[Samba] Winbind password problem
John H Terpstra
jht at samba.org
Thu Nov 15 08:59:45 GMT 2007
On Thursday 15 November 2007 00:56, John and Asta wrote:
> I’m having a real problem getting winbind to work with our domain server
> SAMBA version:3.0.26a. Winbind used to work fine with the old server
> running an older version of samba
>
> The Globals of my smb.conf looks like:
>
>
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2005/07/04 14:40:01
>
> # Global parameters
> [global]
> logon drive = H:
> domain master = Yes
> map to guest = Bad User
> username map = /etc/samba/smbusers
> encrypt passwords = yes
> printer admin = @ntadmin, root, administrator
> logon home = \\%L\%u\.win_profile\%m
> wins support = Yes
> printcap cache time = 750
> cups options = raw
> ldap machine suffix = ou=Computers
> logon script = logon.bat
> ldap suffix = dc=example,dc=com
> workgroup = MACHABENG
> logon path = \\%L\profiles\%u\%m
> os level = 65
> printcap name = cups
> security = DOMAIN
> preferred master = Yes
> add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody
> -s /bin/false %m$
> ldap idmap suffix = ou=Idmap
> domain logons = Yes
This configuration is broken! You have told Samba to be a domain member
server (security = domain), yet it appears you want it to be a domain
controller ("security = user" plus "domain logons = Yes"). The configuration
uses LDAP, but I do not see specification of "passdb backend = ldapsam" which
is necessary so that Samba knows how to connect with LDAP.
> If I run the following command things seem to work
>
> wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> wbinfo -u
>
> produces a list of users
>
> getent passwd
>
> guidance:x:10005:10000:guidance:/home/MACHABENG/guidance:/bin/bash
> science:x:10006:10000:science:/home/MACHABENG/science:/bin/bash
> humanities:x:10007:10000:humanities:/home/MACHABENG/humanities:/bin/bash
>
> however,
>
> sudo wbinfo -a user%password
>
> plaintext password authentication failed
> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
> error messsage was: No logon servers
> Could not authenticate user asta%verity with plaintext password
> challenge/response password authentication failed
> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
> error messsage was: No logon servers
> Could not authenticate user asta with challenge/response
> jhumphreys at ubuntu5-desktop:~$
Is this machine intended to be the PDC? If so, change the "security = domain"
to "security = user" and add "passdb = ldapsam". If it should in fact be a
domain member server the configuration needs to be corrected also.
>
> Well I’m stuck may be a bug in SAMBA version:3.0.26a. Is there a better
> way of getting a username and password from a Linux server than winbind?
Please follow the guidelines in Samba3-ByExample. You can obtain this in HTML
from:
http://www.samba.org/samba/docs/Samba3-ByExample
or in PDF format from:
http://www.samba.org/samba/docs/Samba3-ByExample.pdf
In particular, check chapters 5 and 7.
Cheers,
John T.
More information about the samba
mailing list