[Samba] Can't connect from Windows

Wm. Dean Dufresne dean at dufresneit.com
Wed Jan 7 03:58:37 GMT 2004 

I am setting up my first 3.0.1 installation.  I am using Slackware 9.1, I am
trying to connect to a Windows 2000 Server.  I do not need active directory
support (as far as I know).  The server's function is a file server.  So
Users need seamless authentication... of course.  I do not have LDAP
installed.  It's a plain server besides the 3ware RAID.


I compiled and installed samba 3.0.1, standard paths.  I followed the howto
on the samba site.

It is %99 working.  Smbd, nmbd, winbindd are all running.

#wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -p
Ping to winbindd succeeded on fd 4

Getent passwd, getent group works fine.

I can assign permissions to domain users like "chown domain+user file"

However when I try to connect from the PDC to the linux box with a domain
user account, it won't let me in.

The name of the PDC is "w2ksrv1", and linux box is "macfiles".  The domain
is "mac".

I was able to add a local user "testuser" and add it through smbpasswd, and
authenticate. And view shares, and go into the "tmp" share.

Conf file:

   UW PICO(tm) 4.6 
File: /usr/local/samba/lib/smb.conf

[global]
   
workgroup = MAC    
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U
template shell = /bin/false
server string = Samba Server
hosts allow = 192.168.1. 127.
load printers = yes
log file = /var/log/samba.%m
max log size = 50  
security = user    
password server = *
encrypt passwords = yes
socket options = TCP_NODELAY
                   
;   interfaces = 192.168.12.2/24 192.168.13.2/24
                   
dns proxy = no 
#============================ Share Definitions
==============================
[homes]            
   comment = Home Directories
   browseable = no 
   writable = yes  
           
# This one is useful for people to share files
[tmp]              
   comment = Temporary file space
   path = /tmp     
   read only = no  
   public = yes


File Attributes:


# ls -la /lib/libnss_winbind.so*
-rwxr-xr-x    1 root     root        19511 Jan  2 14:29
/lib/libnss_winbind.so*
lrwxrwxrwx    1 root     root           22 Jan  2 14:30
/lib/libnss_winbind.so.2 -> /lib/libnss_winbind.so*

Was not able to configure SAMBA with the "--with-pam" switch.


Also I have no /etc/pam.d directory. ( is that bad?)

Winbind output:

 /usr/local/samba/sbin/winbindd -i -d3
winbindd version 3.0.1 started.
Copyright The Samba Team 2000-2003
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/usr/local/samba/lib/smb.conf"
Processing section "[global]"
Processing section "[homes]"
Processing section "[tmp]"
adding IPC service
adding IPC service
added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
resolve_lmhosts: Attempting lmhosts lookup for name MAC<0x1c>
resolve_wins: Attempting wins lookup for name MAC<0x1c>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name MAC<0x20>
rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
IPC$ connections done by user MAC\<DOMAIN ADMIN>
Connecting to host=W2KSRV1
Connecting to 192.168.1.10 at port 445
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=w2ksrv1$@<full domain name>
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
add_trusted_domain: MAC is a native mode domain
Added domain MAC  
scanning trusted domain list
rpc: trusted_domains
rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
IPC$ connections done by user MAC\<DOMAIN ADMIN>
Connecting to host=W2KSRV1
Connecting to 192.168.1.10 at port 445
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=w2ksrv1$@<full domain name>
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
scanning trusted domain list
rpc: trusted_domains


The Win2k active directory domain name is actually a SUB domain so,
mac.fulldomain.com.  Which is non-standard I believe, FYI.

When the windows system tries to connect here is the log:
# tail -f /var/log/samba.w2ksrv1
[2004/01/03 14:05:57, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189)
  startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd did
not exist. File successfully created.
[2004/01/06 21:06:52, 1] smbd/service.c:make_connection_snum(705)
  w2ksrv1 (192.168.1.10) connect to service tmp initially as user testuser
(uid=10025, gid=100) (pid 15576)
[2004/01/06 21:09:05, 1] smbd/service.c:close_cnum(887)
  w2ksrv1 (192.168.1.10) closed connection to service tmp

You can see my testuser connect.

More logs:

# tail /usr/local/samba/var/log.nmbd
[2004/01/06 20:54:29, 0] nmbd/nmbd.c:main(664)
  Netbios nameserver version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1994-2003
[2004/01/06 22:53:13, 0] nmbd/nmbd.c:terminate(54)
  Got SIGTERM: going down...
[2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(664)
  Netbios nameserver version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1994-2003
[2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(683)
  standard input is not a socket, assuming -D option

# tail /usr/local/samba/var/log.smbd
  Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/01/06 20:53:50, 0] smbd/server.c:main(747)
  smbd version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/01/06 20:54:29, 0] smbd/server.c:main(747)
  smbd version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/01/06 22:53:25, 0] smbd/server.c:main(747)
  smbd version 3.0.1 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2003


Any help would be greatly appreciated!
 

(let me know if I forgot anything) :p

-- 
Wm. Dean Dufresne
Dufresne IT Consulting

More information about the samba mailing list