[Samba] Samba 3.0.3 on FreeBSD 5.2.1 not listing users or allowing user access without a unix account

Derek Ragona derek at computinginnovations.com
Tue Apr 13 22:59:07 GMT 2004 

I am using the FreeBSD samba server as just a fileserver domain member to a 
windows 2000 mixed mode active directory forest.

I configued samba, am able to join the domain using,

# net rpc  join -U Administrator

But not
# net ads  join -U Administrator

I can see my samba shares and use them.  But what is happening is a user
that is in the Active Directory, but not on the FreeBSD server cannot 
access the Samba shares.  If I create a user account on the FreeBSD system, 
then they can
access and use the shares.  I know the passwords are getting authenticated
with the Windows 2k active directory, as I tried with different passwords 
on the system and the win2k password works for accessing the shares.

When I do:
# wbinfo -t
checking the trust secret via RPC calls succeeded

But wbinfo -u does this:
# wbinfo -u
Error looking up domain users

so does wbinfo -g
# wbinfo -g
Error looking up domain groups

The domain is browsable by anonymous users, I checked that setting on the 
windows Active Directory server.  I also tried setting the wbinfo auth user 
with:
wbinfo --set-auth-user=Administrator%*********

That did not change anything.

So It seems like winbind is only partially working.

It looks like the documentation and the applications are in flux with some 
funtions moving to the net command from wbinfo.

I suspect I either didn't build the port with the correct components or 
have a configuration error.  Any help would be appreciated.

here is my smb.conf contents:
;*******************section global*****************
[global]
netbios name = acdsmb-NAS
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
security = ADS
encrypt passwords = Yes
password server = *
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
log level = 10
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
domain master = No
template primary group = sambausers
server string = Samba Server
show add printer wizard = No
interfaces = em0 192.168.1.20/255.255.255.0
;*******************section dms*****************
[dms]
comment = dms share area
path = /usr/nas/dms
browseable = Yes
browsable = Yes
public = Yes
write ok = Yes
writeable = Yes
preserve case = Yes
short preserve case = Yes
printable = No
guest ok = No
force create mode = 0775
force directory mode = 0775
force group = sambausers
admin users = +root, Administrator

**************************************************

Here is my krb5.conf contents:

[libdefaults]
         default_realm = MYDOMAIN.COM

[realms]
         MYDOMAIN.COM  = {
         kdc = mydomain-win2k.mydomain.com
         admin_server = mydomain-win2k.mydomain.com
         default_domain = mydomain.com
         }

[domain_realms]
         .mydomain.com = MYDOMAIN.COM
         mydomain.com = MYDOMAIN.COM

*********************************************



         -Derek
         derek at computinginnovations.com

More information about the samba mailing list