[Samba] 3.0.21 and "Rejecting auth request from client"

Raymond Lillard rlillard at sonic.net
Wed Dec 28 18:44:49 GMT 2005 

Oliver Schulze L. wrote:

> Hi Ray,
> how do you rebuilded the tdb files?
> Maybe that can help.
>
> Oliver
>
> Raymond Lillard wrote:
>
>>
>> Sorry, I don't have an answer for you, but I'm seeing the same
>> thing.  In my case I re-built the tdb files anew.  The PDC I just
>> upgraded was v3.0.7.
>

I am running on WBEL3.  The latest Samba available from Whitebox
is v3.0.9, so I decided to build Samba-3.0.21 from the tarball.

I kept all of the Linux groups and users, the DHCP, the DNS and
smb.conf (mostly) unchanged.  I built the new samba to live under
/usr/local so as not to interfere with the existing Samba-3.0.9
from WBEL3.  Some fixing up of paths with symlinks was needed.
Don't forget ldconfig.

I re-did the nt->unix groupmapping and added the users to the
passdb.tdb file.  I abandoned all the *.tdb files under /var and
created a new secrets.tdb, passdb.tdb file.  The new *.tdb files
are now under /usr/local/var.

Thus my new 3.0.21 installation as all new tdb files.

I still don't know whether the AutoEnrollment Error is related
to my application mis-behaviour.

If anybody can spot a problem I'll be eternally grateful.

Ray





My Build Configuration:

#!/bin/sh

VER="3.0.21"
DOM="MYDOMAIN"
time_stamp=`date +%y%m%d-%H%M`
prefix=/usr/local/samba-$VER


./configure \
        --prefix=$prefix \
        --localstatedir=/usr/local/var/samba-$VER \
        --with-configdir=/usr/local/etc/samba-$VER \
        --with-privatedir=/usr/local/etc/samba-$VER \
        --with-piddir=/usr/local/var/run/samba-$VER \
        --with-lockdir=/usr/local/var/locks/samba-$VER \
        --with-logfilebase=/usr/local/var/log/samba-$VER \
        --with-smbwrapper \
        --with-fhs \
        --with-quotas \
        --with-smbmount \
        --enable-cups \
        --with-pam \
        --with-pam_smbpass \
        --with-syslog \
        --with-utmp\
        --with-sambabook=$prefix/share/swat/using_samba \
        --with-swatdir=$prefix/share/swat \
        --with-shared-modules=idmap_rid \
        --with-libsmbclient \
        --with-winbind \
        --disable-static \
        --enable-shared         | tee Config-$time_stamp.txt




My Configuration:

# Samba config file created using SWAT
# from 192.168.1.20 (192.168.1.20)
# Date: 2005/12/28 08:27:57

[global]
        workgroup = MYDOMAIN
        interfaces = eth0, lo
        bind interfaces only = Yes
        smb passwd file = /usr/local/etc/samba-3.0.21/private/smbpasswd
        private dir = /usr/local/etc/samba/private
        passdb backend = tdbsam:/usr/local/etc/samba/private/passdb.tdb
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *password* %n\n *password* %n\n *successful*
        username map = /usr/local/etc/samba/smbusers
        unix password sync = Yes
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No
        log level = 5
        log file = /usr/local/var/log/samba/%m.log
        max log size = 100000
        name resolve order = wins bcast hosts
        time server = Yes
        printcap name = CUPS
        show add printer wizard = No
        add user script = /usr/sbin/useradd -m %U
        delete user script = /usr/sbin/userdel -r %U
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupdel %g
        add user to group script = /usr/sbin/usermod -G %g %U
        add machine script = /usr/sbin/useradd -c "Machine Account" \
                    -d /dev/null -g 700 -s /sbin/nologin -M %m$
        logon script = %U_logon.bat
        logon path = \\%L\profiles\%U-%m
        logon drive = H:
        logon home = \\%L\%U
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap ssl = no
        eventlog list = smbd.log
        utmp = Yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/winnt/%D/%U
        template shell = /bin/bash
        winbind use default domain = Yes
        comment = Samba
        hosts allow = 192.168.1., 127.0.0.1
        map acl inherit = Yes
        cups options = raw
        veto files = /*.eml/*.nws/*.{*}/
        veto oplock files = /*.doc/*.xls/*.mdb/

[netlogon]
        path = /home/samba/netlogon
        read list = @staff
        write list = +root
        browseable = No

[profiles]
        comment = Profiles
        path = /home/samba/profiles
        read only = No
        guest ok = Yes
        profile acls = Yes
        browseable = No
        csc policy = disable

[homes]
        comment = Home Directories
        path = /home/%U
        valid users = %S
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No

[Public]
        comment = Public Directory
        path = /home/Public
        valid users = +staff
        force group = +staff
        read only = No
        create mask = 0666
        directory mask = 0777
        guest ok = Yes
        root preexec = /root/bin/log-smb-service-conn %U %S

... other shares snipped ...

More information about the samba mailing list