[Samba] Samba 3 & ADC problem.
Ron Smith
rls at cableone.net
Wed Nov 5 09:10:01 GMT 2003
Greetings all.
I am banging my head about this one, I will try to be as specific as
possible, bear with me please.
I have a W2KDC ADC, and trying to join a Samba 3 linux workstation to it.
What works:
net join: succeeded
wbinfo -t: checking the trust secret via RPC calls succeeded
wbinfo -m: return to prompt, no output
wbinfo -u: correct list of local + AD members
wbinfo -g: correct list of local + AD groups
kinit: succeeded
klist output for root from the samba machine:
Default principal: sambasol at THIS.DOMAIN
Valid starting Expires Service principal
11/04/03 23:35:33 11/05/03 09:35:33 krbtgt/THIS.DOMAIN at THIS.DOMAIN
11/04/03 23:37:26 11/05/03 09:35:33 adc1$@THIS.DOMAIN
11/05/03 00:28:14 11/05/03 09:35:33 samba1$@THIS.DOMAIN
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
pam.d/login modified and working
AD users can log into local terminal of samba
machine, and if home dir is missing, created
via use of pam_mkhomedir
telnet/ssh/ftp/etc. all working with local & AD accounts
No accounts in AD overlap linux system accounts
Any windows (all WinXP Pro or Win2K) client's shares can
be accessed from the samba/linux system, including any
dfs from the AD system. Example:
smbclient -k //adc1/dfs1
Succeeds.
Any windows client's shares can be accessed from any other
windows client, or the AD server.
What DOESN'T work:
Cannot access any samba shares on the linux machine, from
the samba system itself, or any windows client.
smbclient -k //samba1/tmp
session setup failed: NT_STATUS_LOGON_FAILURE
However, I can do this:
smbclient //samba1/tmp
Enter password when prompted, and access success.
Of course, any windows client cannot access the samba shares at all, cannot
even browse the machine's share list, and it does not show up in Network
Places although all other systems do.
/etc/samba/smb.conf: (edited for brevity)
[global]
workgroup = THIS
realm = THIS.DOMAIN
security = ADS
netbios name = SAMBA1
map to guest = Bad User
obey pam restrictions = Yes
password server = *
wins server = 50.50.50.50 #(IP of ADS)
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind use default domain = Yes
[homes]
comment = Home Directories
path = %H
valid users = %S
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes
Ron L. Smith
More information about the samba
mailing list