[Samba] authentication against win2k3 server

Carissa Srugis csrugis at gmail.com
Tue Nov 16 20:05:19 GMT 2004

I've been trying to setup Samba to authenticate users against accounts
existing on a Windows 2003 Server without any backwards capability. 
Ideally, this needs to be done without any changes to the Windows 2003
Server.  Users will not be logging into the Samba shares at all.  This
is merely for authentication.

I'm running FreeBSD 4.10-Relase #4 with Samba 3.0.8.

This is my smb.conf file:
      realm = WIN2K3.DOMAIN.LOCAL
      security = ads
      auth methods = winbind
      winbind separator = +
      encrypt passwords = yes
      workgroup = DOMAIN.LOCAL
      netbios name = FREEBSD_Machine
      winbind uid = 10000-20000
      winbind gid = 10000-20000
      winbind enum users = yes
      winbind enum groups = yes
      idmap uid = 10000-20000
      idmap gid = 10000-20000
      password server = WIN2K3.DOMAIN.LOCAL

So once winbindd is running, I type the following and get these results:

freebsd_machine# net ads join member -I -U administrator
administrator's password: *password*
[2004/11/16 14:27:06, 0] libsmb/nmblib.c:send_udp(793)
  Packet send failed to ERRNO=Permission denied
[2004/11/16 14:27:07, 0] libsmb/nmblib.c:send_udp(793)
  Packet send failed to ERRNO=Permission denied
[2004/11/16 14:27:07, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Permission denied

In the winbindd log I've also gotten the following error messages at
one point or another:

Could not fetch sid for our domain WIN2K3.DOMAIN.LOCAL
Packet send failed to ERRNO=Permission denied
ads_connect for domain WIN2K3.DOMAIN.LOCAL failed: Permission denied
get_trust_pw: could not fetch trust account password for my domain DOMAIN.LOCAL

The odd part is when I try to use wbinfo to verify connections.  If I
type "wbinfo -g" it will display the correct group listing from the
win2k3 server.  But nothing else seems to work:

freebsd_machine# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_INTERNAL_ERROR (0xc00000e5)
Could not check secret

freebsd_machine# wbinfo -u
Error looking up domain users

freebsd_machine# wbinfo --domain-info=DOMAIN.LOCAL
Name              : WIN2K3.DOMAIN.LOCAL
Alt_Name          : DOMAIN.LOCAL
SID               : S-0-0
Active Directory  : No
Native            : No
Primary           : Yes
Sequence          : -1

I'm obviously missing something, but I am at a loss.  Any help is
greatly appreciated!

Carissa Srugis

Carissa Srugis
csrugis at gmail.com

More information about the samba mailing list