[Samba] problem configuring smbd for domain authentication
rohitm at engr.uconn.edu
rohitm at engr.uconn.edu
Mon Feb 24 21:46:45 GMT 2003
Hello everyone, I am trying to configure a Samba 2.2 server to allow users to mount their home
directories (stored on a UNIX filesystem) from Windows after authenticating against a Windows 2000
Domain Controller.
The Samba server is 2.2.3a compiled with acl support on Solaris 8. I think I am experiencing some (hopefully)
basic configuration issues and can't seem to get it to work. I really hope some can help!
The name of our Windows 2000 Domain is ad.... The domain controller is (aptly named) dc. I have placed a static
record in WINs for the samba server, and added a record to the Active Directory Computers container for it as well.
The domain controller is a mixed-mode controller (I read in the docs that doesn't make any difference but I thought
I'd mention it) and it the only domain controller for the AD domain.
With the command, "smbpasswd -r DC -j ad... -UAdministrator%mypassword", I get a successful response:
Joined domain AD.
However, when I get on a Windows 2000 machine (which is also a member of the domain AD), and try
to mount \\mysambaserver\acls as a user who is already authenticated in the AD domain, it fails
(the windows end seems to hang and *eventually* prompts me for another username password) and
I see the following in my samba logs:
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/02/24 16:35:19, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
cli_nt_setup_creds: auth2 challenge failed
[2003/02/24 16:35:19, 0] smbd/password.c:connect_to_domain_password_server(1336)
connect_to_domain_password_server: unable to setup the PDC credentials to machine DC. Error was : NT_STATUS_OK.
[2003/02/24 16:35:19, 0] smbd/password.c:domain_client_validate(1554)
domain_client_validate: Domain password server not available.
[2003/02/24 16:35:19, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
unable to open passdb database.
[2003/02/24 16:35:19, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367)
unable to open passdb database.
[2003/02/24 16:35:19, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2003/02/24 16:35:19, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74)
cli_nt_setup_creds: auth2 challenge failed
[2003/02/24 16:35:19, 0] smbd/password.c:connect_to_domain_password_server(1336)
connect_to_domain_password_server: unable to setup the PDC credentials to machine DC. Error was : NT_STATUS_OK.
[2003/02/24 16:35:19, 0] smbd/password.c:domain_client_validate(1554)
domain_client_validate: Domain password server not available.
Here is a listing of my smb.conf file:
[global]
# debug level = 2
# Stuff needed by nmdb first
interfaces = myip
domain master = no
local master = no
preferred master = no
os level = 0
log file = /tmp/slog
wins server = 192.168.28.13
guest account = nobody
encrypt passwords = Yes
# security = server
security = domain
workgroup = ad
password server = dc
username map=/usr/local/samba/lib/ntstaff.map
invalid users = root
[homes]
comment = Home Directories
locking = no
browseable = no
read only = no
force create mode = 0750
create mode = 0750
force directory mode = 0750
directory mode = 0750
preserve case = yes
[acls]
Comments = Account information
path = /export/home/acls
create mode = 660
force create mode = 660
directory mode = 770
force directory mode = 770
preserve case = yes
browseable = yes
I am fairly certain the ntstaff.map file is correct as it works in other configurations. I'll post the line with the username
I used:
!rotest2 = rotest2
If anyone would like any more information I'd be happy to provide it. I am really stumped right now as I think everything I am
trying to do should work, but I don't know what I am doing wrong. I would be most grateful for any assistance.
Thanks,
Rohit Kumar Mehta
University of Connecticut
School of Engineering
Systems Manager
rohitm at engr.uconn.edu
More information about the samba
mailing list