[Samba] Re: Re: Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares

Jason.McGlamary at Medstar.net Jason.McGlamary at Medstar.net
Fri Aug 27 01:24:41 GMT 2004 

Thomas,
        I followed your instructions, and your theory proved correct.  The 
user I performed 'getent passwd <username> was able to access the shares. 
It's something at least, and believe me I was getting ready to swear off 
technology forever.  Now, how can I manage this task for 20000 users?  Is 
this a problem only happeningn w/ 3.0.6?  It didn't happen to me until I 
upgraded yesterday.  Does anyone know how I can roll back to a previous 
version on Debian?  I've really just started using the Distro recently.

Thanks, 
Jason 
>-----------------------------------------------------------------------
>I'm having similar problems with Samba 3.0.6...

Jason, try this for scientific purposes:

1. Stop Samba
2. Delete /%samba/var/locks/netsamlogon_cache.tdb
3. Start Samba
4. run 'getent passwd <username>' (where <username> includes the domain 
name and domain separator if necessary)

If the account shows up, my guess is that your shares will work for that 
user for the moment. If you try to access a share before that (even 
anonymous "\\server"), you'll be locked out and won't be able to access 
anything until you delete netsamlogon_cache.tdb and start over.

Jerry, why does this happen? ;)

Here's my best definition of the situation and the problem:

Existing Infrastructure
- Windows NT 4.0 Domain
- PDC, BDC
- Two-way Domain Trust with external domain
- SP6a

Desired Samba server
- Samba 3.0.6
- Red Hat Linux 7.2
- Domain member server
- Winbind

Successes
- configure, make, make install run normally
- net rpc join -U Admin joins server to domain
- starting samba allows getent passwd, group
- wbinfo -t, -p work fine

Problems
- Users can only connect to shares after doing a 'getent passwd 
<username>' *before* attempting a connection to \\servername
- Trying to "Run..." \\servername before doing that locks out the user 
until the service is stopped, netsamlogon_cache.tdb is deleted, and the 
service is restarted.

Diagnostics
- setting "winbind use default domain = yes" or "no" has no effect.
- setting "passdb backend = tdbsam" or "smbpasswd" or commenting out the 
line has no effect.
- this line occurs repeatedly in the visiting workstation's log:
[2004/08/26 15:04:48, 0] auth/auth_util.c:make_server_info_info3(1122)
   make_server_info_info3: pdb_init_sam failed!

More information about the samba mailing list