[Samba] Getting Samba 3 to communicate with Win2k3 ADS

Jim Laverty jim.laverty at gmail.com
Tue Jul 27 19:19:34 GMT 2004 

1)  "winbind separator" is spelled wrong in your smb.conf file.

2)   Can you post a snip of the server config section of smb.conf
(e.g. not the share section)?

3)    Did you configure /etc/krb5.conf and run kinit?  Does klist give
you any values?

On Tue, 27 Jul 2004 13:59:55 -0500, Chris Goff <cgoff at nles.k12.wi.us> wrote:
> I'm having a *terrible* time trying to get Samba 3 to communicate with my
> Windows 2003 Active Directory Server (the primary and only domain on my
> network). Basically this is what I'm trying to do: create a Linux File
> Server to replace my old WinNT 4 File Server. I would like it to show up
> under all my XP clients on network neighborhood just like the old server,
> with each account on my network having a folder on the file server that
> they can work with i.e.
> 
> John Doe (jdoe account name on the Windows 2003 domain) has a folder on
> "Hobbes" (the Linux File Server running Samba 3) named "jdoe" that only he
> and anyone in the Administrators group can access. This is how I had it
> setup with the old WinNT 4 file server.
> 
> Obviously I'm not looking for anything fancy, just some decent security by
> using the same users/groups between the file server and the domain server,
> and some folder shares for each account.
> 
> I've done some research on the web, read the Samba HOWTO, the Unofficial
> HOWTO, and a paper on this website:
> http://www.wlug.org.nz/ActiveDirectorySamba
> 
> I'm running a Slackware 10 operating system, removed the original Samba
> 3.0.4 (wasn't compiled with several required options) package and compiled
> Samba 3.0.5 with the correct options (after installing numerous other
> libraries such as PAM and OpenLDP).
> 
> I've primarily been trying to follow the tutorial posed here:
> http://www.wlug.org.nz/ActiveDirectorySamba. I have run into things that
> simply don't exist on my system, such as /etc/pam.d/samba, etc. shown as
> steps in that tutorial. I am able to see the system in my Active Directory
> on the Win2k3 machine, and I can access shares if I go in manually (shares
> that I have set up with SWAT) on my WinXP clients using \\Hobbes
> (presented with login/pass prompt). However, it does not show up as an
> icon under Network Places, and is shown as a Domain Controller under the
> Active Directory.
> 
> Here's a copy of my log.winbindd:
> 
> Last login: Mon Jul 26 16:07:11 2004 from 10.0.0.3
> Linux 2.4.26.
> root at hobbes:/usr/local/samba/var# more log.winbindd
> [2004/07/27 09:13:23, 1] nsswitch/winbindd.c:main(843)
>   winbindd version 3.0.5 started.
>   Copyright The Samba Team 2000-2004
> [2004/07/27 09:13:23, 0] param/loadparm.c:map_parameter(2420)
>   Unknown parameter encountered: "winbind seperator"
> [2004/07/27 09:13:23, 0] param/loadparm.c:lp_do_parameter(3110)
>   Ignoring unknown parameter "winbind seperator"
> [2004/07/27 09:13:23, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
>   Added domain NLES NLES.LOCAL S-0-0
> [2004/07/27 09:13:30, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
>   ads_connect for domain NLES failed: No such file or directory
> [2004/07/27 09:13:30, 1] nsswitch/winbindd_util.c:init_domain_list(327)
>   Could not fetch sid for our domain NLES
> [2004/07/27 09:14:20, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
>   ads_connect for domain NLES failed: Transport endpoint is not connected
> [2004/07/27 10:41:26, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
>   ads_connect for domain NLES failed: Transport endpoint is not connected
> [2004/07/27 11:00:02, 1] nsswitch/winbindd.c:main(843)
>   winbindd version 3.0.5 started.
>   Copyright The Samba Team 2000-2004
> [2004/07/27 11:00:02, 0] lib/pidfile.c:pidfile_create(84)
>   ERROR: winbindd is already running. File
> /usr/local/samba/var/locks/winbindd.p
> id exists and process id 18315 is running.
> [2004/07/27 11:01:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
>   ads_connect for domain NLES failed: No such file or directory
> [2004/07/27 11:06:18, 1] nsswitch/winbindd.c:main(843)
>   winbindd version 3.0.5 started.
>   Copyright The Samba Team 2000-2004
> [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
>   Added domain NLES NLES.LOCAL S-0-0
> [2004/07/27 11:06:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306)
>   krb5_cc_get_principal failed (No credentials cache found)
> [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
>   Added domain BUILTIN  S-1-5-32
> [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
>   Added domain HOBBES  S-1-5-21-1198646081-1480357316-948041017
> [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
>   winbindd_create_user: Refusing to create user that already exists
> (Administrat
> or)
> [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
>   winbindd_create_user: Refusing to create user that already exists
> (Administrat
> or)
> [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
>   winbindd_create_user: Refusing to create user that already exists
> (Administrat
> or)
> [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
>   winbindd_create_user: Refusing to create user that already exists
> (Administrat
> or)
> root at hobbes:/usr/local/samba/var#
> 
> So basically, does anyone have some steps they went through to get a basic
> samba 3 file server running on their 2003 ADS network?
> 
> Also, I'd *really* like to be able to use ACL to control folder
> permissions from WinXX clients rather than fudging with unix permissions.
> Does ReiserFS support ACL, or do I need to use another file system?
> 
> Samba n00b, frusterated but hanging in there...
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list