[Samba] Can't connect from Windows
Wm. Dean Dufresne
dean at dufresneit.com
Thu Jan 15 21:05:40 GMT 2004
Is there a reason nobody responded this message?
On 1/6/04 10:58 PM, "Wm. Dean Dufresne" <dean at dufresneit.com> wrote:
> I am setting up my first 3.0.1 installation. I am using Slackware 9.1, I am
> trying to connect to a Windows 2000 Server. I do not need active directory
> support (as far as I know). The server's function is a file server. So
> Users need seamless authentication... of course. I do not have LDAP
> installed. It's a plain server besides the 3ware RAID.
>
>
> I compiled and installed samba 3.0.1, standard paths. I followed the howto
> on the samba site.
>
> It is %99 working. Smbd, nmbd, winbindd are all running.
>
> #wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> # wbinfo -p
> Ping to winbindd succeeded on fd 4
>
> Getent passwd, getent group works fine.
>
> I can assign permissions to domain users like "chown domain+user file"
>
> However when I try to connect from the PDC to the linux box with a domain
> user account, it won't let me in.
>
> The name of the PDC is "w2ksrv1", and linux box is "macfiles". The domain
> is "mac".
>
> I was able to add a local user "testuser" and add it through smbpasswd, and
> authenticate. And view shares, and go into the "tmp" share.
>
> Conf file:
>
> UW PICO(tm) 4.6
> File: /usr/local/samba/lib/smb.conf
>
> [global]
>
> workgroup = MAC
> winbind separator = +
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> template homedir = /home/winnt/%D/%U
> template shell = /bin/false
> server string = Samba Server
> hosts allow = 192.168.1. 127.
> load printers = yes
> log file = /var/log/samba.%m
> max log size = 50
> security = user
> password server = *
> encrypt passwords = yes
> socket options = TCP_NODELAY
>
> ; interfaces = 192.168.12.2/24 192.168.13.2/24
>
> dns proxy = no
> #============================ Share Definitions
> ==============================
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
> # This one is useful for people to share files
> [tmp]
> comment = Temporary file space
> path = /tmp
> read only = no
> public = yes
>
>
> File Attributes:
>
>
> # ls -la /lib/libnss_winbind.so*
> -rwxr-xr-x 1 root root 19511 Jan 2 14:29
> /lib/libnss_winbind.so*
> lrwxrwxrwx 1 root root 22 Jan 2 14:30
> /lib/libnss_winbind.so.2 -> /lib/libnss_winbind.so*
>
> Was not able to configure SAMBA with the "--with-pam" switch.
>
>
> Also I have no /etc/pam.d directory. ( is that bad?)
>
> Winbind output:
>
> /usr/local/samba/sbin/winbindd -i -d3
> winbindd version 3.0.1 started.
> Copyright The Samba Team 2000-2003
> lp_load: refreshing parameters
> Initialising global parameters
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/lib/smb.conf"
> Processing section "[global]"
> Processing section "[homes]"
> Processing section "[tmp]"
> adding IPC service
> adding IPC service
> added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
> added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
> Registered MSG_REQ_POOL_USAGE
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> resolve_lmhosts: Attempting lmhosts lookup for name MAC<0x1c>
> resolve_wins: Attempting wins lookup for name MAC<0x1c>
> resolve_wins: WINS server resolution selected and no WINS servers listed.
> resolve_hosts: Attempting host lookup for name MAC<0x20>
> rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
> IPC$ connections done by user MAC\<DOMAIN ADMIN>
> Connecting to host=W2KSRV1
> Connecting to 192.168.1.10 at port 445
> Doing spnego session setup (blob length=112)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=w2ksrv1$@<full domain name>
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60890215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60080215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60080215
> add_trusted_domain: MAC is a native mode domain
> Added domain MAC
> scanning trusted domain list
> rpc: trusted_domains
> rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
> IPC$ connections done by user MAC\<DOMAIN ADMIN>
> Connecting to host=W2KSRV1
> Connecting to 192.168.1.10 at port 445
> Doing spnego session setup (blob length=112)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=w2ksrv1$@<full domain name>
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60890215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60080215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60080215
> scanning trusted domain list
> rpc: trusted_domains
>
>
> The Win2k active directory domain name is actually a SUB domain so,
> mac.fulldomain.com. Which is non-standard I believe, FYI.
>
> When the windows system tries to connect here is the log:
> # tail -f /var/log/samba.w2ksrv1
> [2004/01/03 14:05:57, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189)
> startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd did
> not exist. File successfully created.
> [2004/01/06 21:06:52, 1] smbd/service.c:make_connection_snum(705)
> w2ksrv1 (192.168.1.10) connect to service tmp initially as user testuser
> (uid=10025, gid=100) (pid 15576)
> [2004/01/06 21:09:05, 1] smbd/service.c:close_cnum(887)
> w2ksrv1 (192.168.1.10) closed connection to service tmp
>
> You can see my testuser connect.
>
> More logs:
>
> # tail /usr/local/samba/var/log.nmbd
> [2004/01/06 20:54:29, 0] nmbd/nmbd.c:main(664)
> Netbios nameserver version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1994-2003
> [2004/01/06 22:53:13, 0] nmbd/nmbd.c:terminate(54)
> Got SIGTERM: going down...
> [2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(664)
> Netbios nameserver version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1994-2003
> [2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(683)
> standard input is not a socket, assuming -D option
>
> # tail /usr/local/samba/var/log.smbd
> Copyright Andrew Tridgell and the Samba Team 1992-2003
> [2004/01/06 20:53:50, 0] smbd/server.c:main(747)
> smbd version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2003
> [2004/01/06 20:54:29, 0] smbd/server.c:main(747)
> smbd version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2003
> [2004/01/06 22:53:25, 0] smbd/server.c:main(747)
> smbd version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2003
>
>
> Any help would be greatly appreciated!
>
>
> (let me know if I forgot anything) :p
--
Wm. Dean Dufresne
DufresneIT Consulting
dean at dufresneit.com
(614)886-7640
More information about the samba
mailing list