[Samba] Problem cooperating with Windows and AD
Administrator
Administrator at paradisent.com
Tue Feb 14 03:42:36 GMT 2006
Hi,
I'm having a problem getting my Windows machines to access shares in
Samba. When they browse to the Samba box it sometimes gives them an
error saying that they don't have permission or that the server is
unavailable. However this doesn't always happen and other times it lists
the shares. When I try to access the shares it just prompts for the
username/password over and over. I've tried Google and browsing around
the Samba doc and have spent hours and hours trying to fix this. I'm at
my wits end. Can anyone help?
I'm running Fedora Core 3 on the Samba server and upgraded Samba to
3.0.21b. Before I upgraded it was working most of the time; however, not
all the time, and there was an error in one of the logs. I researched
the error and found that it was resolved in a newer version of Samba, so
I upgraded. I'm running Windows Server 2003 SP1 using Active Directory
for domain authentication and running Samba in ADS security mode. All
Windows clients run XP Pro SP2. I'm using Webmin for remote
administration, but I also just login to the machine at times. I do use
Webmin to join the domain though.
Here are some of my configuration files:
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2006/02/11 21:49:19
[global]
workgroup = CHU
realm = CHU.PARADISENT.COM
netbios aliases = Zeus, zeus
server string = Samba Server
security = ADS
client schannel = Yes
server schannel = Yes
null passwords = Yes
password server = paradise.paradisent.com
log file = /usr/local/samba/var/%m.log
max log size = 50
client signing = Yes
server signing = Yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
preload = shared website
socket address = 192.168.0.20
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/tcsh
winbind separator = |
cups options = raw
[shared]
comment = Shared Folder
path = /shared
valid users = CHU|administrator, CHU|annie, CHU|jacob,
@CHU|Household
read only = No
[jacob]
comment = Jacob's Home Dir
path = /home/jacob
valid users = CHU|jacob
read only = No
[root]
comment = Root's Home Dir
path = /root
valid users = CHU|administrator, CHU|annie, CHU|jacob,
@BUILTIN|Administrators, "@CHU|Domain Admins", "@CHU|Enterprise Admins"
read only = No
[annie]
comment = Annie's Home Dir
path = /home/annie
valid users = CHU|annie
read only = No
[website]
comment = Main Website
path = /var/www/html
valid users = CHU|administrator, CHU|annie, CHU|jacob,
@CHU|Household
read only = No
#
# /etc/nsswitch.conf
#
passwd: files winbind
shadow: files
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
#krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = CHU.PARADISENT.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
CHU.PARADISENT.COM = {
kdc = paradise.paradisent.com
admin_server = paradise.paradisent.com
default_domain = chu.paradisent.com
}
[domain_realm]
.example.com = CHU.PARADISENT.COM
example.com = CHU.PARADISENT.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Here are some items of interest from the logs:
192.168.0.5.log (similar errors in other logs)
[2006/02/11 21:06:59, 0] lib/debug.c:reopen_logs(597)
Unable to open new log file /usr/local/samba/var/paradise.log:
Permission denied
[2006/02/11 21:07:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username CHU|PARADISE$ is invalid on this system
[2006/02/11 21:07:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username CHU|PARADISE$ is invalid on this system
[2006/02/11 21:07:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username CHU|PARADISE$ is invalid on this system
[2006/02/11 21:07:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username CHU|PARADISE$ is invalid on this system
[2006/02/11 21:07:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username CHU|PARADISE$ is invalid on this system
[2006/02/11 21:07:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username CHU|PARADISE$ is invalid on this system
[2006/02/11 21:07:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username CHU|PARADISE$ is invalid on this system
Log.nmbd
[2006/02/11 00:28:23, 0] nmbd/nmbd.c:terminate(58)
Got SIGTERM: going down...
[2006/02/11 00:29:19, 0] nmbd/nmbd.c:main(727)
Netbios nameserver version 3.0.21b started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/02/11 00:35:17, 0] nmbd/nmbd.c:terminate(58)
Got SIGTERM: going down...
