[Samba] [Fwd: Winbind under 3.0

Jelmer Vernooij jelmer at vernstok.nl
Mon Sep 29 15:15:47 GMT 2003 

On Mon, 2003-09-29 at 17:05, Ron Garcia-Vidal wrote:
> I'm having a problem getting a browse list from my Samba box.  I'm
> running debian testing with the 3.0beta2-1 package.  Winbind appears to
> be installed properly and functioning properly:
> 
> root at dbs1:~# wbinfo -t
> checking the trust secret via RPC calls succeeded
> 
> root at dbs1:~# wbinfo -a Administrator%xxxxx
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
> 
> wbinfo -u and -g gives me all the users and groups I'm expecting, as
> does getent passwd and getent group.  I've even set up the PAM modules
> for login, ssh and su to recognize winbind and am able to log in via
> console and ssh using my NT credentials.
> 
> The problem comes when I try to access via smbclient or Windows
> Explorer.  I get the following error on the console (with smbclient):
> 
> root at dbs1:~# smbclient -L //dbs -UAdministrator
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> And the logs show the following:
> 
> [2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_account(573)
> ~  smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management
> for User: Administrator
> [2003/09/25 12:29:04, 0] auth/pampass.c:smb_pam_accountcheck(781)
> ~  smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User
> Administrator!
> 
> So under 2.8 this was happening, until I realized I hadn't installed
> libpam-smbpass.  Once I did this, access was granted.  After I upgraded
> I checked that all relevant packages were at 3.0beta2 and they were,
> including libpam-smbpass.  So am I missing another library?  Am I
> missing something in my smb.conf file?  Here's the output of testparm:
libpam-smbpass is not required to make samba work correctly. It is of
absolutely no use when you put it inside /etc/pam.d/samba.

> 
> root at dbs1:~# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[Backup]"
> Loaded services file OK.
> 'winbind separator = +' might cause problems with group membership.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
> ~        workgroup = DOMAIN1
> ~        netbios name = DBS
> ~        server string = %h server (Samba %v)
> ~        security = DOMAIN
> ~        obey pam restrictions = Yes
^^ obey pam restrictions is only useful if you have 'encrypt passwords =
no'

Jelmer
--
Jelmer Vernooij  - http://jelmer.vernstok.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030929/2d896545/attachment.bin

More information about the samba mailing list