[Samba] Samba 2.2.5-10, W2K PDC and Winbind - Authentication issues
Aaron D.
lists at aaronsplace.org
Tue Sep 10 20:28:00 GMT 2002
I've gotten passed the problem I had with joining the domain. However, I
am still having problems with the authentication of domain user accounts
against the samba server.
wbinfo -u shows my users from the domain correctly.
wbinfo -g does the same for my domain groups.
getent passwd shows the domain users as expected.
wbinfo -t shows a good trust.
wbinfo -a allows me to authenticate any user (although I've noticed only
plain text seems to work?)
NOTE: If I add entries into the smbpasswd in the format of domain+user and
set the password then all works as expected, save of course the fact I have
to manually add the users which basically defeats the purpose of setting up
winbind?
Any ideas, thoughts, suggestions, or glasses filled with hard liquor are
welcome. I see the following quite frequently in the logs on Samba, but
nothing on the audit logs of the PDC. "connect_to_domain_password_server:
machine SERVER rejected the tconX on the IPC$ share. Error was :
NT_STATUS_ACCESS_DENIED."
PDC is a W2K SP2 Advanced Server.
Samba is on RedHat 7.1 Kernel 2.4.9-34
When I try to access a share, or even browse the root of the same server I
get various examples of the following in my log.smbd:
[2002/09/10 15:13:18, 3] smbd/process.c:process_smb(877)
Transaction 13 of length 198
[2002/09/10 15:13:18, 3] smbd/process.c:switch_message(684)
switch message SMBsesssetupX (pid 1924)
[2002/09/10 15:13:18, 3] smbd/sec_ctx.c:set_sec_ctx(313)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/09/10 15:13:18, 3] smbd/reply.c:reply_sesssetup_and_X(857)
Domain=[DOMAIN] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000
5.0]
[2002/09/10 15:13:18, 3] smbd/reply.c:reply_sesssetup_and_X(868)
sesssetupX:name=[adonaldson]
[2002/09/10 15:13:18, 3] smbd/reply.c:reply_sesssetup_and_X(929)
Using unix username DOMAIN+adonaldson
[2002/09/10 15:13:18, 3] libsmb/namequery.c:resolve_wins(709)
resolve_wins: Attempting wins lookup for name SERVER<0x20>
[2002/09/10 15:13:18, 3] libsmb/namequery.c:resolve_wins(727)
resolve_wins: WINS server == <10.7.7.201>
[2002/09/10 15:13:18, 3] lib/util_sock.c:open_socket_in(813)
bind succeeded on port 0
[2002/09/10 15:13:18, 2] libsmb/namequery.c:name_query(421)
Got a positive name query response from 10.7.7.201 ( 10.7.7.201 )
[2002/09/10 15:13:18, 3] lib/util_sock.c:open_socket_out(845)
Connecting to 10.7.7.201 at port 445
[2002/09/10 15:13:18, 0]
smbd/password.c:connect_to_domain_password_server(1328)
connect_to_domain_password_server: machine SERVER rejected the tconX on
the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
[2002/09/10 15:13:18, 0] smbd/password.c:domain_client_validate(1585)
domain_client_validate: Domain password server not available.
[2002/09/10 15:13:18, 2] passdb/pdb_smbpasswd.c:startsmbfilepwent(170)
startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd.
Error was No such file or directory
[2002/09/10 15:13:18, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
unable to open passdb database.
[2002/09/10 15:13:18, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'domain+adonaldson' in passdb.
[2002/09/10 15:13:18, 2] smbd/reply.c:reply_sesssetup_and_X(972)
NT Password did not match for user 'domain+adonaldson'!
[2002/09/10 15:13:18, 2] smbd/reply.c:reply_sesssetup_and_X(982)
Defaulting to Lanman password for domain+adonaldson
[2002/09/10 15:13:18, 2] passdb/pdb_smbpasswd.c:startsmbfilepwent(170)
startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd.
Error was No such file or directory
[2002/09/10 15:13:18, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
unable to open passdb database.
[2002/09/10 15:13:18, 1] smbd/password.c:pass_check_smb(545)
Couldn't find user 'domain+adonaldson' in passdb.
[2002/09/10 15:13:18, 1] smbd/reply.c:reply_sesssetup_and_X(998)
Rejecting user 'domain+adonaldson': authentication failed
[2002/09/10 15:13:18, 3] smbd/error.c:error_packet(91)
error string = No such file or directory
[2002/09/10 15:13:18, 3] smbd/error.c:error_packet(106)
error packet at smbd/reply.c(1000) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
This is what appears for the same attempt in the log.winbind
[2002/09/10 15:13:17, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam DOMAIN+adonaldson
[2002/09/10 15:13:17, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam domain+adonaldson
[2002/09/10 15:13:17, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam domain+adonaldson
[2002/09/10 15:13:17, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam domain+adonaldson
[2002/09/10 15:13:18, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam DOMAIN+adonaldson
[2002/09/10 15:13:18, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam domain+adonaldson
[2002/09/10 15:13:18, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam domain+adonaldson
[2002/09/10 15:13:18, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1924]: getpwnam domain+adonaldson
[2002/09/10 15:13:59, 3] nsswitch/winbindd_user.c:winbindd_endpwent(313)
[ 1926]: endpwent
[2002/09/10 15:13:59, 3] nsswitch/winbindd_user.c:winbindd_endpwent(313)
[ 1926]: endpwent
[2002/09/10 15:14:42, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(103)
[ 1927]: getpwnam +nobody
Here is my current smb.conf:
# Global parameters
[global]
password server = server
interfaces = 10.7.7.200/24 127.0.0.1
bind interfaces only = Yes
wins server = 10.7.7.201
debug level = 3
browse list = No
dns proxy = No
security = domain
encrypt passwords = Yes
obey pam restrictions = no
workgroup = domain
server string = Samba Server
comment = File and Print Services on BART
local master = No
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
netbios name = SAMBA
mangled names = No
case sensitive = no
max log size = 50
preferred master = no
winbind separator = +
winbind cache time = 10
# template shell = /bin/bash
# template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = yes
name resolve order = wins lmhosts host bcast
time server = yes
os level = 33
hosts allow = x.x.x. 127.
[homes]
comment = Home Directories
writeable = Yes
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = Yes
More information about the samba
mailing list