[Samba] Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares

Thomas Pomroy samba-lists at fleet.ucdavis.edu
Fri Aug 27 00:18:21 GMT 2004


(Trying to pick up this thread though I can't reply to the original message)

I'm having similar problems with Samba 3.0.6...

Jason, try this for scientific purposes:

1. Stop Samba
2. Delete /%samba/var/locks/netsamlogon_cache.tdb
3. Start Samba
4. run 'getent passwd <username>' (where <username> includes the domain 
name and domain separator if necessary)

If the account shows up, my guess is that your shares will work for that 
user for the moment. If you try to access a share before that (even 
anonymous "\\server"), you'll be locked out and won't be able to access 
anything until you delete netsamlogon_cache.tdb and start over.

Jerry, why does this happen? ;)

Here's my best definition of the situation and the problem:

Existing Infrastructure
- Windows NT 4.0 Domain
- PDC, BDC
- Two-way Domain Trust with external domain
- SP6a

Desired Samba server
- Samba 3.0.6
- Red Hat Linux 7.2
- Domain member server
- Winbind

Successes
- configure, make, make install run normally
- net rpc join -U Admin joins server to domain
- starting samba allows getent passwd, group
- wbinfo -t, -p work fine

Problems
- Users can only connect to shares after doing a 'getent passwd 
<username>' *before* attempting a connection to \\servername
- Trying to "Run..." \\servername before doing that locks out the user 
until the service is stopped, netsamlogon_cache.tdb is deleted, and the 
service is restarted.

Diagnostics
- setting "winbind use default domain = yes" or "no" has no effect.
- setting "passdb backend = tdbsam" or "smbpasswd" or commenting out the 
line has no effect.
- this line occurs repeatedly in the visiting workstation's log:
[2004/08/26 15:04:48, 0] auth/auth_util.c:make_server_info_info3(1122)
   make_server_info_info3: pdb_init_sam failed!


smb.conf Global Settings

#======================= Global Settings =====================
[global]
         workgroup = MY_DOMAIN
         netbios name = SERVERNAME
         server string = Server
         security = DOMAIN
         hosts allow = [my.ip.subnet]. 127.
         log level = 2
         log file = /usr/local/samba/var/%m.log
         max log size = 500
         password server = *
         idmap uid = 15000-20000
         idmap gid = 15000-20000
         winbind separator = +
         winbind use default domain = Yes
         use sendfile = Yes
         local master = no
         os level = 33
         wins server = [my.wins.server.address]
         winbind enable local accounts = no

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
    passdb backend = tdbsam
;   passdb backend = smbpasswd

# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
    socket options = TCP_NODELAY

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24


 >Jerry,
 >
 >Thanks for your response.  I tried tuning 'winbind use default domain =
 >no'  but still have the problem.  When trying to browse the server for
 >shares, users are prompted for an IPC$ password.  If they try to 
access >a specific share, they get a message saying the share cannot be 
found.  >Any other ideas?  I've included below my smb.conf file, 
modified w/ >suggested change as well as my logs for smbd, nmbd, and 
winbindd after >all services are restarted and a connection attempt was 
made.
 >
 >Thanks,
 >
 >Jason McGlamary
 >PC/LAN Specialist
 >Washington Hospital Center


More information about the samba mailing list