[Samba] samba as a domain member server using winbind

ipguy at optushome.com.au ipguy at optushome.com.au
Wed May 28 10:14:44 GMT 2003 

hi all

i seem to be having a problem replicating an installation of samba as a "domain member server" to our NT4 PDC

when i initally installed samba i was able to use the DC's as the authentication source to allow the windows workstation access to the samba share via winbind, it all worked well, as documented, i didn't even need to setup user accounts on the samba box.

now that i'm building the production server, i can't seem to replicate the success, no matter what i try the samber server keeps returning a username and password dialog box to the windows users and logs the below error for the users trying to connect....

I successfully joined the domain by " smbpasswd -j PDC -r PDCNAME -U Administrator"
(Note: I needed to add the samber server to the domain on the PDC first before I could join on the samba server)

[2003/05/28 19:46:32, 0] smbd/password.c:domain_client_validate(1558)
  domain_client_validate: could not fetch trust account password for domain PDC
[2003/05/28 19:46:32, 1] smbd/password.c:pass_check_smb(545)
  Couldn't find user 'PDC\ipguy' in passdb.
[2003/05/28 19:46:32, 2] smbd/reply.c:reply_sesssetup_and_X(997)
  NT Password did not match for user 'PDC\ipguy'!
[2003/05/28 19:46:32, 2] smbd/reply.c:reply_sesssetup_and_X(1007)
  Defaulting to Lanman password for PDC\ipguy
[2003/05/28 19:46:32, 1] smbd/password.c:pass_check_smb(545)
  Couldn't find user 'PDC\ipguy' in passdb.
[2003/05/28 19:46:32, 1] smbd/reply.c:reply_sesssetup_and_X(1023)
  Rejecting user 'PDC\ipguy': authentication failed
[2003/05/28 19:46:32, 2] smbd/server.c:exit_server(511)
  Closing connections

my smb.conf
------------------------------
[global]
netbios name = SAMBA
workgroup = PDC
log level = 2
log file = /usr/local/samba/var/samba.log.%U
security = domain
hosts allow = 192.xx.xxx. 127.
password server = *
encrypt passwords = yes
wins server = 192.xx.xx.xx
winbind cache time = 15
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes

[data]
path = /array/samba
browseable = yes
writeable = yes

the correct libnss_winbind links in /lib
---------------------------------------------
  -rwxr-xr-x    1 root     root          17K May 28 17:59 libnss_winbind.so
lrwxrwxrwx    1 root     root           17 May 28 19:32 libnss_winbind.so.1 -> libnss_winbind.so
lrwxrwxrwx    1 root     root           17 May 28 18:02 libnss_winbind.so.2 -> libnss_winbind.so

/etc/nssswitch.conf
----------------------------
passwd:     files winbind
shadow:     files
group:      files winbind

only problem is, i don't recall if i needed to setup PAM, if I do can anyone point me in the right direction, do I need to edit "/etc/pam.d/login" so the windows users can authenticate and access the share ?

any suggestion would be appreciated.

-ipguy

More information about the samba mailing list