[Samba] Domain security, users still asked for login

Gerald (Jerry) Carter jerry at samba.org
Wed May 5 13:28:33 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hamish wrote:

| I have been having problems with authentication on a suse 9 box with
| samba 3.0.3 installed from rpms.
| I have googled till my fingers bled, there is just the question, no
| answer, someone must have been able to solve it out of all the people
| who had the problem?
|
| I joined the domain with net join, this was successful
| I can list users/groups, authenticate and check the secret with wbinfo
| testparm gives no errors:
| Load smb config files from /etc/samba/smb.conf
| Processing section "[general]"
| Loaded services file OK.
| Server role: ROLE_DOMAIN_MEMBER
| Press enter to see a dump of your service definitions
|
| # Global parameters
| [global]
|        workgroup = MYDOMAIN
|        server string = DATASERVER
|        security = DOMAIN
|        password server = 2k3domaincontroller
|        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
|        load printers = No
|        os level = 33
|        preferred master = No
|        local master = No
|        domain master = No
|        dns proxy = No
|        idmap uid = 10000-20000
|        idmap gid = 10000-20000
|        winbind separator = /
|        winbind cache time = 10
|        admin users = MYDOMAIN/Administrator, domadm
|        printer admin = domadm
|
| [general]
|        comment = General
|        path = /share
|        read only = No
|        guest ok = Yes
|
|
| When a user attempts to connect to the server, they are asked for
| authentication, this should not be because it is set to security=domain,
| log.winbindd contains lines of
| winbindd_create_user: Refusing to create user that already exists
| (%username%) for whichever user tries to connect.
| log.smbd has lines of
| make_server_info_info3: pdb_init_sam failed!

Set "winbind enable local accounts = no" and make sure thet
'getent passwd DOMAIN\user' returns information (replacing the
DOMAIN\user with some valid name).





cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAmOwAIR7qMdg1EfYRAiEhAKC+fva3gSxk+RKHJjAmEcFy2rfwoACfe6zt
8MCPuoDKuTvcLYNOwEvnMgE=
=nmmA
-----END PGP SIGNATURE-----


More information about the samba mailing list