[Samba] Samba 3.0.3 on FreeBSD 5.2.1 not listing users or allowing
user access without a unix account
Derek Ragona
derek at computinginnovations.com
Tue Apr 13 22:59:07 GMT 2004
I am using the FreeBSD samba server as just a fileserver domain member to a
windows 2000 mixed mode active directory forest.
I configued samba, am able to join the domain using,
# net rpc join -U Administrator
But not
# net ads join -U Administrator
I can see my samba shares and use them. But what is happening is a user
that is in the Active Directory, but not on the FreeBSD server cannot
access the Samba shares. If I create a user account on the FreeBSD system,
then they can
access and use the shares. I know the passwords are getting authenticated
with the Windows 2k active directory, as I tried with different passwords
on the system and the win2k password works for accessing the shares.
When I do:
# wbinfo -t
checking the trust secret via RPC calls succeeded
But wbinfo -u does this:
# wbinfo -u
Error looking up domain users
so does wbinfo -g
# wbinfo -g
Error looking up domain groups
The domain is browsable by anonymous users, I checked that setting on the
windows Active Directory server. I also tried setting the wbinfo auth user
with:
wbinfo --set-auth-user=Administrator%*********
That did not change anything.
So It seems like winbind is only partially working.
It looks like the documentation and the applications are in flux with some
funtions moving to the net command from wbinfo.
I suspect I either didn't build the port with the correct components or
have a configuration error. Any help would be appreciated.
here is my smb.conf contents:
;*******************section global*****************
[global]
netbios name = acdsmb-NAS
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
security = ADS
encrypt passwords = Yes
password server = *
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
log level = 10
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
domain master = No
template primary group = sambausers
server string = Samba Server
show add printer wizard = No
interfaces = em0 192.168.1.20/255.255.255.0
;*******************section dms*****************
[dms]
comment = dms share area
path = /usr/nas/dms
browseable = Yes
browsable = Yes
public = Yes
write ok = Yes
writeable = Yes
preserve case = Yes
short preserve case = Yes
printable = No
guest ok = No
force create mode = 0775
force directory mode = 0775
force group = sambausers
admin users = +root, Administrator
**************************************************
Here is my krb5.conf contents:
[libdefaults]
default_realm = MYDOMAIN.COM
[realms]
MYDOMAIN.COM = {
kdc = mydomain-win2k.mydomain.com
admin_server = mydomain-win2k.mydomain.com
default_domain = mydomain.com
}
[domain_realms]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
*********************************************
-Derek
derek at computinginnovations.com
More information about the samba
mailing list