[Samba] Re: Samba with winbind trouble

leopardb leopardb at club-internet.fr
Fri Nov 21 10:01:15 GMT 2003 

LINDER Thierry wrote:

>Hello,
>
>I try to implement a samba server (2.2.7a) with the authentifiactions via winbind to a PDC W2000.
>When I test winbind, it works:
>
>[root at pxtest samba]# wbinfo -t
>Secret is good
>[root at pxtest samba]# wbinfo -a tli%password
>plaintext password authentication succeeded
>[root at pxtest samba]# 
>
>I enable the winbind on the /etc/nsswitch.conf:
>
>passwd:     files winbind
>shadow:     files 
>group:      files winbind
>
>If I try to do a su to my user which is not declared in my /etc/passwd, it works fine:
>
>[root at pxtest samba]# su - tli
>[tli at pxtest tli]$ 
>[tli at pxtest tli]$ 
>[tli at pxtest tli]$ id
>uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain Users),10062(PRJ - Gestion de projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ - Sharepoint),10053(testgrp)
>[tli at pxtest tli]$ 
>
>Also, I assume that the winbind levell is OK.
>But, If I try to open a share with smbclient, I can't:
>
>[root at pxtest root]# smbclient -L pxtest
>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>Password: 
>Anonymous login successful
>Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix]
>
>        Sharename      Type      Comment
>        ---------      ----      -------
>        test           Disk      Share de test pour les ACL's
>        IPC$           IPC       IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support)
>        ADMIN$         Disk      IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support)
>
>        Server               Comment
>        ---------            -------
>        PXTEST               Samba Server 2.2.7a-security-rollup-fix + ACL's 
>        UDNEJ102             
>
>        Workgroup            Master
>        ---------            -------
>        UDITIS               UDNEJ102
>[root at pxtest root]# smbclient //pxtest/tli -U tli
>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>Password: 
>session setup failed: NT_STATUS_LOGON_FAILURE
>[root at pxtest root]# 
>
>Here is my smb.conf configuration file:
>
>[root at pxtest samba]# cat smb.conf
># Samba config file created using SWAT
># from udpexp07.uditis.ch (172.30.1.131)
># Date: 2003/11/21 10:22:37
>
># Global parameters
>[global]
>        workgroup = UDITIS
>        netbios name = PXTEST
>        server string = Samba Server %v + ACL's support
>        security = DOMAIN
>        encrypt passwords = No
>        obey pam restrictions = Yes
>        password server = udnej102.uditis.ch
>        pam password change = Yes
>        passwd program = /usr/bin/passwd %u
>        passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
>        unix password sync = Yes
>        log level = 2
>        log file = /var/log/samba/samba.log
>        max log size = 0
>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>        preferred master = No
>        local master = No
>        domain master = No
>        dns proxy = No
>        winbind uid = 10000-20000
>        winbind gid = 10000-20000
>        template homedir = /home/test/%U
>        template shell = /bin/bash
>        winbind cache time = 0
>        winbind use default domain = Yes
>        guest account = Guest
>        printing = cups
>
>[homes]
>        comment = Home Directories
>        valid users = %S
>        read only = No
>        create mask = 0664
>        directory mask = 0775
>        browseable = No
>
>[printers]
>        comment = All Printers
>        path = /var/spool/samba
>        printable = Yes
>        browseable = No
>
>[test]
>        comment = Share de test pour les ACL's
>        path = /home/test
>[root at pxtest samba]# 
>
>Thanks by advance to help me on this trouble, because I found nothing serious on the logs and I passed through alla my ideas ...
>
>Many thanks
>
>Thierry
>----------------------------------------------------------------------
>
>Thierry Linder                   Tél. central +41 (0)32 557 55 00
>Mandataire Commercial            Mobile       +41 (0)79 473 92 35
>Key Account Manager              Fax          +41 (0)32 557 55 05
>Rue de la Gare 4                   
>CH 2034 Peseux (NE)
>mailto:thierry.linder at uditis.ch
>http://www.uditis.ch 
>
>  
>
Hi,
excuse my noob answer but did you alter your /etc/pam.d/* files ? 
there's some work to do in those. By the way, i'm in pretty much in the 
same situation, except for one thing : the output for my smbclient is :

added interface ip=128.0.107.2 bcast=128.0.107.255 nmask=255.255.255.0
Password:
Domain=[FIRM] OS=[Unix] Server=[Samba 2.2.8a]
tree connect failed: NT_STATUS_WRONG_PASSWORD

although the password is correct...

More information about the samba mailing list