[Samba] Can't connect from Windows
Wm. Dean Dufresne
dean at dufresneit.com
Wed Jan 7 03:58:37 GMT 2004
I am setting up my first 3.0.1 installation. I am using Slackware 9.1, I am
trying to connect to a Windows 2000 Server. I do not need active directory
support (as far as I know). The server's function is a file server. So
Users need seamless authentication... of course. I do not have LDAP
installed. It's a plain server besides the 3ware RAID.
I compiled and installed samba 3.0.1, standard paths. I followed the howto
on the samba site.
It is %99 working. Smbd, nmbd, winbindd are all running.
#wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -p
Ping to winbindd succeeded on fd 4
Getent passwd, getent group works fine.
I can assign permissions to domain users like "chown domain+user file"
However when I try to connect from the PDC to the linux box with a domain
user account, it won't let me in.
The name of the PDC is "w2ksrv1", and linux box is "macfiles". The domain
is "mac".
I was able to add a local user "testuser" and add it through smbpasswd, and
authenticate. And view shares, and go into the "tmp" share.
Conf file:
UW PICO(tm) 4.6
File: /usr/local/samba/lib/smb.conf
[global]
workgroup = MAC
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U
template shell = /bin/false
server string = Samba Server
hosts allow = 192.168.1. 127.
load printers = yes
log file = /var/log/samba.%m
max log size = 50
security = user
password server = *
encrypt passwords = yes
socket options = TCP_NODELAY
; interfaces = 192.168.12.2/24 192.168.13.2/24
dns proxy = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
File Attributes:
# ls -la /lib/libnss_winbind.so*
-rwxr-xr-x 1 root root 19511 Jan 2 14:29
/lib/libnss_winbind.so*
lrwxrwxrwx 1 root root 22 Jan 2 14:30
/lib/libnss_winbind.so.2 -> /lib/libnss_winbind.so*
Was not able to configure SAMBA with the "--with-pam" switch.
Also I have no /etc/pam.d directory. ( is that bad?)
Winbind output:
/usr/local/samba/sbin/winbindd -i -d3
winbindd version 3.0.1 started.
Copyright The Samba Team 2000-2003
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/usr/local/samba/lib/smb.conf"
Processing section "[global]"
Processing section "[homes]"
Processing section "[tmp]"
adding IPC service
adding IPC service
added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
resolve_lmhosts: Attempting lmhosts lookup for name MAC<0x1c>
resolve_wins: Attempting wins lookup for name MAC<0x1c>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name MAC<0x20>
rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
IPC$ connections done by user MAC\<DOMAIN ADMIN>
Connecting to host=W2KSRV1
Connecting to 192.168.1.10 at port 445
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=w2ksrv1$@<full domain name>
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
add_trusted_domain: MAC is a native mode domain
Added domain MAC
scanning trusted domain list
rpc: trusted_domains
rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
IPC$ connections done by user MAC\<DOMAIN ADMIN>
Connecting to host=W2KSRV1
Connecting to 192.168.1.10 at port 445
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=w2ksrv1$@<full domain name>
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
scanning trusted domain list
rpc: trusted_domains
The Win2k active directory domain name is actually a SUB domain so,
mac.fulldomain.com. Which is non-standard I believe, FYI.
When the windows system tries to connect here is the log:
# tail -f /var/log/samba.w2ksrv1
[2004/01/03 14:05:57, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189)
startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd did
not exist. File successfully created.
[2004/01/06 21:06:52, 1] smbd/service.c:make_connection_snum(705)
w2ksrv1 (192.168.1.10) connect to service tmp initially as user testuser
(uid=10025, gid=100) (pid 15576)
[2004/01/06 21:09:05, 1] smbd/service.c:close_cnum(887)
w2ksrv1 (192.168.1.10) closed connection to service tmp
You can see my testuser connect.
More logs:
# tail /usr/local/samba/var/log.nmbd
[2004/01/06 20:54:29, 0] nmbd/nmbd.c:main(664)
Netbios nameserver version 3.0.1 started.
Copyright Andrew Tridgell and the Samba Team 1994-2003
[2004/01/06 22:53:13, 0] nmbd/nmbd.c:terminate(54)
Got SIGTERM: going down...
[2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(664)
Netbios nameserver version 3.0.1 started.
Copyright Andrew Tridgell and the Samba Team 1994-2003
[2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(683)
standard input is not a socket, assuming -D option
# tail /usr/local/samba/var/log.smbd
Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/01/06 20:53:50, 0] smbd/server.c:main(747)
smbd version 3.0.1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/01/06 20:54:29, 0] smbd/server.c:main(747)
smbd version 3.0.1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2003
[2004/01/06 22:53:25, 0] smbd/server.c:main(747)
smbd version 3.0.1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2003
Any help would be greatly appreciated!
(let me know if I forgot anything) :p
--
Wm. Dean Dufresne
Dufresne IT Consulting
More information about the samba
mailing list