[Samba] [Fwd: Winbind under 3.0

Ron Garcia-Vidal ghstwrtr at evilgenius.net
Mon Sep 29 15:05:56 GMT 2003

I posted this plea for help last week, but received no responses, so I 
figured I'd re-send.  Since posting this message I upgraded to 3.0 
stable using the package posted on the samba.org site, and the behavior 
remains the same.  I should also mention, if I try smbclient -U  guest 
and enter an empty password, I can successfully get a browse list fromt 
the server.  Is there an increased security parameter in 3.0 wherin I 
have to specifically tell it to give up a browse list for authorized users?

If I'm not giving enough information, please feel free to ask for more.  

-------- Original Message --------

I'm having a problem getting a browse list from my Samba box.  I'm
running debian testing with the 3.0beta2-1 package.  Winbind appears to
be installed properly and functioning properly:

root at dbs1:~# wbinfo -t
checking the trust secret via RPC calls succeeded

root at dbs1:~# wbinfo -a Administrator%xxxxx
plaintext password authentication succeeded
challenge/response password authentication succeeded

wbinfo -u and -g gives me all the users and groups I'm expecting, as
does getent passwd and getent group.  I've even set up the PAM modules
for login, ssh and su to recognize winbind and am able to log in via
console and ssh using my NT credentials.

The problem comes when I try to access via smbclient or Windows
Explorer.  I get the following error on the console (with smbclient):

root at dbs1:~# smbclient -L //dbs -UAdministrator
session setup failed: NT_STATUS_LOGON_FAILURE

And the logs show the following:

[2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_account(573)
~  smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
for User: Administrator
[2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_accountcheck(781)
~  smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User

So under 2.8 this was happening, until I realized I hadn't installed
libpam-smbpass.  Once I did this, access was granted.  After I upgraded
I checked that all relevant packages were at 3.0beta2 and they were,
including libpam-smbpass.  So am I missing another library?  Am I
missing something in my smb.conf file?  Here's the output of testparm:

root at dbs1:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Backup]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Press enter to see a dump of your service definitions

# Global parameters
~        workgroup = DOMAIN1
~        netbios name = DBS
~        server string = %h server (Samba %v)
~        security = DOMAIN
~        obey pam restrictions = Yes
~        password server = PDC1
~        passdb backend = tdbsam, guest
~        passwd program = /usr/bin/passwd %u
~        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
~        syslog = 0
~        log file = /var/log/samba/log.%m
~        max log size = 1000
~        deadtime = 5
~        dns proxy = No
~        wins server =
~        panic action = /usr/share/samba/panic-action %d
~        idmap uid = 10000-20000
~        idmap gid = 10000-20000
~        template homedir = /home/%U
~        template shell = /bin/bash
~        winbind separator = +
~        winbind cache time = 10
~        winbind use default domain = Yes
~        invalid users = root
~        oplocks = No
~        level2 oplocks = No

~        comment = Home Directories
~        create mask = 0700
~        directory mask = 0700
~        browseable = No

~        comment = All Printers
~        path = /tmp
~        create mask = 0700
~        printable = Yes
~        browseable = No

Any ideas?

More information about the samba mailing list