[Samba] [Fwd: Winbind under 3.0
jelmer at vernstok.nl
Mon Sep 29 15:15:47 GMT 2003
On Mon, 2003-09-29 at 17:05, Ron Garcia-Vidal wrote:
> I'm having a problem getting a browse list from my Samba box. I'm
> running debian testing with the 3.0beta2-1 package. Winbind appears to
> be installed properly and functioning properly:
> root at dbs1:~# wbinfo -t
> checking the trust secret via RPC calls succeeded
> root at dbs1:~# wbinfo -a Administrator%xxxxx
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
> wbinfo -u and -g gives me all the users and groups I'm expecting, as
> does getent passwd and getent group. I've even set up the PAM modules
> for login, ssh and su to recognize winbind and am able to log in via
> console and ssh using my NT credentials.
> The problem comes when I try to access via smbclient or Windows
> Explorer. I get the following error on the console (with smbclient):
> root at dbs1:~# smbclient -L //dbs -UAdministrator
> session setup failed: NT_STATUS_LOGON_FAILURE
> And the logs show the following:
> [2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_account(573)
> ~ smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
> for User: Administrator
> [2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_accountcheck(781)
> ~ smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
> So under 2.8 this was happening, until I realized I hadn't installed
> libpam-smbpass. Once I did this, access was granted. After I upgraded
> I checked that all relevant packages were at 3.0beta2 and they were,
> including libpam-smbpass. So am I missing another library? Am I
> missing something in my smb.conf file? Here's the output of testparm:
libpam-smbpass is not required to make samba work correctly. It is of
absolutely no use when you put it inside /etc/pam.d/samba.
> root at dbs1:~# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[Backup]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group membership.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
> # Global parameters
> ~ workgroup = DOMAIN1
> ~ netbios name = DBS
> ~ server string = %h server (Samba %v)
> ~ security = DOMAIN
> ~ obey pam restrictions = Yes
^^ obey pam restrictions is only useful if you have 'encrypt passwords =
Jelmer Vernooij - http://jelmer.vernstok.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030929/2d896545/attachment.bin
More information about the samba