[Samba] Can't connect from Windows

Wm. Dean Dufresne dean at dufresneit.com
Thu Jan 15 21:05:40 GMT 2004 

Is there a reason nobody responded this message?


On 1/6/04 10:58 PM, "Wm. Dean Dufresne" <dean at dufresneit.com> wrote:

> I am setting up my first 3.0.1 installation.  I am using Slackware 9.1, I am
> trying to connect to a Windows 2000 Server.  I do not need active directory
> support (as far as I know).  The server's function is a file server.  So
> Users need seamless authentication... of course.  I do not have LDAP
> installed.  It's a plain server besides the 3ware RAID.
> 
> 
> I compiled and installed samba 3.0.1, standard paths.  I followed the howto
> on the samba site.
> 
> It is %99 working.  Smbd, nmbd, winbindd are all running.
> 
> #wbinfo -t
> checking the trust secret via RPC calls succeeded
> 
> # wbinfo -p
> Ping to winbindd succeeded on fd 4
> 
> Getent passwd, getent group works fine.
> 
> I can assign permissions to domain users like "chown domain+user file"
> 
> However when I try to connect from the PDC to the linux box with a domain
> user account, it won't let me in.
> 
> The name of the PDC is "w2ksrv1", and linux box is "macfiles".  The domain
> is "mac".
> 
> I was able to add a local user "testuser" and add it through smbpasswd, and
> authenticate. And view shares, and go into the "tmp" share.
> 
> Conf file:
> 
>  UW PICO(tm) 4.6 
> File: /usr/local/samba/lib/smb.conf
> 
> [global]
>  
> workgroup = MAC  
> winbind separator = +
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> template homedir = /home/winnt/%D/%U
> template shell = /bin/false
> server string = Samba Server
> hosts allow = 192.168.1. 127.
> load printers = yes
> log file = /var/log/samba.%m
> max log size = 50
> security = user  
> password server = *
> encrypt passwords = yes
> socket options = TCP_NODELAY
>                  
> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
>                  
> dns proxy = no 
> #============================ Share Definitions
> ==============================
> [homes]          
>  comment = Home Directories
>  browseable = no 
>  writable = yes  
>          
> # This one is useful for people to share files
> [tmp]            
>  comment = Temporary file space
>  path = /tmp     
>  read only = no  
>  public = yes
> 
> 
> File Attributes:
> 
> 
> # ls -la /lib/libnss_winbind.so*
> -rwxr-xr-x    1 root     root        19511 Jan  2 14:29
> /lib/libnss_winbind.so*
> lrwxrwxrwx    1 root     root           22 Jan  2 14:30
> /lib/libnss_winbind.so.2 -> /lib/libnss_winbind.so*
> 
> Was not able to configure SAMBA with the "--with-pam" switch.
> 
> 
> Also I have no /etc/pam.d directory. ( is that bad?)
> 
> Winbind output:
> 
> /usr/local/samba/sbin/winbindd -i -d3
> winbindd version 3.0.1 started.
> Copyright The Samba Team 2000-2003
> lp_load: refreshing parameters
> Initialising global parameters
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/lib/smb.conf"
> Processing section "[global]"
> Processing section "[homes]"
> Processing section "[tmp]"
> adding IPC service
> adding IPC service
> added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
> added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0
> Registered MSG_REQ_POOL_USAGE
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> resolve_lmhosts: Attempting lmhosts lookup for name MAC<0x1c>
> resolve_wins: Attempting wins lookup for name MAC<0x1c>
> resolve_wins: WINS server resolution selected and no WINS servers listed.
> resolve_hosts: Attempting host lookup for name MAC<0x20>
> rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
> IPC$ connections done by user MAC\<DOMAIN ADMIN>
> Connecting to host=W2KSRV1
> Connecting to 192.168.1.10 at port 445
> Doing spnego session setup (blob length=112)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=w2ksrv1$@<full domain name>
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60890215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60080215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60080215
> add_trusted_domain: MAC is a native mode domain
> Added domain MAC 
> scanning trusted domain list
> rpc: trusted_domains
> rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC
> IPC$ connections done by user MAC\<DOMAIN ADMIN>
> Connecting to host=W2KSRV1
> Connecting to 192.168.1.10 at port 445
> Doing spnego session setup (blob length=112)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 113554 1 2 2 3
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=w2ksrv1$@<full domain name>
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60890215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60080215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60080215
> scanning trusted domain list
> rpc: trusted_domains
> 
> 
> The Win2k active directory domain name is actually a SUB domain so,
> mac.fulldomain.com.  Which is non-standard I believe, FYI.
> 
> When the windows system tries to connect here is the log:
> # tail -f /var/log/samba.w2ksrv1
> [2004/01/03 14:05:57, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189)
> startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd did
> not exist. File successfully created.
> [2004/01/06 21:06:52, 1] smbd/service.c:make_connection_snum(705)
> w2ksrv1 (192.168.1.10) connect to service tmp initially as user testuser
> (uid=10025, gid=100) (pid 15576)
> [2004/01/06 21:09:05, 1] smbd/service.c:close_cnum(887)
> w2ksrv1 (192.168.1.10) closed connection to service tmp
> 
> You can see my testuser connect.
> 
> More logs:
> 
> # tail /usr/local/samba/var/log.nmbd
> [2004/01/06 20:54:29, 0] nmbd/nmbd.c:main(664)
> Netbios nameserver version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1994-2003
> [2004/01/06 22:53:13, 0] nmbd/nmbd.c:terminate(54)
> Got SIGTERM: going down...
> [2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(664)
> Netbios nameserver version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1994-2003
> [2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(683)
> standard input is not a socket, assuming -D option
> 
> # tail /usr/local/samba/var/log.smbd
> Copyright Andrew Tridgell and the Samba Team 1992-2003
> [2004/01/06 20:53:50, 0] smbd/server.c:main(747)
> smbd version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2003
> [2004/01/06 20:54:29, 0] smbd/server.c:main(747)
> smbd version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2003
> [2004/01/06 22:53:25, 0] smbd/server.c:main(747)
> smbd version 3.0.1 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2003
> 
> 
> Any help would be greatly appreciated!
> 
> 
> (let me know if I forgot anything) :p

-- 
Wm. Dean Dufresne
DufresneIT Consulting
dean at dufresneit.com
(614)886-7640

More information about the samba mailing list