[Samba] Samba 3.0.10 / Solaris 8 / Windows 2003

Henrik Zagerholm henke at mac.se
Mon Nov 6 23:50:21 GMT 2006


Any reason why you don't use security=ads and kerberos so that you  
get single sign on for shares with your AD users?
This way they don't need to supply user/pass to samba shares as samba  
kan handles the kerberos tickets issued when they logged on to the  
win box.

cheers
6 nov 2006 kl. 21:59 skrev Brad Isbell:

> Any help would be very much appreciated.
>
> My Configuration-
> Solaris 8 - hostname = vail
> Samba 3.0.10 (downloaded from sunfreeware.com)
> As per the instructions on sunfreeware, I have also installed the  
> following packages-
> libgcc-3.3
> libiconv-1.9.2
> libintl-3.4.0
> ncurses-5.4
> popt 1.7
> readline 5.1
>
> Also on my network-
> A Windows 2003 ES domain controller: hostname = SEEDS1  domain = SEEDS
> A Windows 2003 ES system: hostname = SEEDS2 member of domain SEEDS
>
> Objective:
> All I want is for my users on the windows hosts to be able to  
> access shared resources from the samba server.  I want all  
> authentication to go through the DC, I do not want to have to  
> maintain a local smbpasswd file.
>
> Problem:
> When I put a directory search path of \\vail\Samba into the Windows  
> system it prompts for a username and password.  When I put in the  
> username and password of a domain account I do not get access to  
> the share.  I can log into a windows system with the domain  
> information, so I know it's not a problem with the domain  
> configuration.
>
>
> smb configuration from log.smbd:
>  Processing section "[global]"
>  doing parameter workgroup = SEEDS
>  doing parameter server string = Samba Server
>  doing parameter security = domain
>  doing parameter encrypt passwords = yes
>  doing parameter load printers = yes
>  doing parameter log file = /usr/local/samba/var/log.%m
>  doing parameter max log size = 50
>  doing parameter socket options = TCP_NODELAY
>  doing parameter dns proxy = no
> [2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
>  Processing section "[homes]"
>  doing parameter comment = Home Directories
>  doing parameter browseable = no
>  doing parameter writable = yes
> [2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
>  Processing section "[SAMBA]"
>  doing parameter comment = Samba Packages
>  doing parameter path = /export/Samba
>  doing parameter public = yes
>  doing parameter writeable = no
> [2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
>  Processing section "[printers]"
>  doing parameter comment = All Printers
>  doing parameter path = /usr/spool/samba
>  doing parameter browseable = no
>  doing parameter guest ok = no
>  doing parameter writable = no
>  doing parameter printable = yes
>
>
> Tests on Samba server.
> These tests show that the Samba server does have access to the domain.
>
> Test 1 : use wbinfo to authenticate user account  - SUCCESS
> # wbinfo -a bisbell%PASSWORD
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
> error messsage was: No such user
> Could not authenticate user bisbell%PASSWORD with plaintext password
> challenge/response password authentication succeeded
>
> Test 2:  Use wbinfo to show that domain info is accessable - SUCCESS
> # wbinfo -u
> SEEDS\Administrator
> SEEDS\bisbell
> SEEDS\cowens
> SEEDS\Guest
> SEEDS\krbtgt
>
> # wbinfo -g
> BUILTIN\System Operators
> BUILTIN\Replicators
> BUILTIN\Guests
> BUILTIN\Power Users
> BUILTIN\Print Operators
> BUILTIN\Administrators
> BUILTIN\Account Operators
> BUILTIN\Backup Operators
> BUILTIN\Users
> SEEDS\Domain Admins
> SEEDS\Domain Users
> SEEDS\Domain Guests
> SEEDS\Domain Computers
> SEEDS\Domain Controllers
> SEEDS\Schema Admins
> SEEDS\Enterprise Admins
> SEEDS\Group Policy Creator Owners
> SEEDS\DnsUpdateProxy
>
>
> Possible Related Problems-
>
> The smbclient command does not work.
> # smbclient -U bisbell //vail/Samba
> Password:
>
> session setup failed: NT_STATUS_LOGON_FAILURE
>
>
> smbtree produces no output
> # smbtree
> password:
>
> #
>
>
> Any ideas on what I'm doing wrong?
>
> Thanks,
>   Brad
>
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list