[Samba] samba member server auth issue
Anthony Messina
amessina at messinet.com
Wed Oct 18 22:22:40 GMT 2006
i currently have a samba pdc, samba bdc and samba member server all
running samba-3.0.23c-1.fc5. up until the 3.0.22 releases, i never had
any problems with users authenticating to member servers.
problem now is, a user from windows xp professional (which is part of
the domain) can auth to the pdc and bdc, but not to the domain member
server. the same thing happens from windows xp home (even though they
can't be domain members) the xp home computer can auth to pdc, bdc but
not member server.
the member server logs report:
auth/auth_domain.c:domain_client_validate(246)
domain_client_validate: unable to validate password for user username
in domain MESSINET.COM to Domain controller HOME. Error was
NT_STATUS_WRONG_PASSWORD.
this error is reported many times successively on the member server, and
nothing at all show up in the pdc or the bdc logs.
i am thinking that i have misconfigured some parameter, but all of these
configs worked prior to the 3.0.22 line of samba.
i do appreciate your help, and sorry for the lengthy post. -anthony
here is the smb.conf from the pdc:
[global]
workgroup = messinet.com
netbios name = home
server string = Samba Domain Server
hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24
hosts deny = 0.0.0.0/0
interfaces = lo eth0
bind interfaces only = yes
printcap name = /etc/printcap
load printers = no
printing =
cups options =
guest account = guest
log file = /var/log/samba/samba.log
max log size = 1024
log level = 1
security = user
lanman auth = no
client ntlmv2 auth = yes
enable privileges = yes
ldap passwd sync = no
ldap admin dn = "uid=sambaroot,ou=People,dc=messinet,dc=com"
passdb backend = ldapsam:ldap://127.0.0.1
ldap ssl = off
ldap delete dn = yes
ldap suffix = dc=messinet,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap,dc=messinet,dc=com
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
encrypt passwords = yes
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
local master = yes
os level = 33
domain master = yes
preferred master = yes
domain logons = yes
logon script = %U.bat
logon drive = H:
logon home = \\%L\%U
name resolve order = wins lmhosts bcast
wins support = yes
wins proxy = no
dns proxy = no
preserve case = yes
nt acl support = yes
#============================ Share Definitions
template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directory for %U
csc policy = disable
browseable = no
writable = yes
valid users = %S
hide files = /Desktop.ini/desktop.ini/RECYCLER/Thumbs.db/
[netlogon]
comment = Network Logon Service
path = /etc/samba/netlogon
guest ok = yes
writable = no
browseable = no
share modes = no
[public_share]
comment = Messinet Secure Services Local Public Share
path = /pub
guest ok = no
writable = yes
printable = no
valid users = +"MESSINET.COM\Domain Users"
create mask = 0644
force create mode = 0644
directory mask = 1755
force directory mode = 1755
hide dot files = yes
hide files = /Desktop.ini/desktop.ini/RECYCLER/Thumbs.db/
veto files = /aquota.*/*~/lost+found/.Trash*/
here is the smb.conf from the samba domain member server:
[global]
workgroup = messinet.com
netbios name = linux-ws1
server string = Samba Print Server
hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24
hosts deny = 0.0.0.0/0
printcap name = cups
load printers = yes
printing = cups
cups options = raw
guest account = guest
log file = /var/log/samba/samba.log
max log size = 1024
log level = 1
security = domain
lanman auth = no
client ntlmv2 auth = yes
enable privileges = yes
encrypt passwords = yes
username map = /etc/samba/smbusers
interfaces = lo eth0
bind interfaces only = yes
local master = no
os level = 33
domain master = no
preferred master = no
domain logons = no
name resolve order = wins lmhosts bcast
wins support = no
wins server = 192.168.1.5
wins proxy = no
dns proxy = no
preserve case = yes
nt acl support = yes
#============================ Share Definitions
[printers]
comment = Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[print$]
comment = Printer Driver Download Area
path = /etc/samba/drivers
browseable = no
guest ok = no
read only = yes
write list = +Print_Operators, sambaroot
[public_share]
comment = Local Media Private Share
path = /pub
guest ok = no
writable = yes
printable = no
valid users = +Domain_Admins, +Domain_Users
create mask = 0644
force create mode = 0644
directory mask = 1755
force directory mode = 1755
hide dot files = yes
hide files = /Desktop.ini/desktop.ini/RECYCLER/Thumbs.db/
veto files = /aquota.*/*~/lost+found/.Trash*/
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba/attachments/20061018/9954ed74/signature.bin
More information about the samba
mailing list