[Samba] need some assistance - Samba 3.09 on FreeBSD 4.5
Jon Starbird
jcstar at streamtheory.com
Tue Jan 11 20:10:12 GMT 2005
Hello,
I've been able to get Samba up and running, it joins the ADS domain
fine. It appears in the network browser on our Windows machines but when
anyone attempts to access a restricted share it fails to authenticate
them. I say restricted because if anyone accesses an open to everyone
share it works.
I'm trying to get the entire thing setup so that the Samba server is
just a MEMBER of the Active Directory domain, running in Native mode. I
do not want the Samba machine to be any kind of domain controller.
I've run wbinfo and it does return all the info correctly.
The log files, logging set to level 3, are showing the following when
someone attempts to connect to a restricted share:
From the log of the machine attempting to access Samba share:
[2005/01/11 11:50:50, 2] smbd/service.c:make_connection_snum(314)
user '[real username]' (from session setup) not permitted to access
this share ([real share name])
[2005/01/11 11:50:50, 3] smbd/error.c:error_packet(129)
error packet at smbd/reply.c(416) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
From the log.smbd:
[2005/01/11 11:50:50, 0] smbd/server.c:open_sockets_smbd(383)
open_sockets_smbd: accept: Software caused connection abort
From the log.winbindd:
[2005/01/11 11:50:50, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[ 5472]: request interface version
[2005/01/11 11:50:50, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[ 5472]: request location of privileged pipe
[2005/01/11 11:50:50, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(210)
[ 5472]: domain_info [[CORRECT_DOMAIN_NAME.COM]]
[2005/01/11 11:50:50, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(210)
[ 5472]: domain_info [[CORRECT_DOMAIN_NAME.COM]]
[2005/01/11 11:50:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(422)
[ 5472]: gid to sid 1001
[2005/01/11 11:50:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(422)
[ 5472]: gid to sid 0
[2005/01/11 11:50:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(422)
[ 5472]: gid to sid 70
[2005/01/11 11:51:50, 3] nsswitch/winbindd_ads.c:trusted_domains(832)
ads: trusted_domains
[2005/01/11 11:51:50, 3] libads/ldap.c:ads_connect(247)
Connected to LDAP server [correct IP to Domain Controllor]
[2005/01/11 11:51:50, 3] libads/ldap.c:ads_server_info(2432)
got ldap server name [correct_DC_NAME at correct_domain.com], using bind
path: dc=[correct domain name],dc=COM
[2005/01/11 11:51:50, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109)
IPC$ connections done anonymously
[2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_start_connection(1382)
Connecting to host=[correct dc name]
[2005/01/11 11:51:50, 3] lib/util_sock.c:open_socket_out(752)
Connecting to [correct dc ip] at port 445
[2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713)
Doing spnego session setup (blob length=115)
[2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 2 840 48018 1 2 2
[2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 2 840 113554 1 2 2
[2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 2 840 113554 1 2 2 3
[2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 3 6 1 4 1 311 2 2 10
[2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745)
got principal=[correct dc name]$@[correct domain name.com]
[2005/01/11 11:51:50, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538)
Doing kerberos session setup
[2005/01/11 11:51:50, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319)
Ticket in ccache[MEMORY:cliconnect] expiration Tue, 11 Jan 2005
21:51:48 GMT
[smb.conf]
[global]
workgroup = domain_name
realm = realm_name.com
server string = Samba Server
netbios name = server_name
hosts allow = [several IP ranges to allow from]
security = ADS
encrypt passwords = yes
password server = DC_name.domainname.com
#username map = /etc/samba/smbusers
client signing = yes
server signing = yes
guest account = samba
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = "Domain Users"
template shell = /bin/bash
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = fxp0
local master = no
dns proxy = no
winbind separator = _
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
read only = No
valid users = %S
# A publicly accessible directory, but read only, except for people in
# the "staff" group
[public]
comment = Public Stuff
path = /home/samba
browseable = yes
public = yes
read only = no
printable = no
valid users = @"domainname.com_Domain Users"
# Processing share, contains processing files and tools.
[share name]
comment = Stuff
path = /usr/local/stuff
browseable = yes
public = yes
read only = no
printable = no
valid users = @"domainname.COM_Domain Users"
create mask = 666
directory mask = 777
force user = mrjones
force group = webheads
Any help will be greatly apprecicated.
Thanks,
Jon
More information about the samba
mailing list