[Samba] Re: Samba with winbind trouble

Grosswiler Roger roger at gwch.net
Fri Nov 21 10:57:47 GMT 2003


as you have been on pam.d before, check in your smbpasswd-file wheather
the user you want to auth exists. if no, add it with smbpasswd -a [user]

salut,
Roger
> Hello Roger,
>
> Thanks for your note. I agree with you, I've changed the settings of the
> smb.conf:
>
> from:         encrypt passwords = No
> to:          encrypt passwords = Yes
>
> Now, I've still a trouble, but the error message has changed:
>
> Before:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> after:
> tree connect failed: NT_STATUS_WRONG_PASSWORD
>
> Any ideas ?
>
> Thierry
> ----------------------------------------------------------------------
>
> Thierry Linder                   Tél. central +41 (0)32 557 55 00
> Mandataire Commercial            Mobile       +41 (0)79 473 92 35
> Key Account Manager              Fax          +41 (0)32 557 55 05
> Rue de la Gare 4
> CH 2034 Peseux (NE)
> mailto:thierry.linder at uditis.ch
> http://www.uditis.ch
>
>
>
> -----Original Message-----
> From: Grosswiler Roger [mailto:roger at gwch.net]
> Sent: vendredi, 21. novembre 2003 11:12
> To: leopardb
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Re: Samba with winbind trouble
>
>
> or use 'encrypt password = yes' as i read, the pam.d-things are just
> needed if you don't submit your passwords encrypted. btw. all later
> windows-clients (from nt4 on) just support encrypted password=yes. all
> other should somehow fail in wrong password..
>
> cheers,
> Roger
>
>
>> LINDER Thierry wrote:
>>
>>>Hello,
>>>
>>>I try to implement a samba server (2.2.7a) with the authentifiactions
>>>via  winbind to a PDC W2000. When I test winbind, it works:
>>>
>>>[root at pxtest samba]# wbinfo -t
>>>Secret is good
>>>[root at pxtest samba]# wbinfo -a tli%password
>>>plaintext password authentication succeeded
>>>[root at pxtest samba]#
>>>
>>>I enable the winbind on the /etc/nsswitch.conf:
>>>
>>>passwd:     files winbind
>>>shadow:     files
>>>group:      files winbind
>>>
>>>If I try to do a su to my user which is not declared in my
>>>/etc/passwd,  it works fine:
>>>
>>>[root at pxtest samba]# su - tli
>>>[tli at pxtest tli]$
>>>[tli at pxtest tli]$
>>>[tli at pxtest tli]$ id
>>>uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain
>>>Users),10062(PRJ - Gestion de
>>>projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ -
>>> Sharepoint),10053(testgrp)
>>>[tli at pxtest tli]$
>>>
>>>Also, I assume that the winbind levell is OK.
>>>But, If I try to open a share with smbclient, I can't:
>>>
>>>[root at pxtest root]# smbclient -L pxtest
>>>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>>>Password:
>>>Anonymous login successful
>>>Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix]
>>>
>>>        Sharename      Type      Comment
>>>        ---------      ----      -------
>>>        test           Disk      Share de test pour les ACL's
>>>        IPC$           IPC       IPC Service (Samba Server
>>> 2.2.7a-security-rollup-fix + ACL's support)
>>>        ADMIN$         Disk      IPC Service (Samba Server
>>> 2.2.7a-security-rollup-fix + ACL's support)
>>>
>>>        Server               Comment
>>>        ---------            -------
>>>        PXTEST               Samba Server 2.2.7a-security-rollup-fix +
>>> ACL's
>>>        UDNEJ102
>>>
>>>        Workgroup            Master
>>>        ---------            -------
>>>        UDITIS               UDNEJ102
>>>[root at pxtest root]# smbclient //pxtest/tli -U tli
>>>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>>>Password:
>>>session setup failed: NT_STATUS_LOGON_FAILURE
>>>[root at pxtest root]#
>>>
>>>Here is my smb.conf configuration file:
>>>
>>>[root at pxtest samba]# cat smb.conf
>>># Samba config file created using SWAT
>>># from udpexp07.uditis.ch (172.30.1.131)
>>># Date: 2003/11/21 10:22:37
>>>
>>># Global parameters
>>>[global]
>>>        workgroup = UDITIS
>>>        netbios name = PXTEST
>>>        server string = Samba Server %v + ACL's support
>>>        security = DOMAIN
>>>        encrypt passwords = No
>>>        obey pam restrictions = Yes
>>>        password server = udnej102.uditis.ch
>>>        pam password change = Yes
>>>        passwd program = /usr/bin/passwd %u
>>>        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>>> *passwd:*all*authentication*tokens*updated*successfully*
>>>        unix password sync = Yes
>>>        log level = 2
>>>        log file = /var/log/samba/samba.log
>>>        max log size = 0
>>>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>        preferred master = No
>>>        local master = No
>>>        domain master = No
>>>        dns proxy = No
>>>        winbind uid = 10000-20000
>>>        winbind gid = 10000-20000
>>>        template homedir = /home/test/%U
>>>        template shell = /bin/bash
>>>        winbind cache time = 0
>>>        winbind use default domain = Yes
>>>        guest account = Guest
>>>        printing = cups
>>>
>>>[homes]
>>>        comment = Home Directories
>>>        valid users = %S
>>>        read only = No
>>>        create mask = 0664
>>>        directory mask = 0775
>>>        browseable = No
>>>
>>>[printers]
>>>        comment = All Printers
>>>        path = /var/spool/samba
>>>        printable = Yes
>>>        browseable = No
>>>
>>>[test]
>>>        comment = Share de test pour les ACL's
>>>        path = /home/test
>>>[root at pxtest samba]#
>>>
>>>Thanks by advance to help me on this trouble, because I found nothing
>>>serious on the logs and I passed through alla my ideas ...
>>>
>>>Many thanks
>>>
>>>Thierry
>>>----------------------------------------------------------------------
>>>
>>>Thierry Linder                   Tél. central +41 (0)32 557 55 00
>>>Mandataire Commercial            Mobile       +41 (0)79 473 92 35
>>>Key Account Manager              Fax          +41 (0)32 557 55 05
>>>Rue de la Gare 4
>>>CH 2034 Peseux (NE)
>>>mailto:thierry.linder at uditis.ch
>>>http://www.uditis.ch
>>>
>>>
>>>
>> Hi,
>> excuse my noob answer but did you alter your /etc/pam.d/* files ?
>> there's some work to do in those. By the way, i'm in pretty much in
>> the same situation, except for one thing : the output for my smbclient
>> is :
>>
>> added interface ip=128.0.107.2 bcast=128.0.107.255 nmask=255.255.255.0
>> Password:
>> Domain=[FIRM] OS=[Unix] Server=[Samba 2.2.8a]
>> tree connect failed: NT_STATUS_WRONG_PASSWORD
>>
>> although the password is correct...
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>




More information about the samba mailing list