[Samba] Winbind + ADS small issues

Jordan, Shane sjordan at akili.com
Thu May 8 20:24:55 GMT 2003 

Ok guys after reading a ton of documentation etc I have finally got my Linux
machine to work in a ADS enviroment. I can actually go on a windows machine
type in \\linuxboxname and access shares on my Linux box.

First of all I joined the ADS correctly. wbinfo -u and -g show proper values
and everything works except my Linux computer does not show up in Network
Neighborhood on windows machines. Looking through ADS it does show as a
registered on the domain.

So I have no clue what is causing this. Here is my smb.conf file:

[global]
        realm = CORP.DELINEA.COM
        remote announce = 10.2.41.101
        netbios name = DEMARC
#       workgroup = CORP
        ADS server = 10.2.20.4
        server string = Linux File Server
        security = ADS
        preferred master = No
        local master = No
        domain master = No
        wins server = 10.2.20.4
#       ldap ssl = no
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%U
        template shell = /bin/bash
        winbind separator = +
        winbind cache time = 10
        winbind use default domain = No
        encrypt passwords = yes
        password server = 10.2.20.4
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No
[opt]
        guest ok = no
        read only = no
        nt acl Supprt = yes
        path = /opt
        admin users = CORP+sjordan
[homes]
        comment = Home Directories
        read only = no
        guest ok = no
        nt acl Supprt = yes
        admin users = CORP+sjordan


One thing you will notice is that i commented out the workgroup line. If I
enable this I get a prompt for a username and password that does not go
through.
In the log files I get this for log.smbd
[2003/05/08 15:21:05, 0]
auth/auth_domain.c:connect_to_domain_password_server(215)
  connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine CORPSVCS. Error was : NT_STATUS_ACCESS_DENIED.
[2003/05/08 15:21:05, 0] auth/auth_domain.c:domain_client_validate(327)
  domain_client_validate: Domain password server not available.

[2003/05/08 15:21:04, 0] nsswitch/winbindd_cm.c:cm_get_netlogon_cli(885)
  error connecting to domain password server: NT_STATUS_ACCESS_DENIED

With that option turned off it works fine other than not showing up in
Network Neighborhood. Is this option required if your on a ADS Domain? BTW
CORPSVCS is 10.2.20.4


Thanks in advance!

Shane

More information about the samba mailing list