[Samba] Re: Samba with winbind trouble
LINDER Thierry
Thierry.Linder at uditis.ch
Fri Nov 21 10:41:04 GMT 2003
Hello Roger,
Thanks for your note. I agree with you, I've changed the settings of the smb.conf:
from: encrypt passwords = No
to: encrypt passwords = Yes
Now, I've still a trouble, but the error message has changed:
Before:
session setup failed: NT_STATUS_LOGON_FAILURE
after:
tree connect failed: NT_STATUS_WRONG_PASSWORD
Any ideas ?
Thierry
----------------------------------------------------------------------
Thierry Linder Tél. central +41 (0)32 557 55 00
Mandataire Commercial Mobile +41 (0)79 473 92 35
Key Account Manager Fax +41 (0)32 557 55 05
Rue de la Gare 4
CH 2034 Peseux (NE)
mailto:thierry.linder at uditis.ch
http://www.uditis.ch
-----Original Message-----
From: Grosswiler Roger [mailto:roger at gwch.net]
Sent: vendredi, 21. novembre 2003 11:12
To: leopardb
Cc: samba at lists.samba.org
Subject: Re: [Samba] Re: Samba with winbind trouble
or use 'encrypt password = yes' as i read, the pam.d-things are just needed if you don't submit your passwords encrypted. btw. all later windows-clients (from nt4 on) just support encrypted password=yes. all other should somehow fail in wrong password..
cheers,
Roger
> LINDER Thierry wrote:
>
>>Hello,
>>
>>I try to implement a samba server (2.2.7a) with the authentifiactions
>>via winbind to a PDC W2000. When I test winbind, it works:
>>
>>[root at pxtest samba]# wbinfo -t
>>Secret is good
>>[root at pxtest samba]# wbinfo -a tli%password
>>plaintext password authentication succeeded
>>[root at pxtest samba]#
>>
>>I enable the winbind on the /etc/nsswitch.conf:
>>
>>passwd: files winbind
>>shadow: files
>>group: files winbind
>>
>>If I try to do a su to my user which is not declared in my
>>/etc/passwd, it works fine:
>>
>>[root at pxtest samba]# su - tli
>>[tli at pxtest tli]$
>>[tli at pxtest tli]$
>>[tli at pxtest tli]$ id
>>uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain
>>Users),10062(PRJ - Gestion de
>>projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ -
>> Sharepoint),10053(testgrp)
>>[tli at pxtest tli]$
>>
>>Also, I assume that the winbind levell is OK.
>>But, If I try to open a share with smbclient, I can't:
>>
>>[root at pxtest root]# smbclient -L pxtest
>>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>>Password:
>>Anonymous login successful
>>Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix]
>>
>> Sharename Type Comment
>> --------- ---- -------
>> test Disk Share de test pour les ACL's
>> IPC$ IPC IPC Service (Samba Server
>> 2.2.7a-security-rollup-fix + ACL's support)
>> ADMIN$ Disk IPC Service (Samba Server
>> 2.2.7a-security-rollup-fix + ACL's support)
>>
>> Server Comment
>> --------- -------
>> PXTEST Samba Server 2.2.7a-security-rollup-fix +
>> ACL's
>> UDNEJ102
>>
>> Workgroup Master
>> --------- -------
>> UDITIS UDNEJ102
>>[root at pxtest root]# smbclient //pxtest/tli -U tli
>>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>>Password:
>>session setup failed: NT_STATUS_LOGON_FAILURE
>>[root at pxtest root]#
>>
>>Here is my smb.conf configuration file:
>>
>>[root at pxtest samba]# cat smb.conf
>># Samba config file created using SWAT
>># from udpexp07.uditis.ch (172.30.1.131)
>># Date: 2003/11/21 10:22:37
>>
>># Global parameters
>>[global]
>> workgroup = UDITIS
>> netbios name = PXTEST
>> server string = Samba Server %v + ACL's support
>> security = DOMAIN
>> encrypt passwords = No
>> obey pam restrictions = Yes
>> password server = udnej102.uditis.ch
>> pam password change = Yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>> *passwd:*all*authentication*tokens*updated*successfully*
>> unix password sync = Yes
>> log level = 2
>> log file = /var/log/samba/samba.log
>> max log size = 0
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> preferred master = No
>> local master = No
>> domain master = No
>> dns proxy = No
>> winbind uid = 10000-20000
>> winbind gid = 10000-20000
>> template homedir = /home/test/%U
>> template shell = /bin/bash
>> winbind cache time = 0
>> winbind use default domain = Yes
>> guest account = Guest
>> printing = cups
>>
>>[homes]
>> comment = Home Directories
>> valid users = %S
>> read only = No
>> create mask = 0664
>> directory mask = 0775
>> browseable = No
>>
>>[printers]
>> comment = All Printers
>> path = /var/spool/samba
>> printable = Yes
>> browseable = No
>>
>>[test]
>> comment = Share de test pour les ACL's
>> path = /home/test
>>[root at pxtest samba]#
>>
>>Thanks by advance to help me on this trouble, because I found nothing
>>serious on the logs and I passed through alla my ideas ...
>>
>>Many thanks
>>
>>Thierry
>>----------------------------------------------------------------------
>>
>>Thierry Linder Tél. central +41 (0)32 557 55 00
>>Mandataire Commercial Mobile +41 (0)79 473 92 35
>>Key Account Manager Fax +41 (0)32 557 55 05
>>Rue de la Gare 4
>>CH 2034 Peseux (NE)
>>mailto:thierry.linder at uditis.ch
>>http://www.uditis.ch
>>
>>
>>
> Hi,
> excuse my noob answer but did you alter your /etc/pam.d/* files ?
> there's some work to do in those. By the way, i'm in pretty much in
> the same situation, except for one thing : the output for my smbclient
> is :
>
> added interface ip=128.0.107.2 bcast=128.0.107.255 nmask=255.255.255.0
> Password:
> Domain=[FIRM] OS=[Unix] Server=[Samba 2.2.8a]
> tree connect failed: NT_STATUS_WRONG_PASSWORD
>
> although the password is correct...
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list