[Samba] Samba Domain authentication and shares

Dale Schroeder dale at BriannasSaladDressing.com
Tue Feb 13 20:34:31 GMT 2007


Kevin,

When I had getent issues, it turned out to be the "idmap backend" 
parameter that got me.  I should have left it at the default, but didn't.
Is your pam login file set up for winbind?
Although it seems only vaguely related to your problem, there was an 
issue about connecting _from_ a W2K3 system listed here:  
http://lists.samba.org/archive/samba/2007-January/128589.html .
I don't know is that is an issue for you or not.

If none of these help you, you will need to post your smb.conf and Samba 
version to let the real experts diagnose.  I comment on what burned me. ;-)

Good luck,

Dale

Kevin Gutch wrote:
> Dale,
>
> Thanks for the link. I have read it over and it seems that my error is
> probably in winbind. All of these command work.
> *
> net ads join -U Administrator*
> wbinfo -u
> wbinfo -g
> net ads info
>
> However, the "winbind getent passwd" indicates the passwords are still
> coming from the local machine. I can provide you with whatever files you
> would like to see.
> Below is my nsswitch.conf  file:
>
> Thanks in advance.
>
>
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Legal entries are:
> #
> #    nisplus or nis+        Use NIS+ (NIS version 3)
> #    nis or yp        Use NIS (NIS version 2), also called YP
> #    dns            Use DNS (Domain Name Service)
> #    files            Use the local files
> #    db            Use the local database (.db) files
> #    compat            Use NIS on compat mode
> #    hesiod            Use Hesiod for user lookups
> #    [NOTFOUND=return]    Stop searching if not found so far
> #
>
> # To use db, put the "db" in front of "files" for entries you want to be
> # looked up first in the databases
> #
> # Example:
> #passwd:    db files nisplus nis
> #shadow:    db files nisplus nis
> #group:     db files nisplus nis
>
> passwd:     compat winbind 
> shadow:     compat 
> group:      compat winbind 
>
> #hosts:     db files nisplus nis dns
> hosts:      files dns
>
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> #networks:   nisplus [NOTFOUND=return] files
> #protocols:  nisplus [NOTFOUND=return] files
> #rpc:        nisplus [NOTFOUND=return] files
> #ethers:     nisplus [NOTFOUND=return] files
> #netmasks:   nisplus [NOTFOUND=return] files    
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files winbind
> rpc:        files
> services:   files winbind
>
> netgroup:   files winbind
>
> publickey:  nisplus
>
> automount:  files winbind
> aliases:    files nisplus
>
>
> --------------------------------------------------------------------------------------------------
>
> Dale Schroeder wrote:
>   
>> Kevin,
>>
>> Without your Samba version and smb.conf, it is hard to diagnose what
>> the problem might be.
>> Since many use "security = ADS" and winbind to authenticate against a
>> W2K3 domain, see if these resources are of any help to you:
>>
>> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
>> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
>>
>>
>> Dale
>>
>> Kevin Gutch wrote:
>>     
>>> Hello,
>>> Mime-Version: 1.0
>>> Content-Transfer-Encoding: 7bit
>>> Content-Type: text/plain; charset=ISO-8859-1
>>>
>>> I have been able to use Samba to join our Win2003 domain. I have also
>>> setup folders and permissions in the smb.conf file. I can browser to the
>>> Samba Shares 2 ways, thru network neighborhood and by UNC/ip address.
>>> Both of these methods prompt me for login which is not successful. I
>>> assumed that if I userA had permissions to a folder in the smb.conf file
>>> that Windows userA would e able to access wit no problems as long as he
>>> was logged onto the domain.
>>>
>>> Does anyone have any suggestions or troubleshooting tips?
>>>
>>> Thanks,
>>>
>>> Kevin
>>>   
>>>       
>
>
>   


More information about the samba mailing list