[Samba] Re: Samba with winbind trouble
Grosswiler Roger
roger at gwch.net
Fri Nov 21 10:57:47 GMT 2003
as you have been on pam.d before, check in your smbpasswd-file wheather
the user you want to auth exists. if no, add it with smbpasswd -a [user]
salut,
Roger
> Hello Roger,
>
> Thanks for your note. I agree with you, I've changed the settings of the
> smb.conf:
>
> from: encrypt passwords = No
> to: encrypt passwords = Yes
>
> Now, I've still a trouble, but the error message has changed:
>
> Before:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> after:
> tree connect failed: NT_STATUS_WRONG_PASSWORD
>
> Any ideas ?
>
> Thierry
> ----------------------------------------------------------------------
>
> Thierry Linder Tél. central +41 (0)32 557 55 00
> Mandataire Commercial Mobile +41 (0)79 473 92 35
> Key Account Manager Fax +41 (0)32 557 55 05
> Rue de la Gare 4
> CH 2034 Peseux (NE)
> mailto:thierry.linder at uditis.ch
> http://www.uditis.ch
>
>
>
> -----Original Message-----
> From: Grosswiler Roger [mailto:roger at gwch.net]
> Sent: vendredi, 21. novembre 2003 11:12
> To: leopardb
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Re: Samba with winbind trouble
>
>
> or use 'encrypt password = yes' as i read, the pam.d-things are just
> needed if you don't submit your passwords encrypted. btw. all later
> windows-clients (from nt4 on) just support encrypted password=yes. all
> other should somehow fail in wrong password..
>
> cheers,
> Roger
>
>
>> LINDER Thierry wrote:
>>
>>>Hello,
>>>
>>>I try to implement a samba server (2.2.7a) with the authentifiactions
>>>via winbind to a PDC W2000. When I test winbind, it works:
>>>
>>>[root at pxtest samba]# wbinfo -t
>>>Secret is good
>>>[root at pxtest samba]# wbinfo -a tli%password
>>>plaintext password authentication succeeded
>>>[root at pxtest samba]#
>>>
>>>I enable the winbind on the /etc/nsswitch.conf:
>>>
>>>passwd: files winbind
>>>shadow: files
>>>group: files winbind
>>>
>>>If I try to do a su to my user which is not declared in my
>>>/etc/passwd, it works fine:
>>>
>>>[root at pxtest samba]# su - tli
>>>[tli at pxtest tli]$
>>>[tli at pxtest tli]$
>>>[tli at pxtest tli]$ id
>>>uid=10061(tli) gid=10000(Domain Users) groups=10000(Domain
>>>Users),10062(PRJ - Gestion de
>>>projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ -
>>> Sharepoint),10053(testgrp)
>>>[tli at pxtest tli]$
>>>
>>>Also, I assume that the winbind levell is OK.
>>>But, If I try to open a share with smbclient, I can't:
>>>
>>>[root at pxtest root]# smbclient -L pxtest
>>>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>>>Password:
>>>Anonymous login successful
>>>Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix]
>>>
>>> Sharename Type Comment
>>> --------- ---- -------
>>> test Disk Share de test pour les ACL's
>>> IPC$ IPC IPC Service (Samba Server
>>> 2.2.7a-security-rollup-fix + ACL's support)
>>> ADMIN$ Disk IPC Service (Samba Server
>>> 2.2.7a-security-rollup-fix + ACL's support)
>>>
>>> Server Comment
>>> --------- -------
>>> PXTEST Samba Server 2.2.7a-security-rollup-fix +
>>> ACL's
>>> UDNEJ102
>>>
>>> Workgroup Master
>>> --------- -------
>>> UDITIS UDNEJ102
>>>[root at pxtest root]# smbclient //pxtest/tli -U tli
>>>added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0
>>>Password:
>>>session setup failed: NT_STATUS_LOGON_FAILURE
>>>[root at pxtest root]#
>>>
>>>Here is my smb.conf configuration file:
>>>
>>>[root at pxtest samba]# cat smb.conf
>>># Samba config file created using SWAT
>>># from udpexp07.uditis.ch (172.30.1.131)
>>># Date: 2003/11/21 10:22:37
>>>
>>># Global parameters
>>>[global]
>>> workgroup = UDITIS
>>> netbios name = PXTEST
>>> server string = Samba Server %v + ACL's support
>>> security = DOMAIN
>>> encrypt passwords = No
>>> obey pam restrictions = Yes
>>> password server = udnej102.uditis.ch
>>> pam password change = Yes
>>> passwd program = /usr/bin/passwd %u
>>> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>>> *passwd:*all*authentication*tokens*updated*successfully*
>>> unix password sync = Yes
>>> log level = 2
>>> log file = /var/log/samba/samba.log
>>> max log size = 0
>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>> preferred master = No
>>> local master = No
>>> domain master = No
>>> dns proxy = No
>>> winbind uid = 10000-20000
>>> winbind gid = 10000-20000
>>> template homedir = /home/test/%U
>>> template shell = /bin/bash
>>> winbind cache time = 0
>>> winbind use default domain = Yes
>>> guest account = Guest
>>> printing = cups
>>>
>>>[homes]
>>> comment = Home Directories
>>> valid users = %S
>>> read only = No
>>> create mask = 0664
>>> directory mask = 0775
>>> browseable = No
>>>
>>>[printers]
>>> comment = All Printers
>>> path = /var/spool/samba
>>> printable = Yes
>>> browseable = No
>>>
>>>[test]
>>> comment = Share de test pour les ACL's
>>> path = /home/test
>>>[root at pxtest samba]#
>>>
>>>Thanks by advance to help me on this trouble, because I found nothing
>>>serious on the logs and I passed through alla my ideas ...
>>>
>>>Many thanks
>>>
>>>Thierry
>>>----------------------------------------------------------------------
>>>
>>>Thierry Linder Tél. central +41 (0)32 557 55 00
>>>Mandataire Commercial Mobile +41 (0)79 473 92 35
>>>Key Account Manager Fax +41 (0)32 557 55 05
>>>Rue de la Gare 4
>>>CH 2034 Peseux (NE)
>>>mailto:thierry.linder at uditis.ch
>>>http://www.uditis.ch
>>>
>>>
>>>
>> Hi,
>> excuse my noob answer but did you alter your /etc/pam.d/* files ?
>> there's some work to do in those. By the way, i'm in pretty much in
>> the same situation, except for one thing : the output for my smbclient
>> is :
>>
>> added interface ip=128.0.107.2 bcast=128.0.107.255 nmask=255.255.255.0
>> Password:
>> Domain=[FIRM] OS=[Unix] Server=[Samba 2.2.8a]
>> tree connect failed: NT_STATUS_WRONG_PASSWORD
>>
>> although the password is correct...
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: http://lists.samba.org/mailman/listinfo/samba
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list