[Samba] Inconsistent Authentication Results on Different Servers
Tim Evans
tkevans at tkevans.com
Thu Apr 27 15:10:54 GMT 2006
We have several RedHat Enterprise Linux version 4 servers (running the
distributed Samba). Windbind/nsswitch is set up to point to W2K server
running in Mixed Mode. (smb.conf from the one *working* server follows, below).
wbinfo/getent get proper results when run from the Linux command line (i.e.,
listing everyone in both local Linux /etc/passwd and everyone in the Domain,
but we are having mixed results with actual user authentication among the
systems, despite their having the same smb.conf files. Sometimes users can
access their shares with no password prompt, sometimes they get prompted and
successfully get to their shares, and sometimes passwords are not accepted at all.
Some questions occur to me:
1. What is the order of authentication when the user has an /etc/passwd
account on the server (no NIS in use), is in the smbpasswd file, and is in the
Windows domain?
2. Can/should the smbpasswd file and tbd databases be identical on all the
servers? And, if so, must all domain accounts be listed in smbpasswd?
# smb.conf
workgroup = JJS-SDM
netbios name = geneva
server string = geneva
hosts allow = 192.168.1. 127.
log file = /var/log/samba/%m.log
max log size = 50
security = domain
client use spnego = yes
client schannel = no
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
winbind separator = +
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 192.168.1.4
dns proxy = no
--
Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court
tkevans at tkevans.com | Owings Mills, MD 21117
http://www.tkevans.com/ | 443-394-3864
http://www.come-here.com/News/ |
More information about the samba
mailing list