[Samba] RE: Samba with winbind setup but some glitches

Sheldon, Jason JSheldon at smithcarter.com
Tue Mar 11 17:05:48 GMT 2003

I typed that question up rather hastily last night before leaving work:
I'll add that i'm running Redhat 8.0, Samba 2.2.7a --with-pam  (should have
done --with-winbind, but i didn't know about that with option until after). 
Another note: i had just freshly installed Redhat 8.0 with absolutely no
smb/samba options -so i've had to setup pretty much everything by hand -
scripts and all. (of course, i wasn't bright enough to realize that the
samba source comes with the init.d run scripts until after..!) 
1. what i want:  To physically login to the linux box with my NT 4.0 domain
username, and have access to all the domain shares/printers/email as if i
were on a windows machine.  i realize the only way to connect to native
exchange server and have contacts/calender function is to use ximian
evolution with the connector- which you have to pay for...pop3 works okay i
2. issue 1> I am able to login, but I'm finding it difficult to browse the
windows shares - as said in the previous message, if i open Konqueror and
type smb://pcnetbiosname i get a prompt to provide login creds, then it
displays the shares, then i click the share i want, then it asks again for
login credentials, then it just sits there thinking...
in your guys' experience what are some of the better "Network Neighborhood"
browsers?/best way to connect to windows shares with the gui? (KDE or GNOME)
issue 2> when i login from the shell, I get a "id: cannot find name for
group ID 10000" .  If i login at the X login it seems to authenticate right,
but then it just brings me right back to the login screen...
issue 3 smbd> there are multiple smbd daemons running...so far not more than
2, maybe 3..when i restart the daemon /etc/rc.d/init.d/smb restart - it
loads nmbd and smbd just fine, and there is only one of each.  i'll look
back a while later and there are a couple smbd's..is this normal?  Does smbd
run an instance for each connection?
issue 4 smbstatus>  when i lookup smbstatus - it displays that i have a
connection to which is an NT 4.0  PDC on a different subnet
(same subnet mask) -it doesn't display the PDC on my local subnet...strange?
in my smb.conf it's supposed to connect to --
question 5>  is this setup supposed to be case sensitive when loggin in with
Domain+username and password?  my NT passwords (and even one of my logins)
contain both upper and lowercase + numerical characters
3. what i did:  
configured samba from /usr/local/src/samba-2.2.7a --with-smbmount --with-pam
(should have added winbind? any others?)
configured smb.conf:  (it's in /usr/local/samba/lib/smb.conf)
name resolve order = wins lmhosts bcast
wins server =
wins support = no
domain master = no
local master = no
os level = 0
preferred master = no
workgroup = INFORMANT
server string = PC118
netbios name = PC118
security = domain
password server = SRV01 SRV02     #(PDC and BDC respectively)
encrypt passwords = yes
smb passwd file = /usr/local/samba/private/smbpasswd
winbind separator = +
winbind gid = 10000-20000
winbind uid = 10000-20000
winbind enum groups = yes
winbind enum users = yes      #(there are about 85 users on our domain, and
only 9 groups)
template shell = /bin/bash
template homedir = /home/%D/%U
[public]  #it was just a quick attempt to create a domain accessible share
for anyone,i can open the share but cannot write to it.
path = /transfer    ##which has drwxr-xr-x permissions owned by root##
guest ok = yes
writeable = yes  
i have the scripts for nmbd/smbd/winbindd in /etc/rc.d/init.d/smb and
/etc/rc.d/init.d/winbindd  - with symlinks to rc3, rc5, and rc6 (K)
i did:
touch /var/cache/samba/unexpected.tdb    #(though i have no clue what this
I joined the domain successfully with 
[ root at pc118 <mailto:root at pc118>  /] smbpasswd -j INFORMANT -r SRV01 -U
Administrator    #(password entered when prompted)
joined domain successfully
I edited /etc/nsswitch.conf so that  
passwd:  files winbind
shadow:  files nisplus
group:     files winbind
I tested wbinfo -u and -g, it gets users/groups from domain.
/]getent passwd gets a password list from domain (is it supposed to save
them in /etc/passwd or anywhere else or just DISPLAY the domain
users/passwords?  it displays them, but doesn't save them anywhere.  i
assume that's correct).
created home dir for domain users:  mkdir /home/INFORMANT    chmod 755
from samba-2.2.7a/source/]#  cp nsswitch/pam_winbind.so /lib/security   
/]# chmod 755 /lib/security/pam_winbind.so
samba-2.2.7a/source /]#  cp nsswitch/libnss_winbind.so /lib   chmod 755
/]#  ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
Edited PAM modules /etc/pam.d/system-auth
auth required     /lib/security/pam_env.so
auth sufficient    /lib/security/pam_winbind.so
auth sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pass
auth required     /lib/security/pam_deny.so
account     required     /lib/security/pam_unix.so
password   required     /lib/security/pam_cracklib.so retry=3 type=
password   sufficient   /lib/security/pam_unix.so nullok use_authtok md5
password   required    /lib/security/pam_deny.so
session     required     /lib/security/pam_limits.so
session     required     /lib/security/pam_unix.so
edited /etc/pam.d/login
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so  service=system-auth
auth       required     /lib/security/pam_nologin.so
account  required     /lib/security/pam_stack.so  service=system-auth
password required   /lib/security/pam_stack.so  service=system-auth
session   required    /lib/security/pam_stack.so  service=system-auth
session  optional     /lib/security/pam_console.so
session  required    /lib/security/pam_mkhomedir.so  skel=/etc/skel
After all that i also did the mksmbpasswd.sh as instructed in the
Encryption.html (i think it was encryption) - is this necessary when running
security = domain with winbind??  
[root at pc118 private/]# chmod 500 .;  chmod 600 smbpasswd
here are my startup scripts:
#chkconfig: - 91 35
# source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
#Check that smb.conf exists
[ -f /usr/local/samba/lib/smb.conf ] || exit 0
RETVAL=0    #(this means "return value"?  i'm not a programmer, so i was
curious about this parameter.)
# See how we were called.
 case "$1" in
    killall smbd
    killall nmbd
    echo -n "Starting SMB services: "
    /usr/local/samba/bin/smbd -D
    echo -n "Starting NMB services: "
    /usr/local/samba/bin/nmbd -D
    killall smbd
    killall smbd
    $0 stop           
    $0 start
    kill -SIGHUP `cat /usr/local/samba/var/locks/smbd.pid`
    kill -SIGHUP `cat /usr/local/samba/var/locks/nmbd.pid`
    statusproc /usr/local/samba/bin/smbd   #(note> statusproc seems to be an
unkown command on my system)
    statusproc /usr/local/samba/bin/nmbd
    echo "Usage: $0 {start|stop|restart|status}"
    exit 1
    exit $RETVAL
is the winbindd daemon script pertinent?
I basically pieced the smb script together from snippets i found on the web,
i suppose i could copy over the sample script found in the examples file in
the samba source - would this solve my multiple smbd issue?
Thanks again for any insight you can offer me on the above problems!
If anyone finds this step-by-step samba/winbind for NT 4.0 domain useful,
that's great too. like i said, it's CLOSE to working nicely..
my goal at the moment is to have a windows 98/nt workstation replacement
machine (linux) to access NT shares/printers/exchange server - for doing day
to day work/emails, nothing to fancy.  i just want it to function easily
when manually browsing "network neighborhood" and opening shares/printing.
if at all possible that is...
Jason Sheldon


More information about the samba mailing list