[Samba] winbind problems with linux domain member

Thu May 13 16:43:00 GMT 2004

Hey everyone,

I'm having some strange responses, and a bit of trouble with getting
access to a member server on my domain.  I've got Samba running on
another Linux box as a PDC, and my Win2k clients can login just fine,
and share between one another.  The problem comes in with another
Linux workstation that's setup as a member server.

Here's the relevant smb.conf section from the member server:

[global]
        workgroup = 102010
        server string = Samba Server %v
        log file = /var/log/samba3/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = no

        netbios name = miru
        security = domain
        printcap name = cups
        disable spoolss = yes
        show add printer wizard = no
        printing = cups

        idmap uid = 15000-20000
        idmap gid = 15000-20000
        winbind separator = +
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind enable local accounts = no
        use sendfile = yes

testparm comes out okay, with the caveat that using '+' as a separator
might cause problems with group membership.  I also get success
response from wbinfo -t

What's strange is this:

miru root # wbinfo -u
root
sak
michael

Shouldn't it show the domain+user output?  

When I do:
miru root # getent passwd
...
guest:x:405:100:guest:/dev/null:/dev/null
nobody:x:65534:65534:nobody:/:/bin/false
sak:x:1000:100::/home/sak:/bin/bash
ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false
root:x:15007:15001:root:/home/102010/root:/bin/false
sak:x:15006:15001::/home/102010/sak:/bin/false
michael:x:15008:15001::/home/102010/michael:/bin/false

If I understand correctly, this is okay; listing the local users and
then the domain users.

When I do:

miru root # getent passwd sak
sak:x:1000:100::/home/sak:/bin/bash

which is probably correct, but when I do:

miru root # getent passwd 102010+sak

I get no response whatsoever.  

All of this results in the shares on the member server showing up on
the domain, but unable to access them.  From a Win2k client, logged
into the domain, I can't get it to accept any type of login to access
a share on the member server.  When I try to access a share it asks
for a username and password.  If I try sak, it doesn't work, if I try
102010+sak it gives me an hourglass for about thirty seconds, and then
gives me "\\Miru\sak is not accessible. The specified username is
invalid."

Anyway, I'm stuck.  I don't know what else to try.  Anyone have any
thoughts or suggestions?

-- 
Thanks,
Sak.
-----

i've got this epic problem
this epic problem's not a problem for me
and inside i know i'm broken
but i'm working as far as you can see
and outside it's all production
it's all illusion set scenery
i've got this epic problem
this epic problem's not a problem for me
     -fugazi