[2006/02/11 00:35:17, 0] libsmb/nmblib.c:send_udp(791)
Packet send failed to 192.168.0.255(138) ERRNO=Invalid argument
[2006/02/11 00:38:46, 0] nmbd/nmbd.c:main(727)
Netbios nameserver version 3.0.21b started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/02/11 20:57:46, 0] nmbd/nmbd.c:main(727)
Netbios nameserver version 3.0.21b started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/02/11 21:22:33, 0] nmbd/nmbd.c:terminate(58)
Got SIGTERM: going down...
[2006/02/11 21:22:34, 0] nmbd/nmbd.c:main(727)
Netbios nameserver version 3.0.21b started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
Smbd.log
[2006/02/11 20:57:45, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(195)
startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd
did not exist. File successfully created.
[2006/02/11 20:58:12, 0] lib/util_sock.c:get_peer_addr(1225)
getpeername failed. Error was Transport endpoint is not connected
[2006/02/11 20:58:12, 0] lib/util_sock.c:get_peer_addr(1225)
getpeername failed. Error was Transport endpoint is not connected
[2006/02/11 21:06:56, 0] lib/util_sock.c:get_peer_addr(1225)
getpeername failed. Error was Transport endpoint is not connected
Paradise.log
[2006/02/11 21:06:56, 0] lib/util_sock.c:write_data(557)
write_data: write failure in writing to client 192.168.0.5. Error
Connection reset by peer
[2006/02/11 21:06:56, 0] lib/util_sock.c:send_smb(765)
Error writing 4 bytes to client. -1. (Connection reset by peer)
Tama.log
[2006/02/11 20:58:14, 0] lib/util_sock.c:write_data(557)
write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer
[2006/02/11 20:58:14, 0] lib/util_sock.c:send_smb(765)
Error writing 4 bytes to client. -1. (Connection reset by peer)
Log.wb-CHU
[2006/02/05 20:17:59, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2006/02/10 23:09:04, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2006/02/11 00:35:17, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2006/02/11 19:57:04, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2006/02/11 21:27:13, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
Here's the output from wbinfo and getent:
[root at zeus ~]$ wbinfo -u
CHU|administrator
CHU|guest
CHU|paradise$
CHU|krbtgt
CHU|iusr_paradise
CHU|iwam_paradise
CHU|jacob
CHU|8fd34871-30cc-4e8f-8
CHU|euq_paradise
CHU|annie
CHU|radicalannie$
CHU|tamaold$
CHU|dcs_paradise
CHU|tama$
CHU|aquarius$
CHU|zeus$
[root at zeus ~]$ wbinfo -g
CHU|domain computers
CHU|domain controllers
CHU|schema admins
CHU|enterprise admins
CHU|cert publishers
CHU|domain admins
CHU|domain users
CHU|domain guests
CHU|group policy creator owners
CHU|ras and ias servers
CHU|dnsadmins
CHU|dnsupdateproxy
CHU|iis_wpg
CHU|debugger users
CHU|exchange domain servers
CHU|exchange enterprise servers
CHU|smex admin group
CHU|household
[root at zeus ~]$ getent passwd
root:x:0:0:root:/root:/bin/tcsh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
ident:x:98:98::/home/ident:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
jacob:x:500:500:Jacob Lear:/home/jacob:/bin/tcsh
clamav:x:501:501:Clam AntiVirus:/home/clamav:/sbin/nologin
pcguest:x:502:502:::/sbin/nologin
annie:x:503:504:Anne Gaines:/home/annie:/bin/tcsh
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
named:x:25:25:Named:/var/named:/sbin/nologin
[root at zeus ~]$ getent group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
dbus:x:81:
floppy:x:19:
vcsa:x:69:
nscd:x:28:
rpm:x:37:
haldaemon:x:68:
utmp:x:22:
netdump:x:34:
slocate:x:21:
ident:x:98:
sshd:x:74:
rpc:x:32:
rpcuser:x:29:
nfsnobody:x:65534:
mailnull:x:47:
smmsp:x:51:
pcap:x:77:
apache:x:48:
squid:x:23:
webalizer:x:67:
xfs:x:43:
ntp:x:38:
gdm:x:42:
jacob:x:500:
clamav:x:501:
pcguest:x:502:
webmaster:x:503:root,jacob,annie
annie:x:504:
mysql:x:101:
named:x:25:
Let me know if you need any more information, and thanks in advance for
any help you can offer. =)
-Jacob.
More information about the samba
mailing list