[Samba] Gentoo, Samba, Upgrade, Authentications now failing

Jason Gerfen jason.gerfen at scl.utah.edu
Tue Jun 3 15:55:19 GMT 2008

I rolled it back and experienced the same problems so I went ahead and 
followed the following steps during the upgrade to 3.0.30

1. Removed machine from domain trust user account
2. Uninstalled samba
3. Re-installed latest 3.0.30 using Gentoo's emerge facility
4. Used Kinit with domain admin account
5. Joined machine to domain
6. Ensured that krb5auth using winbind worked (now working, had to 
modify user accounts in active directory. even having to go so far as to 
remove user, and recreate then apply the RFC2307 schema attributes)

Everything is authenticating again but I am not able to get the 
pam_mkhomedir.so object create my user directories.
relevant file info:
         nt acl support = yes
         inherit permissions = yes
         create mask = 0022
         template homedir = /home/samba/%U

         comment = %U Home directory
         browsable = yes
         read only = yes
         create mask = 0022
         force create mode = 0022
         directory mask = 0022
         force directory mode = 0022
         path = /home/samba/%U

%> ls -lah /home
drwxrwxrwx  2 nobody users  48 Jun  2 09:48 samba

Am I missing something with the permissions? I know, they are at 755 for 
now so I can figure out why its not working. What is the best practice 
for this folders permissions? Thanks.

Jason Gerfen wrote:
> John Drescher wrote:
>>> Ok I have updated it and am no able to authenticate. It seems that even
>>> though my smb.conf shows 'client plaintext auth = no' in the logs when
>>> performing a 'wbinfo --krb5auth=username%password' it shows
>>> plaintext kerberos password authentication for [username%password] 
>>> failed
>>> (requesting cctype: FILE)
>>> Any ideas? I do appreciate any help I can get on this. Here is some 
>>> version
>>> information: Version 3.0.30
>>> -- 
>> Sorry that did not help. For now I am out of ideas. Hopefully someone
>> knows how to fix that soon otherwise I would go back to the last
>> version that worked.
> No worries, I will roll it back to 3.0.28. I am not sure why it would 
> use plaintext vs. the ntlmv2 that is specified in the config.
>> John


More information about the samba mailing list