[Samba] Domain problem with NT4 & Samba 3.0.2a
Spike Burkhardt
burkhardt.richard at ssd.loral.com
Thu Jun 10 21:45:18 GMT 2004
Jon,
I'm using the Security = SERVER due to the fact that the machines that will be used
aren't in the domain. I'm not using the smbpasswd file. I have not joined the
domain but on the two other servers I've setup I haven't had to. I'll try it and let
you know. As to the authenticating, how can I tell if it's using smbpasswd?
spike
Jonathan Johnson wrote:
> The first thing that jumps out at me is the line beginning with
> Domain=[WORKGROUP] in the results of 'smbclient -L moon". It appears to
> me that in looking for the browse list, your user may be attempting to
> authenticate against the local smbpasswd database instead of
> authenticating against the PDC or BDC. A bug, a feature, or a
> misunderstanding? I don't know.
>
> Have you joined this server to the domain?
>
> You'll want to read this section of the Samba 3 HOWTO if you haven't
> already:
> http://us2.samba.org/samba/docs/man/howto/domain-member.html#domain-member-server
>
> This section says to use Security = DOMAIN instead of Security =
> SERVER, and explains why. Looking at your smb.conf, it looks like
> you're on the right track.
>
> I'd recommend investigating winbind to create users on the fly when
> auth'd against the domain controller. As samba still requires a local
> user database, winbind and appropriate scripts will automatically
> maintain this local user database for you.
>
> And, of course, there's always the recommendation to go with Samba
> 3.0.4 (or 3.0.5 if it's out soon).
>
> --Jon Johnson
> Sutinen Consulting, Inc.
> jon at sutinen.com
>
> On Thu, 10 Jun 2004, Spike Burkhardt wrote:
>
> > All,
> >
> > I really need some help. I'm putting samba up on a new windows domain
> > called SIERRA. I'm using Samba 3.0.2a on Solaris 8. I'm barely
> > knowledgeable on Windows NetBIOS... but am good with Solaris. The
> > status is that I've got the daemons running and working normally. I
> > have 1 desktop with 1 PDC & 1 BDC in the SIERRA domain. On the desktop,
> > I can see both DC's but not the samba server. As a non-priviledged
> > account, when I issue a smbclient -L moon I get the following output:
> >
> > moon:/home/burkharr> smbclient -L moon
> > Password:
> >
> > Anonymous login successful
> > Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a]
> >
> > Sharename Type Comment
> > ------------ ----- -----------
> > rcbtest Disk Spike's testing
> > IPC$ IPC IPC Service (Samba 3.0.2a)
> > ADMIN$ IPC IPC Service (Samba 3.0.2a)
> > Domain=[WORKGROUP] OS=[SunOS 5.8 sun4u] Server=[LAN Manager 2.1]
> > tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password
> > pair in a Tree Connect or Session Setup are invalid.)
> > NetBIOS over TCP disabled -- no workgroup available
> >
> >
> > When I issue the same command substituting localhost for moon I get the
> > following output:
> > moon:/home/burkharr> smbclient -L localhost
> > Password:
> >
> > Anonymous login successful
> > Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a]
> >
> > Sharename Type Comment
> > --------- ---- -------
> > rcbtest Disk Spike's testing
> > IPC$ IPC IPC Service (Samba 3.0.2a)
> > ADMIN$ IPC IPC Service (Samba 3.0.2a)
> > Anonymous login successful
> > Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a]
> >
> > Server Comment
> > --------- -------
> > EPN32-237
> > MOON Samba 3.0.2a
> > ROHAN
> > SHADOWFAX
> >
> > Workgroup Master
> > --------- -------
> > SIERRA MOON
> >
> >
> > Notice that I don't get any NetBIOS errors which makes sense because I'm
> > not going out on the network.
> >
> > Here's my smb.conf file:
> > moon:/home/burkharr> more /apps/samba/lib/smb.conf
> > # Global parameters
> > [global]
> > workgroup = SIERRA
> > netbios name = moon
> > security = SERVER
> > encrypt passwords = Yes
> > password server = rohan shadowfax
> > wins server = 172.22.2.251
> > password level = 8
> > #admin log = Yes
> > log level = 1
> > log file = /var/samba/log/log.%m
> > create mask = 775
> >
> > [rcbtest]
> > comment = Spike's testing
> > path = /dbd00/spike
> > valid users = @webadmin
> > force group = webadmin
> > create mask = 740
> > writeable = Yes
> >
> > Any thoughts? Thanks for your help.
> >
> > spike
> >
> >
More information about the samba
mailing list