[Samba] Winbind basic questions

Brent Ross (Edm) bross at UMAGroup.com
Mon Nov 18 20:14:00 GMT 2002


I have been trying to setup a Samba 2.2.6 server on FreeBSD 4.7. I want to
use my NT4 domain for authentication of users. I am getting confused reading
all the documents as to whether I need PAM or not. I have installed Samba
successfully and  as far as I can tell it looks like it's working:

wbinfo -t returns "Secret is good"
wbinfo -u returns a list of all my domain users
wbinfo -g returns a list of all domain groups
wbinfo -a mydomain+myuser%mypassword returns success for both plaintext and
challenge/response

- Do I have to use PAM if all I want is to access the following Samba share
from my W2K clients?
- Should I install Samba configured using --with-winbind, or
--with-winbind-auth-challenge as well (I have tried both but neither work)
- If I do need PAM, I am reading conflicting info from the
/swat/help/PAM-Authentication-And-Samba.html file. It states "Note that
Samba always ignores PAM for authentication in the case of encrypt passwords
= yes", which I need if I am using security = domain
- If I do not need PAM to authenticate and it "appears" that I have
installed and configured samba / winbind properly as per the wbinfo lines
above, why can't I access the share?
- Do I need to create user accounts on the samba server? (I hope not, I
understand that's what winbind is for)
- Do I need to create any machine accounts? (Other than joining the samba
server to the domain.)


Here's my smb.conf:
# Samba config file created using SWAT
# from 10.110.22.40 (10.110.22.40)
# Date: 2002/11/16 15:19:26

# Global parameters
[global]
	workgroup = MYDOMAIN
	security = DOMAIN
	encrypt passwords = Yes
	password server = *
	winbind uid = 10000-20000
	winbind gid = 10000-20000
	winbind separator = +
	winbind enum users = yes
	winbind enum groups = yes
	log level = 2
	wins server = 192.168.0.7

[work]
	path = /usr/work
	valid users = @"Domain Users"
	read only = No

Here's my log.smbd:
[2002/11/16 15:59:13, 2] param/loadparm.c:do_section(3055)
  Processing section "[work]"
[2002/11/16 15:59:13, 2] lib/interface.c:add_interface(81)
  added interface ip=10.110.22.78 bcast=10.110.23.255 nmask=255.255.254.0
[2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=EDM-GEO          name2=EDM-02         
[2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=edm-geo remote=edm-02
[2002/11/16 15:59:48, 2] libsmb/namequery.c:name_query(421)
  Got a positive name query response from 10.110.22.7 ( 10.110.22.7 )
[2002/11/16 15:59:48, 2] lib/util_sock.c:open_socket_out(874)
  error connecting to 10.110.22.7:445 (Invalid argument)
[2002/11/16 15:59:54, 2] smbd/service.c:make_connection(331)
  Invalid username/password for work [nobody]
[2002/11/16 15:59:56, 2] smbd/service.c:make_connection(331)
  Invalid username/password for work [nobody]
[2002/11/16 16:00:47, 2] smbd/server.c:exit_server(461)
  Closing connections



More information about the samba mailing list