[BUG] server/domain security + winbind: failure

vda vda at port.imtp.ilyichevsk.odessa.ua
Fri Dec 7 04:22:04 GMT 2001


Hi Samba,

I have set up 2 Samba servers in our previously all-Windows network.
I experiment a lot with it.

I want NT domain users to be able to open \\linux1\username
and see entire filesystem or a large part of it (currently I let them see 
/usr) with respective user rights. User rights are determined by uid/gid of 
logged in user and file uid/gid/mode (as usual).

I tested this and it works when my Samba boxes are in server or domain 
security mode. Of course this required me to add domain users to /etc/passwd
to assign them uids.

Also I want NT domain users to be able to telnet to me, enter their domain 
name/passwd and get a login shell. Winbindd is doing that fine. I don't need
to tweak /etc/passwd|group|shadow!

And now comes [BUG] part: SMB logins break when winbindd active. No domain 
users can open \\linux1\username anymore, even when /etc/passwd, smbpasswd 
etc are set ok. From the log contents I conclude that samba somehow 
substitutes username with winbindd supplied DOMAIN+username and passes in to 
NT PDC, which refuses to authenticate it.

I tested it several times:

# smbclient //linux/test passwd -U test
 (fails, bad passwd)
# killall winbindd
# smbclient //linux/test passwd -U test
 (succeeds)

I am very willing to remove this last obstacle to make Linux servers usable
for all our computer department staff. My samba is 2.2.2, compiled from 
sources, I can perform any additional testing and mail you relevant logs,
test patches etc. Come on, press the <Reply> button/key/lever/whatever you 
have :-)

PS: wins name resolution is nice. Now I can ping these Win boxes by name! :-) 
Thanks for good work!
--
vda




More information about the samba mailing list