[Samba] Samba 3.0.10 issues with native mode ADS...

David Wruck mirloc at yahoo.com
Tue Jan 4 14:56:55 GMT 2005 

Earlier I had written regarding an issue with ADS
support not compiling in in the 3.0.9 release. As of a
few days ago, we scrapped the 3.0.9 install, and set
up 3.0.10, and ADS support compiled in immediately. It
looks like there might be something funny in the make
file for 3.0.9 building on Solaris 9?

Anyhow, we are much closer to an implementation on
3.0.10, but still are not quite there yet. Once again,
we are running Solaris 9, and have Samba 3.0.10
installed, and running. We joined the Win2k ADS
without any issues at all, and seemed to have a near
flawless compile and installation.

Where we are at now, the SMB service is advertising
correctly, including allowing for auto fill-in in the
RUN box, however access is still denied to any
Win-Only account. Those with a twined Unix/Win account
seem to have access. We tried manually adding a Samba
account for one of the Win-Only users, but they still
were unable to access the share, the error on the
Windows side was unknown user or password, on the
Samba side we got this:

[2005/01/03 15:25:35, 5] libsmb/credentials.c:(167)
  	new clnt cred: B7B5BB53C76108AD
[2005/01/03 15:25:35, 2] nsswitch/winbindd_pam.c:(361)
  Plain-text authentication for user root returned
NT_STATUS_NO_SUCH_USER (PAM: 13)
[2005/01/03 15:25:35, 10] nsswitch/winbindd.c:(524)
  client_write: wrote 1300 bytes.
[2005/01/03 15:25:35, 10] nsswitch/winbindd.c:(470)
  client_read: read 0 bytes. Need 1824 more for a full
request.
[2005/01/03 15:25:35, 5] nsswitch/winbindd.c:(477)
  read failed on sock 21, pid 6255: EOF
[2005/01/03 15:25:35, 3] smbd/sec_ctx.c:(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/03 15:25:35, 5] auth/auth_util.c:(486)
  NT user token: (NULL)
[2005/01/03 15:25:35, 5] auth/auth_util.c:(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary
groups

Indicating that for some reason I am not sure of,
Samba is trying to contact the domain as root.
Frankly, we are stumped here. I have logs, and configs
available to post, but will refrain unless someone
need to see them, as it would turn what is already a
fairly long post into a book-like nightmare.

David

More information about the samba mailing list