Hello list, i'm going to try very hard not to rant here, but i've been trying to get Samba working for 3 days, and it's just not happening. Let me start from the beginning. i'm just a lowly Windows admin but i've been doing this for 10 years, so i'm pretty sure i know what i'm doing (present situation excepted, clearly). i've got RedHat AS4 and a primarily Windows 2000 domain. i want to be able to transparently browse to the shares on the RH server from a Windows client without having to authenticate again, which is exactly what the AD integrated authentication is for, right? If i do "wbinfo -u" i get a list of AD objects, but without the AD domain name prepended which is my first clue that something isn't right. If i do "wbinfo -a username%password" both plaintext and challenge response authentication work. If i do "getent passwd" i get only local usernames. Same for "getent group" except i get local groups, obviously. From everything i've read in the man pages and god only know how many online troubleshooting and/or help docs, this just doesn't happen. Everything that mentions using wbinfo and getent for testing just says "and you can try this and oh, look it works". i'm paraphrasing slightly. i have joined the RH server to the domain. i can get a Kerberos ticket issued if i want one. i have been through smb.conf, nsswitch.conf and /etc/pam.d so often, i no longer remember what my originals looked like. i'm happy to post excerpts from any or all of these of they will help (i'm not going to do it now in case 1 - it's an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - to keep things relatively short). The logs have been less than ideally helpful since i already know that authentication isn't working... somewhere. Can someone help? Please? m. Michael Cleghorn System & Network Administrator Risk Management Technologies 5 Ventnor Avenue West Perth WA 6005 AUSTRALIA Tel: +61 8 9322 1711 Fax: +61 8 9322 1794 Web: www.rmt.com.au Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately.
I think, I know how you feel :-) It seems as if the winbind stuff is not properly configured. I think you should post your smb.conf and nsswitch.conf. cheers On 5/28/07, Michael Cleghorn <michaelc@rmt.com.au> wrote:> > Hello list, > > i'm going to try very hard not to rant here, but i've been trying to get Samba working for 3 days, and it's just not happening. Let me start from the beginning. i'm just a lowly Windows admin but i've been doing this for 10 years, so i'm pretty sure i know what i'm doing (present situation excepted, clearly). i've got RedHat AS4 and a primarily Windows 2000 domain. i want to be able to transparently browse to the shares on the RH server from a Windows client without having to authenticate again, which is exactly what the AD integrated authentication is for, right? > > If i do "wbinfo -u" i get a list of AD objects, but without the AD domain name prepended which is my first clue that something isn't right. If i do "wbinfo -a username%password" both plaintext and challenge response authentication work. If i do "getent passwd" i get only local usernames. Same for "getent group" except i get local groups, obviously. From everything i've read in the man pages and god only know how many online troubleshooting and/or help docs, this just doesn't happen. Everything that mentions using wbinfo and getent for testing just says "and you can try this and oh, look it works". i'm paraphrasing slightly. > > i have joined the RH server to the domain. i can get a Kerberos ticket issued if i want one. i have been through smb.conf, nsswitch.conf and /etc/pam.d so often, i no longer remember what my originals looked like. i'm happy to post excerpts from any or all of these of they will help (i'm not going to do it now in case 1 - it's an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - to keep things relatively short). The logs have been less than ideally helpful since i already know that authentication isn't working... somewhere. > > Can someone help? Please? > > m. > > > Michael Cleghorn > System & Network Administrator > > Risk Management Technologies > 5 Ventnor Avenue > West Perth WA 6005 > AUSTRALIA > > Tel: +61 8 9322 1711 > Fax: +61 8 9322 1794 > > Web: www.rmt.com.au > > Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Here's a how-to I wrote for Samba 3.0.22 on Ubuntu 6.06/6.10 from which you might draw inspiration and compare settings to see if there's something you're missing. I need to update for 3.0.24. There are some things different now. https://help.ubuntu.com/community/SettingUpSamba#head-09cdfc4509f08e6891f5f5a750b28a32218c592e Hope that helps. Aaron Kincer Michael Cleghorn wrote:> Hello list, > > i'm going to try very hard not to rant here, but i've been trying to get Samba working for 3 days, and it's just not happening. Let me start from the beginning. i'm just a lowly Windows admin but i've been doing this for 10 years, so i'm pretty sure i know what i'm doing (present situation excepted, clearly). i've got RedHat AS4 and a primarily Windows 2000 domain. i want to be able to transparently browse to the shares on the RH server from a Windows client without having to authenticate again, which is exactly what the AD integrated authentication is for, right? > > If i do "wbinfo -u" i get a list of AD objects, but without the AD domain name prepended which is my first clue that something isn't right. If i do "wbinfo -a username%password" both plaintext and challenge response authentication work. If i do "getent passwd" i get only local usernames. Same for "getent group" except i get local groups, obviously. From everything i've read in the man pages and god only know how many online troubleshooting and/or help docs, this just doesn't happen. Everything that mentions using wbinfo and getent for testing just says "and you can try this and oh, look it works". i'm paraphrasing slightly. > > i have joined the RH server to the domain. i can get a Kerberos ticket issued if i want one. i have been through smb.conf, nsswitch.conf and /etc/pam.d so often, i no longer remember what my originals looked like. i'm happy to post excerpts from any or all of these of they will help (i'm not going to do it now in case 1 - it's an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - to keep things relatively short). The logs have been less than ideally helpful since i already know that authentication isn't working... somewhere. > > Can someone help? Please? > > m. > > > Michael Cleghorn > System & Network Administrator > > Risk Management Technologies > 5 Ventnor Avenue > West Perth WA 6005 > AUSTRALIA > > Tel: +61 8 9322 1711 > Fax: +61 8 9322 1794 > > Web: www.rmt.com.au > > Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately. >
