Hi everyone, I am setting up a samba server in Win2003 domain. My goal is to be able to connect to shares from a redhat server to win2003 servers and do the same the other way around. I have followed some tutorials, been through the official how-to and still my setup has something wrong that i cannot understand. I would like to use the windows accounts in my Active Directory to do the authentication. Which security/authentication should i go for. I have tried without success to use ADS. Here is my smb.conf file: [global] workgroup = ACME password server = * realm = EU.ACME.COM security = domain idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind separator = + template shell = /bin/false winbind use default domain = false winbind offline logon = false server string = AMSDEV-DV09 netbios name = AMSDEV-DV09 encrypt passwords = yes wins server = 10.130.12.120 winbind separator = + winbinduid = 10000-20000 winbindgid = 10000-20000 winbindenum users = yes winbindenum groups = yes [Share] path = /home/acme/ comment = Shared folder browseable = yes writable = yes I also have added in the nsswitch.conf file the winbind auth method for users and groups. Some guidance would be greatly appreciated. Thank you.
Uh, what's the problem? -HKS On Thu, Jul 17, 2008 at 9:05 AM, Thomas Vito <shoktai@gmail.com> wrote:> Hi everyone, > > I am setting up a samba server in Win2003 domain. My goal is to be able to > connect to shares from a redhat server to win2003 servers and do the same > the other way around. > > I have followed some tutorials, been through the official how-to and still > my setup has something wrong that i cannot understand. > I would like to use the windows accounts in my Active Directory to do the > authentication. Which security/authentication should i go for. > I have tried without success to use ADS. > > Here is my smb.conf file: > [global] > > workgroup = ACME > password server = * > realm = EU.ACME.COM > security = domain > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > winbind separator = + > template shell = /bin/false > winbind use default domain = false > winbind offline logon = false > server string = AMSDEV-DV09 > netbios name = AMSDEV-DV09 > encrypt passwords = yes > wins server = 10.130.12.120 > winbind separator = + > winbinduid = 10000-20000 > winbindgid = 10000-20000 > winbindenum users = yes > winbindenum groups = yes > > [Share] > path = /home/acme/ > comment = Shared folder > browseable = yes > writable = yes > > I also have added in the nsswitch.conf file the winbind auth method for > users and groups. > > Some guidance would be greatly appreciated. > Thank you. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Sorry i should have added the description of the issue: Authentication doesn't work when i try to access the red hat server from a win2003 machine nothing happens. After 5 minutes or so, i get an error saying no network path was found. The red hat server has also been added to my win domain with the net command. I can access the Windows folders from my red hat server and authentication works if i use my Active Directory account. This is what i get from my samba server to access a share on the samba server itself ( i try to use an AD account): [root@amsdev-dv09 ~]# smbclient -L localhost -U atpcci Password: Receiving SMB: Server stopped responding session setup failed: Call timed out: server did not respond after 20000 milliseconds And this is what i get from a windows client trying to access the samba share: H:\>net use G: "\\amsdev-dv09\Share" System error 64 has occurred. The specified network name is no longer available.
did you read chaper 7 of samba 3 by example.pdf? Thomas Vito wrote:> Hi everyone, > > I am setting up a samba server in Win2003 domain. My goal is to be able to > connect to shares from a redhat server to win2003 servers and do the same > the other way around. > > I have followed some tutorials, been through the official how-to and still > my setup has something wrong that i cannot understand. > I would like to use the windows accounts in my Active Directory to do the > authentication. Which security/authentication should i go for. > I have tried without success to use ADS. > > Here is my smb.conf file: > [global] > > workgroup = ACME > password server = * > realm = EU.ACME.COM > security = domain > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > winbind separator = + > template shell = /bin/false > winbind use default domain = false > winbind offline logon = false > server string = AMSDEV-DV09 > netbios name = AMSDEV-DV09 > encrypt passwords = yes > wins server = 10.130.12.120 > winbind separator = + > winbinduid = 10000-20000 > winbindgid = 10000-20000 > winbindenum users = yes > winbindenum groups = yes > > [Share] > path = /home/acme/ > comment = Shared folder > browseable = yes > writable = yes > > I also have added in the nsswitch.conf file the winbind auth method for > users and groups. > > Some guidance would be greatly appreciated. > Thank you. >
samba-3.0.28-1.el5_2.1 2008/7/18, Volker Lendecke <Volker.Lendecke@sernet.de>:> On Fri, Jul 18, 2008 at 12:57:20PM +0200, Thomas Vito wrote: >> -------------- Security Descriptor (revision: 1, type: 0x8c04) >> owner SID: S-1-5-21-3740640398-491454997-2066221157-512 >> group SID: S-1-5-21-3740640398-491454997-2066221157-513 >> ------- (system) ACL not present >> Segmentation fault > > What Samba version? > > Volker >
On Fri, Jul 18, 2008 at 01:52:09PM +0200, Thomas Vito wrote:> samba-3.0.28-1.el5_2.1 > > 2008/7/18, Volker Lendecke <Volker.Lendecke@sernet.de>: > > On Fri, Jul 18, 2008 at 12:57:20PM +0200, Thomas Vito wrote: > >> -------------- Security Descriptor (revision: 1, type: 0x8c04) > >> owner SID: S-1-5-21-3740640398-491454997-2066221157-512 > >> group SID: S-1-5-21-3740640398-491454997-2066221157-513 > >> ------- (system) ACL not present > >> Segmentation fault > > > > What Samba version?Can you try to run that program under gdb and send a backtrace of the segfault? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20080718/65babd24/attachment.bin
in gdb the command exits normally: objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: amsdev-dv09 distinguishedName: CN=amsdev-dv09,CN=Computers,DC=eu,DC=acme,DC=com instanceType: 4 whenCreated: 20080718104544.0Z whenChanged: 20080718104559.0Z uSNCreated: 45337167 uSNChanged: 45337167 name: amsdev-dv09 objectGUID: e8546ef0-3d12-4b37-82bb-aa5c40d22a1f userAccountControl: 69632 codePage: 0 countryCode: 0 lastLogon: 128608564918544138 localPolicyFlags: 0 pwdLastSet: 128608515446822451 primaryGroupID: 515 objectSid: S-1-5-21-3740640398-491454997-2066221157-10778 accountExpires: 9223372036854775807 logonCount: 6 sAMAccountName: amsdev-dv09$ sAMAccountType: 805306369 dNSHostName: amsdev-dv09.eu.acme.com servicePrincipalName: HOST/amsdev-dv09.eu.acme.com servicePrincipalName: HOST/AMSDEV-DV09 objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=acme,DC=com isCriticalSystemObject: FALSE lastLogonTimestamp: 128608515447134933 Program exited normally.
On Fri, Jul 18, 2008 at 02:58:37PM +0200, Thomas Vito wrote:> in gdb the command exits normally:Weird... Next try: Run it under valgrind --tool=memcheck and send the output? Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20080718/9d342fe6/attachment.bin