[Samba] Re: samba + winbindd with NT-DC problem... i'm stuck.

leopardb leopardb at club-internet.fr
Fri Nov 21 19:10:12 GMT 2003 

Leandro Ariel Gomez Chavarria wrote:

>I think your problem is this:
>  
>
>> passwd: files winbind
>> group:  files winbind
>> shadow: files winbind nis
>>    
>>
>
>the correct modification for nsswitch is 
> passwd: files winbind
> group:  files winbind
> shadow: files nis
>
>DON'T put winbind in shadow line!
>
>then try with "getenet passwd" or "getent group" and you should see all
>users in /etc/passwd and after them domain users.
>
>let me know if it works 
>
>good luck, leandro.-
>
>  
>
>>>>leopardb <leopardb at club-internet.fr> 11/21/03 07:30am >>>
>>>>        
>>>>
>Björn Andersen wrote:
>
>  
>
>>Hello Group,
>>
>>I'm really stuck here.  I try to get an samba to authenticate it's
>>    
>>
>users
>  
>
>>nicely
>>against an NT-DC, which will later be upgraded to W2K or W2K3
>>
>>My system : Suse 8.1, samba-2.2.5-80, samba-client-2.2.5-80
>>
>>My test-config for smb:
>>[global]
>>   winbind separator = +
>>   winbind cache time = 0
>>   template shell = /bin/bash
>>   template homedir = /home/%D/%U
>>   winbind uid = 10000-20000
>>   winbind gid = 10000-20000
>>   workgroup = FOERDE
>>   security = domain
>>   encrypt passwords = Yes
>>   password server = SMSERVER SERVER01
>>[daten]
>>   path = /srv/samba/daten
>>   writeable = no
>>   write list = root FOERDE+300
>>   valid users = root 300 FOERDE+300 @FOERDE+218
>>
>>winbindd runs as daemon, "wbinfo -u" and  "wbinfo -g"  gives the
>>    
>>
>right
>  
>
>>domain users & groups,
>>as well as "getent group"  and   "getent passwd".
>>strangely even ...
>> # wbinfo -a foerde+300%password
>>works with an output of...
>> plaintext password authentication succeeded
>> error code was NT_STATUS_OK (0x0)
>> challenge/response password authentication succeeded
>> error code was NT_STATUS_OK (0x0)
>>
>>I inserted in /etc/nsswitch.conf
>> passwd: files winbind
>> group:  files winbind
>> shadow: files winbind nis
>>to activate winbind. I have not changed anything in PAM because I only
>>    
>>
>need
>  
>
>>Domain Users
>>to access Win-Shares, not to login or anything else.
>>But with ... :
>> web1-50:~ # smbclient //web3-77/daten -U 300 -W foerde
>>i only get this output... :
>> added interface ip=150.10.30.50 bcast=150.10.30.255
>>    
>>
>nmask=255.255.255.0
>  
>
>> added interface ip=10.1.110.20 bcast=10.1.110.255
>>    
>>
>nmask=255.255.255.0
>  
>
>> Password: *****
>> Domain=[FOERDE] OS=[Unix] Server=[Samba 2.2.5]
>> tree connect failed: NT_STATUS_WRONG_PASSWORD
>>
>>Logfiles :
>>messages: nothing
>>log.winbind : nothing
>>log.smbd : nothing
>>log.nmbd : nothing
>>
>>With a wrong PW i get logentries "Error was
>>    
>>
>NT_STATUS_WRONG_PASSWORD."
>  
>
>>which seems right. But nothing with right PW. Sadly no logon as well.
>>    
>>
>My
>  
>
>>Testuser is "300",
>>as you can see i tryed some different syntax for user in smb.conf as
>>    
>>
>well as
>  
>
>>in smbclient. No good.
>>
>>What am I doing wrong ? Especially because "wbinfo -a" works, I
>>    
>>
>thought I
>  
>
>>was quite close.
>>But I didn't make any progress for days now..
>>What did I forget ?
>>
>>Please Help..
>>
>>Björn Andersen
>>
>>
>>
>>
>> 
>>
>>    
>>
>I've exactly the same problem. Did you receive any answer ?
>
>
>  
>
Thx for your answer

btw the solution is to get rid of the line "valid users = %S" in smb.conf...

More information about the samba mailing list