Hello Michael: On May 28, 2007, at 2:31 AM, Michael Cleghorn wrote:> > Hello list, > > i'm going to try very hard not to rant here, but i've been trying > to get Samba working for 3 days, and it's just not happening. Let > me start from the beginning. i'm just a lowly Windows admin but > i've been doing this for 10 years, so i'm pretty sure i know what > i'm doing (present situation excepted, clearly). i've got RedHat > AS4 and a primarily Windows 2000 domain. i want to be able to > transparently browse to the shares on the RH server from a Windows > client without having to authenticate again, which is exactly what > the AD integrated authentication is for, right? > > If i do "wbinfo -u" i get a list of AD objects, but without the AD > domain name prepended which is my first clue that something isn't > right. If i do "wbinfo -a username%password" both plaintext and > challenge response authentication work. If i do "getent passwd" i > get only local usernames. Same for "getent group" except i get > local groups, obviously. From everything i've read in the man > pages and god only know how many online troubleshooting and/or help > docs, this just doesn't happen. Everything that mentions using > wbinfo and getent for testing just says "and you can try this and > oh, look it works". i'm paraphrasing slightly. > > i have joined the RH server to the domain. i can get a Kerberos > ticket issued if i want one. i have been through smb.conf, > nsswitch.conf and /etc/pam.d so often, i no longer remember what my > originals looked like. i'm happy to post excerpts from any or all > of these of they will help (i'm not going to do it now in case 1 - > it's an easy fix, in which case i'm not sure if i'll laugh or cry > and 2 - to keep things relatively short). The logs have been less > than ideally helpful since i already know that authentication isn't > working... somewhere. > > Can someone help? Please? ><sig snip> Would you post the following (sanitized, of course). smb.conf nsswitch.conf krb5.conf resolv.conf /pam.d/<whatever services you want authenticated> Regards, Mike
Hi all, thanks for your responses. It's now over a week later and i've re-installed to make sure it's not a RedHat magical if-you-don't-install-it-at-install-time-you-don't-get-the-right-config-files-setup issue. It's still not working, but i've found a new wall to bang my head against and its name is Kerberos. i may be back :) m. -----Original Message----- From: mikee [mailto:mikee@mikee.ath.cx] Sent: Wednesday, 6 June 2007 4:13 AM To: Michael Cleghorn Subject: Re: [Samba] AD Integrated authentication On Mon, 28 May 2007, Michael Cleghorn might have said:> > Hello list, > > i'm going to try very hard not to rant here, but i've been trying to get Samba working for 3 days, and it's just not happening. Let me start from the beginning. i'm just a lowly Windows admin but i've been doing this for 10 years, so i'm pretty sure i know what i'm doing (present situation excepted, clearly). i've got RedHat AS4 and a primarily Windows 2000 domain. i want to be able to transparently browse to the shares on the RH server from a Windows client without having to authenticate again, which is exactly what the AD integrated authentication is for, right? > > If i do "wbinfo -u" i get a list of AD objects, but without the AD domain name prepended which is my first clue that something isn't right. If i do "wbinfo -a username%password" both plaintext and challenge response authentication work. If i do "getent passwd" i get only local usernames. Same for "getent group" except i get local groups, obviously. From everything i've read in the man pages and god only know how many online troubleshooting and/or help docs, this just doesn't happen. Everything that mentions using wbinfo and getent for testing just says "and you can try this and oh, look it works". i'm paraphrasing slightly. > > i have joined the RH server to the domain. i can get a Kerberos ticket issued if i want one. i have been through smb.conf, nsswitch.conf and /etc/pam.d so often, i no longer remember what my originals looked like. i'm happy to post excerpts from any or all of these of they will help (i'm not going to do it now in case 1 - it's an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - to keep things relatively short). The logs have been less than ideally helpful since i already know that authentication isn't working... somewhere. > > Can someone help? Please?I authenticate my users with OpenLDAP on my Fedora Core box. The FC box uses samba and samba does authenticate the remote share access. Below is a snippet of my current configuration. Mike [global] security = USER client plaintext auth = Yes client lanman auth = Yes encrypt passwords = Yes lanman auth = No ntlm auth = Yes password level = 0 guest account = nobody admin users hosts allow = .pointwise.com, 10.1.2., 10.1.3., 192.168.100. cups options = raw wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no usershare allow guests = yes time server = yes workgroup = XXXX netbios aliases = loghost, mailhost, backuphost, ldaphost server string = Samba Server (%h) logon drive = L: logon home = \\%N\%U logon path = \\%N\%U\profile logon script = /etc/samba/login.bat ldap delete dn = Yes ldap suffix = dc=pointwise,dc=com ldap admin dn = cn=manager,dc=pointwise,dc=com ldap user suffix = ou=people ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap ssl = off ldapsam:trusted = Yes ldap timeout = 15 utmp directory = /var/run wtmp directory = /var/log utmp = Yes password server = ldaphost.pointwise.com passdb backend = ldapsam:ldap://ldaphost.pointwise.com ldap passwd sync = Yes #unix password sync = Yes #passwd program = /usr/sbin/smbldap-passwd %u #passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n" #passwd chat debug = Yes os level = 66 preferred master = Yes local master = Yes domain master = Yes domain logons = Yes allow trusted domains = Yes
Maybe Matching Threads
- Samba-AD HowTo Was: RE: Can't get single sign on to workafter joining linux toan AD domain
- Samba-AD HowTo Was: RE: Can't get single sign on to work after joining linux toan AD domain
- attempted upgrade this weekend
- problems xp joining samba pdc
- Samba PDC Ldap integration