[Samba] Trying to find why it is not working

Simon Renshaw simon at castortech.com
Fri Jun 2 19:11:56 GMT 2006 

Hi,

First, sorry if this is a bit long.

I'm having problems finding what is wrong with my setup. Running Samba
3.0.10-1.4E.6 on CentOS 4.3. PDC is AD on windows 2003.

Samba and winbind are running.

My smb.conf file:

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/05/30 10:52:16

# Global parameters
[global]
        workgroup = MONTREAL
        realm = CASTORTECH.COM
        interfaces = eth0
        security = ADS
        password server = castor-srvr1
        wins server = 192.168.64.20

[Main]
        comment = Test
        path = /
        guest ok = yes
        writeable = yes

I was able to join the domain with net ads join. I see the Linux box in
AD. I also see it in my Network Places on Windows and the share called
Main but it asks for a user/password when I try to access it and it
doesn't work.

If I run net ads testjoin:
Join is OK

If I run net ads info:
LDAP server: 192.168.64.20
LDAP server name: castor-srvr1
Realm: CASTORTECH.COM
Bind Path: dc=CASTORTECH,dc=COM
LDAP port: 389
Server time: Fri, 02 Jun 2006 14:04:26 GMT
KDC server: 192.168.64.20
Server time offset: -947

If I run net ads lookup:
Information for Domain Controller: castor-srvr1

Response Type: SAMLOGON
GUID: e7508a6a-4561-4440-b45c-9fd246d4c93c
Flags:
        Is a PDC:                                   yes
        Is a GC of the forest:                      yes
        Is an LDAP server:                          yes
        Supports DS:                                yes
        Is running a KDC:                           yes
        Is running time services:                   yes
        Is the closest DC:                          yes
        Is writable:                                yes
        Has a hardware clock:                       no
        Is a non-domain NC serviced by LDAP server: no
Forest:                 castortech.com
Domain:                 castortech.com
Domain Controller:      castor-srvr1.castortech.com
Pre-Win2k Domain:       MONTREAL
Pre-Win2k Hostname:     CASTOR-SRVR1
Site Name:              Default-First-Site-Name
Site Name (2):          Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff

Net ads user also return a list of the domain's users.

Wbinfo -u and -g return a list of the domain's users and groups.

But if I run wbinfo -a simon%bvhdohgo I get:
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user simon%bvhdohgo with plaintext password
challenge/response password authentication succeeded

I also tried with administrator but I got the same result.

But I ran wbinfo --set-auth-user=administrator%pass and get
MONTREAL\administrator%pass if I run wbinfo --get-auth-user. So it is
able to get the domain info. I don't get it.

And of course, getent passwd returns the local users, not the one from
the domain.

Passwd, shadow and group are set as files winbind in /etc/nsswitch.conf.

I think that I am pretty close to a solution but I don't know what to do
next.

Any idea what is wrong and what should I check next?

Thanks!
Simon

More information about the samba mailing list