Hi all,
As an experiment I'm trying to log into a samba server (3.3.2) from
GDM. Both systems are running Ubuntu 9.04 and LDAP is not involved.
But it's not working.
The test user credentials are donkey/donkey .
On the client:
# net rpc join -S 192.168.0.1 -U root
Enter root's password:
Joined domain LAB-SAMBA.
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -a donkey%donkey
plaintext password authentication succeeded
challenge/response password authentication succeeded
However, getent does not show samba users:
# getent passwd | grep donkey
==========
On the server I see the following when I "successfully" authenticate
(as shown above):
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
_netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client MISC-DESKTOP machine account
MISC-DESKTOP$
I'm also getting a lot of the following in
/var/log/samba/log.winbindd-idmap:
winbindd/idmap_tdb.c:idmap_tdb_alloc_init(341)
idmap uid or idmap gid missing
winbindd/idmap.c:idmap_alloc_init(587)
ERROR: Initialization failed for alloc backend, deferred!
==========
Anyone?
I've attached the following:
* server's smb.conf (server_smbconf.txt)
* client's smb.conf (client_smbconf.txt)
* client's nsswitch.conf (client_nsswitch.txt)
* client's pam.d gdm (client_pam.d_gdm.txt)
* client's pam.d common-auth (client_pam.d_common-auth.txt)
* client's pam.d common-account (client_pam.d_common-account.txt)
--
/jm
-------------- next part --------------
[global]
workgroup = LAB-SAMBA
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
restrict anonymous = 0
domain logons = yes
domain master = yes
domain admin users = root
security = user
encrypt passwords = true
passdb backend = tdbsam
map to guest = bad user
load printers = no
socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 TCP_NODELAY
usershare allow guests = yes
[homes]
comment = Home Directories
browseable = yes
writeable = yes
create mask = 0700
directory mask = 0700
-------------- next part --------------
account sufficient pam_winbind.so
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
-------------- next part --------------
auth sufficient pam_winbind.so debug
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
-------------- next part --------------
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
session required pam_limits.so
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password
-------------- next part --------------
[global]
workgroup = LAB-SAMBA
winbind use default domain = yes
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
idmap uid = 10000-20000
idmap gid = 10000-20000
security = domain
password server = *
-------------- next part --------------
passwd: files winbind
shadow: files
group: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
