hosts to be able to  
> access shared resources from the samba server.  I want all  
> authentication to go through the DC, I do not want to have to  
> maintain a local smbpasswd file.
>
> Problem:
> When I put a directory search path of \\vail\Samba into the Windows  
> system it prompts for a username and password.  When I put in the  
> username and password of a domain account I do not get access to  
> the share.  I can log into a windows system with the domain  
> information, so I know it's not a problem with the domain  
> configuration.
>
>
> smb configuration from log.smbd:
>  Processing section "[global]"
>  doing parameter workgroup = SEEDS
>  doing parameter server string = Samba Server
>  doing parameter security = domain
>  doing parameter encrypt passwords = yes
>  doing parameter load printers = yes
>  doing parameter log file = /usr/local/samba/var/log.%m
>  doing parameter max log size = 50
>  doing parameter socket options = TCP_NODELAY
>  doing parameter dns proxy = no
> [2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
>  Processing section "[homes]"
>  doing parameter comment = Home Directories
>  doing parameter browseable = no
>  doing parameter writable = yes
> [2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
>  Processing section "[SAMBA]"
>  doing parameter comment = Samba Packages
>  doing parameter path = /export/Samba
>  doing parameter public = yes
>  doing parameter writeable = no
> [2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
>  Processing section "[printers]"
>  doing parameter comment = All Printers
>  doing parameter path = /usr/spool/samba
>  doing parameter browseable = no
>  doing parameter guest ok = no
>  doing parameter writable = no
>  doing parameter printable = yes
>
>
> Tests on Samba server.
> These tests show that the Samba server does have access to the domain.
>
> Test 1 : use wbinfo to authenticate user account  - SUCCESS
> # wbinfo -a bisbell%PASSWORD
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
> error messsage was: No such user
> Could not authenticate user bisbell%PASSWORD with plaintext password
> challenge/response password authentication succeeded
>
> Test 2:  Use wbinfo to show that domain info is accessable - SUCCESS
> # wbinfo -u
> SEEDS\Administrator
> SEEDS\bisbell
> SEEDS\cowens
> SEEDS\Guest
> SEEDS\krbtgt
>
> # wbinfo -g
> BUILTIN\System Operators
> BUILTIN\Replicators
> BUILTIN\Guests
> BUILTIN\Power Users
> BUILTIN\Print Operators
> BUILTIN\Administrators
> BUILTIN\Account Operators
> BUILTIN\Backup Operators
> BUILTIN\Users
> SEEDS\Domain Admins
> SEEDS\Domain Users
> SEEDS\Domain Guests
> SEEDS\Domain Computers
> SEEDS\Domain Controllers
> SEEDS\Schema Admins
> SEEDS\Enterprise Admins
> SEEDS\Group Policy Creator Owners
> SEEDS\DnsUpdateProxy
>
>
> Possible Related Problems-
>
> The smbclient command does not work.
> # smbclient -U bisbell //vail/Samba
> Password:
>
> session setup failed: NT_STATUS_LOGON_FAILURE
>
>
> smbtree produces no output
> # smbtree
> password:
>
> #
>
>
> Any ideas on what I'm doing wrong?
>
> Thanks,
>   Brad
>
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba