samba - Dec 2010 - samba 3 and active directory computers

Installed Samba 3 with Winbind on Ubuntu server 10.04 x64.

User accounts authenticate beautifully using the domain.  wbinfo -u and
wbinfo -g show me all of my domain user accounts and groups respectively.

I want to use Active Directory to deploy software to the computers, however,
I cannot get the computers in active directory to be able to authenticate to
the Samba server.

Here is what I have in my error logs.

[2010/12/15 16:48:06,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
  Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0

and

[2010/12/15 16:48:09,  3] smbd/service.c:807(make_connection_snum)
  Connect path is '/home/OFFICE2008/apps' for service [apps]
[2010/12/15 16:48:09,  0] smbd/service.c:833(make_connection_snum)
  make_connection: connection to apps denied due to security descriptor.
[2010/12/15 16:48:09,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/reply.c(689) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED

And below is my smb.conf

[global]
prefered master = no
server string = file server
security = ADS
netbios name = storage
realm = OFFICE.DOMAIN.COM
password server = swerver2008.office.domain.com
encrypt passwords = yes
workgroup = OFFICE2008
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
winbind nested groups = yes
;template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
#logging
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action

[office]
  comment = Directory for files general office share
  path= /office
  Valid Users =@OFFICE.DOMAIN.COM+officeStaff
 ; public=yes
  writable=yes
  browseable=yes
  create mask = 0770
  force create mode = 0770
  force directory mode = 0770
  force group = @OFFICE.DOMAIN.COM+officeStaff

[apps]
  comment = Directory for applications to be deployed using group policy
  path = /home/OFFICE2008/apps
 ; Valid Users =@OFFICE.DOMAIN.COM+officeComputers
  public=yes
  writable=yes
  browseable=yes
  force create mode = 0755
  force directory mode = 0755
  force group = @OFFICE.DOMAIN.COM+officeComputers
  guest ok = yes
  guest account = nobody

Where am I going wrong?

Ben

On Wed, Dec 15, 2010 at 05:00:52PM -0600, Ben Cone
wrote:
> Installed Samba 3 with Winbind on Ubuntu server 10.04 x64.
> 
> User accounts authenticate beautifully using the domain.  wbinfo -u and
> wbinfo -g show me all of my domain user accounts and groups respectively.
> 
> I want to use Active Directory to deploy software to the computers,
however,
> I cannot get the computers in active directory to be able to authenticate
to
> the Samba server.
> 
> Here is what I have in my error logs.
> 
> [2010/12/15 16:48:06,  3] libsmb/ntlmssp.c:745(ntlmssp_server_auth)
>   Got user=[] domain=[] workstation=[IT-OFFICE2] len1=1 len2=0
There's https://bugzilla.samba.org/show_bug.cgi?id=7817. You
might want to try the attached patch which fixed it.

With best regards,

Volker Lendecke