[Samba] Winbind under 3.0beta2
Ron Garcia-Vidal
ghstwrtr at evilgenius.net
Thu Sep 25 17:39:42 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm having a problem getting a browse list from my Samba box. I'm
running debian testing with the 3.0beta2-1 package. Winbind appears to
be installed properly and functioning properly:
root at dbs1:~# wbinfo -t
checking the trust secret via RPC calls succeeded
root at dbs1:~# wbinfo -a Administrator%xxxxx
plaintext password authentication succeeded
challenge/response password authentication succeeded
wbinfo -u and -g gives me all the users and groups I'm expecting, as
does getent passwd and getent group. I've even set up the PAM modules
for login, ssh and su to recognize winbind and am able to log in via
console and ssh using my NT credentials.
The problem comes when I try to access via smbclient or Windows
Explorer. I get the following error on the console (with smbclient):
root at dbs1:~# smbclient -L //dbs -UAdministrator
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
And the logs show the following:
[2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_account(573)
~ smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: Administrator
[2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_accountcheck(781)
~ smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
Administrator!
So under 2.8 this was happening, until I realized I hadn't installed
libpam-smbpass. Once I did this, access was granted. After I upgraded
I checked that all relevant packages were at 3.0beta2 and they were,
including libpam-smbpass. So am I missing another library? Am I
missing something in my smb.conf file? Here's the output of testparm:
root at dbs1:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Backup]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
~ workgroup = DOMAIN1
~ netbios name = DBS
~ server string = %h server (Samba %v)
~ security = DOMAIN
~ obey pam restrictions = Yes
~ password server = PDC1
~ passdb backend = tdbsam, guest
~ passwd program = /usr/bin/passwd %u
~ passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
~ syslog = 0
~ log file = /var/log/samba/log.%m
~ max log size = 1000
~ deadtime = 5
~ dns proxy = No
~ wins server = 192.9.200.203
~ panic action = /usr/share/samba/panic-action %d
~ idmap uid = 10000-20000
~ idmap gid = 10000-20000
~ template homedir = /home/%U
~ template shell = /bin/bash
~ winbind separator = +
~ winbind cache time = 10
~ winbind use default domain = Yes
~ invalid users = root
~ oplocks = No
~ level2 oplocks = No
[homes]
~ comment = Home Directories
~ create mask = 0700
~ directory mask = 0700
~ browseable = No
[printers]
~ comment = All Printers
~ path = /tmp
~ create mask = 0700
~ printable = Yes
~ browseable = No
Any ideas?
- --
- -Ron
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
God's got a heaven for coutnry trash -- Johnny Cash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/cyhcvsPR55EQ+eIRArpQAKCcxn2vs0B8AiTi7XUD78F/J2S6MQCfQShx
Wy8hkq9pmMp6PkxrIN/Cl9Y=
=Gtd1
-----END PGP SIGNATURE-----
More information about the samba
mailing list