[Samba] Winbind under 3.0beta2

Ron Garcia-Vidal ghstwrtr at evilgenius.net
Thu Sep 25 17:39:42 GMT 2003

Hash: SHA1

I'm having a problem getting a browse list from my Samba box.  I'm 
running debian testing with the 3.0beta2-1 package.  Winbind appears to 
be installed properly and functioning properly:

root at dbs1:~# wbinfo -t
checking the trust secret via RPC calls succeeded

root at dbs1:~# wbinfo -a Administrator%xxxxx
plaintext password authentication succeeded
challenge/response password authentication succeeded

wbinfo -u and -g gives me all the users and groups I'm expecting, as 
does getent passwd and getent group.  I've even set up the PAM modules 
for login, ssh and su to recognize winbind and am able to log in via 
console and ssh using my NT credentials.

The problem comes when I try to access via smbclient or Windows 
Explorer.  I get the following error on the console (with smbclient):

root at dbs1:~# smbclient -L //dbs -UAdministrator
session setup failed: NT_STATUS_LOGON_FAILURE

And the logs show the following:

[2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_account(573)
~  smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management 
for User: Administrator
[2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_accountcheck(781)
~  smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User 

So under 2.8 this was happening, until I realized I hadn't installed 
libpam-smbpass.  Once I did this, access was granted.  After I upgraded 
I checked that all relevant packages were at 3.0beta2 and they were, 
including libpam-smbpass.  So am I missing another library?  Am I 
missing something in my smb.conf file?  Here's the output of testparm:

root at dbs1:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Backup]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Press enter to see a dump of your service definitions

# Global parameters
~        workgroup = DOMAIN1
~        netbios name = DBS
~        server string = %h server (Samba %v)
~        security = DOMAIN
~        obey pam restrictions = Yes
~        password server = PDC1
~        passdb backend = tdbsam, guest
~        passwd program = /usr/bin/passwd %u
~        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
~        syslog = 0
~        log file = /var/log/samba/log.%m
~        max log size = 1000
~        deadtime = 5
~        dns proxy = No
~        wins server =
~        panic action = /usr/share/samba/panic-action %d
~        idmap uid = 10000-20000
~        idmap gid = 10000-20000
~        template homedir = /home/%U
~        template shell = /bin/bash
~        winbind separator = +
~        winbind cache time = 10
~        winbind use default domain = Yes
~        invalid users = root
~        oplocks = No
~        level2 oplocks = No

~        comment = Home Directories
~        create mask = 0700
~        directory mask = 0700
~        browseable = No

~        comment = All Printers
~        path = /tmp
~        create mask = 0700
~        printable = Yes
~        browseable = No

Any ideas?

- --
- -Ron

God's got a heaven for coutnry trash -- Johnny Cash
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list