[Samba] Samba 2.2 vs. 3: Domain Member & Winbind quick question

Tyler Thueson tylernt at gmail.com
Thu Mar 17 16:24:48 GMT 2005 

I have a Samba 2.2 box set up as a member server in a Windows domain.
Any random Windows domain user can connect and a local Linux system
account is created on the fly, as it should.

I am trying to do the same on another box with Samba 3. However, when I
connect from a Windows domain member, I get prompted for credentials. If I
enter domain\username and my password, I connect and a local Linux
system account is created on the fly, and all is good. But 2.2 doesn't
prompt, and I don't want to be prompted by 3.0!

#/etc/samba/smb.conf
[global]
        workgroup = DOMAIN
        server string = Samba Server
        security = DOMAIN
        passdb backend = tdbsam:/etc/samba/private/passdb.tdb
        log file = /var/log/samba.%m
        max log size = 50
        add user script = /usr/sbin/useradd -g users %u
        dns proxy = No
        wins server = 1.2.3.4, 2.3.4.5
        ldap ssl = no
        idmap uid = 10000-200000
        idmap gid = 10000-200000
        winbind use default domain = Yes
        netbios name = SERVER
        password server = *

#/etc/nsswitch.conf
passwd:         compat winbind
group:          compat winbind
hosts:          files dns
networks:       files
services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
bootparams:     files
automount:      files
aliases:        files

When Windows makes the initial connection before I get prompted in Windows:
#/var/log/samba.clienthostname
[2005/03/16 11:37:22, 0] auth/auth_util.c:make_server_info_info3(1120)
  make_server_info_info3: pdb_init_sam failed!
useradd: invalid user name 'USERNAME'
useradd: invalid user name 'USERNAME'
useradd: invalid user name 'USERNAME'

After I enter domain\username in Windows prompt:
#/var/log/samba.clienthostname
[2005/03/16 15:27:41, 1] smbd/service.c:make_connection_snum(619)
  clienthostname (1.2.3.4) connect to service sharename initially as
user username (uid=1000, gid=100) (pid 1016)

It almost seems as if the initial connection by Windows is sending the
naked username, without the domain\ in front. Is there a way to tell
Winbind to add domain\ in front of naked usernames or something? As
you can see above I turned on 'winbind use default domain' but
obviously that does not fix the problem.

Help?

More information about the samba mailing list