[Samba] Domain problem with NT4 & Samba 3.0.2a
Jonathan Johnson
jon at sutinen.com
Thu Jun 10 16:47:48 GMT 2004
The first thing that jumps out at me is the line beginning with
Domain=[WORKGROUP] in the results of 'smbclient -L moon". It appears to
me that in looking for the browse list, your user may be attempting to
authenticate against the local smbpasswd database instead of
authenticating against the PDC or BDC. A bug, a feature, or a
misunderstanding? I don't know.
Have you joined this server to the domain?
You'll want to read this section of the Samba 3 HOWTO if you haven't
already:
http://us2.samba.org/samba/docs/man/howto/domain-member.html#domain-member-server
This section says to use Security = DOMAIN instead of Security =
SERVER, and explains why. Looking at your smb.conf, it looks like
you're on the right track.
I'd recommend investigating winbind to create users on the fly when
auth'd against the domain controller. As samba still requires a local
user database, winbind and appropriate scripts will automatically
maintain this local user database for you.
And, of course, there's always the recommendation to go with Samba
3.0.4 (or 3.0.5 if it's out soon).
--Jon Johnson
Sutinen Consulting, Inc.
jon at sutinen.com
On Thu, 10 Jun 2004, Spike Burkhardt wrote:
> All,
>
> I really need some help. I'm putting samba up on a new windows domain
> called SIERRA. I'm using Samba 3.0.2a on Solaris 8. I'm barely
> knowledgeable on Windows NetBIOS... but am good with Solaris. The
> status is that I've got the daemons running and working normally. I
> have 1 desktop with 1 PDC & 1 BDC in the SIERRA domain. On the desktop,
> I can see both DC's but not the samba server. As a non-priviledged
> account, when I issue a smbclient -L moon I get the following output:
>
> moon:/home/burkharr> smbclient -L moon
> Password:
>
> Anonymous login successful
> Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a]
>
> Sharename Type Comment
> ------------ ----- -----------
> rcbtest Disk Spike's testing
> IPC$ IPC IPC Service (Samba 3.0.2a)
> ADMIN$ IPC IPC Service (Samba 3.0.2a)
> Domain=[WORKGROUP] OS=[SunOS 5.8 sun4u] Server=[LAN Manager 2.1]
> tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password
> pair in a Tree Connect or Session Setup are invalid.)
> NetBIOS over TCP disabled -- no workgroup available
>
>
> When I issue the same command substituting localhost for moon I get the
> following output:
> moon:/home/burkharr> smbclient -L localhost
> Password:
>
> Anonymous login successful
> Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a]
>
> Sharename Type Comment
> --------- ---- -------
> rcbtest Disk Spike's testing
> IPC$ IPC IPC Service (Samba 3.0.2a)
> ADMIN$ IPC IPC Service (Samba 3.0.2a)
> Anonymous login successful
> Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a]
>
> Server Comment
> --------- -------
> EPN32-237
> MOON Samba 3.0.2a
> ROHAN
> SHADOWFAX
>
> Workgroup Master
> --------- -------
> SIERRA MOON
>
>
> Notice that I don't get any NetBIOS errors which makes sense because I'm
> not going out on the network.
>
> Here's my smb.conf file:
> moon:/home/burkharr> more /apps/samba/lib/smb.conf
> # Global parameters
> [global]
> workgroup = SIERRA
> netbios name = moon
> security = SERVER
> encrypt passwords = Yes
> password server = rohan shadowfax
> wins server = 172.22.2.251
> password level = 8
> #admin log = Yes
> log level = 1
> log file = /var/samba/log/log.%m
> create mask = 775
>
> [rcbtest]
> comment = Spike's testing
> path = /dbd00/spike
> valid users = @webadmin
> force group = webadmin
> create mask = 740
> writeable = Yes
>
> Any thoughts? Thanks for your help.
>
> spike
>
>
More information about the samba
mailing list