[Samba] Samba as NT Domain Member via Winbind - After Upgrade users
prompted for password for any shares
Thomas Pomroy
samba-lists at fleet.ucdavis.edu
Fri Aug 27 00:18:21 GMT 2004
(Trying to pick up this thread though I can't reply to the original message)
I'm having similar problems with Samba 3.0.6...
Jason, try this for scientific purposes:
1. Stop Samba
2. Delete /%samba/var/locks/netsamlogon_cache.tdb
3. Start Samba
4. run 'getent passwd <username>' (where <username> includes the domain
name and domain separator if necessary)
If the account shows up, my guess is that your shares will work for that
user for the moment. If you try to access a share before that (even
anonymous "\\server"), you'll be locked out and won't be able to access
anything until you delete netsamlogon_cache.tdb and start over.
Jerry, why does this happen? ;)
Here's my best definition of the situation and the problem:
Existing Infrastructure
- Windows NT 4.0 Domain
- PDC, BDC
- Two-way Domain Trust with external domain
- SP6a
Desired Samba server
- Samba 3.0.6
- Red Hat Linux 7.2
- Domain member server
- Winbind
Successes
- configure, make, make install run normally
- net rpc join -U Admin joins server to domain
- starting samba allows getent passwd, group
- wbinfo -t, -p work fine
Problems
- Users can only connect to shares after doing a 'getent passwd
<username>' *before* attempting a connection to \\servername
- Trying to "Run..." \\servername before doing that locks out the user
until the service is stopped, netsamlogon_cache.tdb is deleted, and the
service is restarted.
Diagnostics
- setting "winbind use default domain = yes" or "no" has no effect.
- setting "passdb backend = tdbsam" or "smbpasswd" or commenting out the
line has no effect.
- this line occurs repeatedly in the visiting workstation's log:
[2004/08/26 15:04:48, 0] auth/auth_util.c:make_server_info_info3(1122)
make_server_info_info3: pdb_init_sam failed!
smb.conf Global Settings
#======================= Global Settings =====================
[global]
workgroup = MY_DOMAIN
netbios name = SERVERNAME
server string = Server
security = DOMAIN
hosts allow = [my.ip.subnet]. 127.
log level = 2
log file = /usr/local/samba/var/%m.log
max log size = 500
password server = *
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
winbind use default domain = Yes
use sendfile = Yes
local master = no
os level = 33
wins server = [my.wins.server.address]
winbind enable local accounts = no
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
passdb backend = tdbsam
; passdb backend = smbpasswd
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
>Jerry,
>
>Thanks for your response. I tried tuning 'winbind use default domain =
>no' but still have the problem. When trying to browse the server for
>shares, users are prompted for an IPC$ password. If they try to
access >a specific share, they get a message saying the share cannot be
found. >Any other ideas? I've included below my smb.conf file,
modified w/ >suggested change as well as my logs for smbd, nmbd, and
winbindd after >all services are restarted and a connection attempt was
made.
>
>Thanks,
>
>Jason McGlamary
>PC/LAN Specialist
>Washington Hospital Center
More information about the samba
mailing list