[Samba] Getting Samba 3 to communicate with Win2k3 ADS

Chris Goff cgoff at nles.k12.wi.us
Tue Jul 27 18:59:55 GMT 2004


I'm having a *terrible* time trying to get Samba 3 to communicate with my
Windows 2003 Active Directory Server (the primary and only domain on my
network). Basically this is what I'm trying to do: create a Linux File
Server to replace my old WinNT 4 File Server. I would like it to show up
under all my XP clients on network neighborhood just like the old server,
with each account on my network having a folder on the file server that
they can work with i.e.

John Doe (jdoe account name on the Windows 2003 domain) has a folder on
"Hobbes" (the Linux File Server running Samba 3) named "jdoe" that only he
and anyone in the Administrators group can access. This is how I had it
setup with the old WinNT 4 file server.

Obviously I'm not looking for anything fancy, just some decent security by
using the same users/groups between the file server and the domain server,
and some folder shares for each account.

I've done some research on the web, read the Samba HOWTO, the Unofficial
HOWTO, and a paper on this website:
http://www.wlug.org.nz/ActiveDirectorySamba

I'm running a Slackware 10 operating system, removed the original Samba
3.0.4 (wasn't compiled with several required options) package and compiled
Samba 3.0.5 with the correct options (after installing numerous other
libraries such as PAM and OpenLDP). 

I've primarily been trying to follow the tutorial posed here:
http://www.wlug.org.nz/ActiveDirectorySamba. I have run into things that
simply don't exist on my system, such as /etc/pam.d/samba, etc. shown as
steps in that tutorial. I am able to see the system in my Active Directory
on the Win2k3 machine, and I can access shares if I go in manually (shares
that I have set up with SWAT) on my WinXP clients using \\Hobbes
(presented with login/pass prompt). However, it does not show up as an
icon under Network Places, and is shown as a Domain Controller under the
Active Directory.

Here's a copy of my log.winbindd:

Last login: Mon Jul 26 16:07:11 2004 from 10.0.0.3
Linux 2.4.26.
root at hobbes:/usr/local/samba/var# more log.winbindd
[2004/07/27 09:13:23, 1] nsswitch/winbindd.c:main(843)
  winbindd version 3.0.5 started.
  Copyright The Samba Team 2000-2004
[2004/07/27 09:13:23, 0] param/loadparm.c:map_parameter(2420)
  Unknown parameter encountered: "winbind seperator"
[2004/07/27 09:13:23, 0] param/loadparm.c:lp_do_parameter(3110)
  Ignoring unknown parameter "winbind seperator"
[2004/07/27 09:13:23, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
  Added domain NLES NLES.LOCAL S-0-0
[2004/07/27 09:13:30, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain NLES failed: No such file or directory
[2004/07/27 09:13:30, 1] nsswitch/winbindd_util.c:init_domain_list(327)
  Could not fetch sid for our domain NLES
[2004/07/27 09:14:20, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain NLES failed: Transport endpoint is not connected
[2004/07/27 10:41:26, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain NLES failed: Transport endpoint is not connected
[2004/07/27 11:00:02, 1] nsswitch/winbindd.c:main(843)
  winbindd version 3.0.5 started.
  Copyright The Samba Team 2000-2004
[2004/07/27 11:00:02, 0] lib/pidfile.c:pidfile_create(84)
  ERROR: winbindd is already running. File
/usr/local/samba/var/locks/winbindd.p
id exists and process id 18315 is running.
[2004/07/27 11:01:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain NLES failed: No such file or directory
[2004/07/27 11:06:18, 1] nsswitch/winbindd.c:main(843)
  winbindd version 3.0.5 started.
  Copyright The Samba Team 2000-2004
[2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
  Added domain NLES NLES.LOCAL S-0-0
[2004/07/27 11:06:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
  Added domain BUILTIN  S-1-5-32
[2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
  Added domain HOBBES  S-1-5-21-1198646081-1480357316-948041017
[2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
  winbindd_create_user: Refusing to create user that already exists
(Administrat
or)
[2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
  winbindd_create_user: Refusing to create user that already exists
(Administrat
or)
[2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
  winbindd_create_user: Refusing to create user that already exists
(Administrat
or)
[2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
  winbindd_create_user: Refusing to create user that already exists
(Administrat
or)
root at hobbes:/usr/local/samba/var#


So basically, does anyone have some steps they went through to get a basic
samba 3 file server running on their 2003 ADS network?

Also, I'd *really* like to be able to use ACL to control folder
permissions from WinXX clients rather than fudging with unix permissions.
Does ReiserFS support ACL, or do I need to use another file system?

Samba n00b, frusterated but hanging in there...



More information about the samba mailing list