samba - Mar 2009 - Samba Configuration

Hi all, for the life of me I cannot figure out this problem. I'm trying to
get Samba working with my AD environment. No matter what I try I cannot seem
to get it working. Mind you, I can authenticate to the server if I type
wbinfo -a username. I was also successful in joining it to AD. My problem is
when I try to access a share, say Home, I get a message asking for a
user/pass which it rejects. Here is my smb.conf:

[global]

    workgroup = ADSSERVER
    netbios name = ArchDesktop
    server string = Samba Server
    hosts allow = 192.168.2. 127.
    log file = /var/log/samba/%m.log
    max log size = 1000
    security = ADS
    encrypt passwords = yes
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind nested groups = yes
    winbind separator = +
    idmap uid = 600-20000
    idmap gid = 600-20000
    template shell = /bin/bash
    realm = ADSSERVER
    preferred master = no
    dns proxy = no

[Home]
    comment = My Home Directory
    path = /home/admin
    read only = no
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users = @"ADSSERVER+Domain Users"
    admin users = @"ADSSERVER+Domain Admins"

[tmp]
    comment = Temporary File Space
    path = /tmp
    read only = no
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users = @"ADSSERVER+Domain Users"
    admin users = @"ADSSERVER+Domain Admins"

If anyone can point me in the right direction it would be much appreciated.
Thanks.
-- 
View this message in context:
http://www.nabble.com/Samba-Configuration-tp22566973p22566973.html
Sent from the Samba - General mailing list archive at Nabble.com.

And you are on the host allow network?
Do you try removing the "valid users"?
The output of testparm?
The output of the log?
>
> Hi all, for the life of me I cannot figure out this problem. I'm trying
to
> get Samba working with my AD environment. No matter what I try I cannot
> seem
> to get it working. Mind you, I can authenticate to the server if I type
> wbinfo -a username. I was also successful in joining it to AD. My problem
> is
> when I try to access a share, say Home, I get a message asking for a
> user/pass which it rejects. Here is my smb.conf:
>
> [global]
>
>     workgroup = ADSSERVER
>     netbios name = ArchDesktop
>     server string = Samba Server
>     hosts allow = 192.168.2. 127.
>     log file = /var/log/samba/%m.log
>     max log size = 1000
>     security = ADS
>     encrypt passwords = yes
>     winbind enum users = yes
>     winbind enum groups = yes
>     winbind use default domain = yes
>     winbind nested groups = yes
>     winbind separator = +
>     idmap uid = 600-20000
>     idmap gid = 600-20000
>     template shell = /bin/bash
>     realm = ADSSERVER
>     preferred master = no
>     dns proxy = no
>
> [Home]
>     comment = My Home Directory
>     path = /home/admin
>     read only = no
>     inherit acls = yes
>     inherit permissions = yes
>     create mask = 700
>     directory mask = 700
>     valid users = @"ADSSERVER+Domain Users"
>     admin users = @"ADSSERVER+Domain Admins"
>
> [tmp]
>     comment = Temporary File Space
>     path = /tmp
>     read only = no
>     inherit acls = yes
>     inherit permissions = yes
>     create mask = 700
>     directory mask = 700
>     valid users = @"ADSSERVER+Domain Users"
>     admin users = @"ADSSERVER+Domain Admins"
>
> If anyone can point me in the right direction it would be much
> appreciated.
> Thanks.
> --
> View this message in context:
> http://www.nabble.com/Samba-Configuration-tp22566973p22566973.html
> Sent from the Samba - General mailing list archive at Nabble.com.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

ElihuJ wrote:
> Hi all, for the life of me I cannot figure out this problem. I'm trying
to
> get Samba working with my AD environment. No matter what I try I cannot
seem
> to get it working. Mind you, I can authenticate to the server if I type
> wbinfo -a username. I was also successful in joining it to AD. My problem
is
> when I try to access a share, say Home, I get a message asking for a
> user/pass which it rejects. Here is my smb.conf:
> 
> [global]
> 
>     workgroup = ADSSERVER
>     netbios name = ArchDesktop
>     server string = Samba Server
>     hosts allow = 192.168.2. 127.
>     log file = /var/log/samba/%m.log
>     max log size = 1000
>     security = ADS
>     encrypt passwords = yes
>     winbind enum users = yes
>     winbind enum groups = yes
>     winbind use default domain = yes
>     winbind nested groups = yes
>     winbind separator = +
>     idmap uid = 600-20000
>     idmap gid = 600-20000
>     template shell = /bin/bash
>     realm = ADSSERVER
>     preferred master = no
>     dns proxy = no
> 
> [Home]
>     comment = My Home Directory
>     path = /home/admin
>     read only = no
>     inherit acls = yes
>     inherit permissions = yes
>     create mask = 700
>     directory mask = 700
>     valid users = @"ADSSERVER+Domain Users"
>     admin users = @"ADSSERVER+Domain Admins"
> 
> [tmp]
>     comment = Temporary File Space
>     path = /tmp
>     read only = no
>     inherit acls = yes
>     inherit permissions = yes
>     create mask = 700
>     directory mask = 700
>     valid users = @"ADSSERVER+Domain Users"
>     admin users = @"ADSSERVER+Domain Admins"
> 
> If anyone can point me in the right direction it would be much appreciated.
> Thanks.
What is in your /etc/nsswitch.conf file?  Have you enabled winbind
resolution for passwd and group?

- John T.

Thanks for the replies guys. My nsswitch.conf has the following:

passwd: compat winbind
group:  compat winbind
shadow: compat winbind

And I am on the hosts allow network. If I remove the valid users, I can
still access the share; I just cannot write to it.

Output of testparm:

Load smb config files from /etc/samba/smb.conf
Processing section "[admin]"
Processing section "[tmp]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

And here are some of the things I've seen in the logs. Let me know if you
need to see any other logs.

==winbind.log=[2009/03/17] 00:55:28 3]
winbindd/winbindd_misc.c:winbindd_domain_info(654)
     [5888]: domain_info [ADSERVER]
[2009/03/17] 00:55:28 3] winbindd/winbindd_misc.c:winbindd_ping(733)
     [5888]: ping
[2009/03/17] 00:55:28 3] winbindd/winbindd_misc.c:winbindd_lookkupname(102)
     [5888]: lookupname ADSERVER+admin

Now I've tried some things since to see if I can get it working. Since AD
authentication is working, I logged in with my admin user and created a home
directory. Permissions for the directory are 755, with admin:domain admins
for ownership. I figured, well if I have the same user logged in on my Linux
machine that I have on my XP machine, I should be able to read/write right?
Well when I go to the admin share on my XP machine, I can see everything
fine. I can even see that domain permissions are being applied. However I am
still unable to write!

I really appreciate the help, thanks.
-- 
View this message in context:
http://www.nabble.com/Samba-Configuration-tp22566973p22571574.html
Sent from the Samba - General mailing list archive at Nabble.com.