[Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login

Mike Galvez mrg8n at virginia.edu
Mon Jun 30 19:21:02 GMT 2008 

Hi,

I am trying to connect a FreeBSD server running 7.0 Release and Samba 3.0.28a to a
Windows 2003 AD Domain Controller. Has anyone had success with this combo? I have joined
the domain and I can enumerate users, groups, etc.. 

humpty# getent passwd|wc -l
     105
humpty# wbinfo -u|wc -l
     165
humpty# wbinfo -g|wc -l
      59

humpty# wbinfo -t
checking the trust secret via RPC calls succeeded

humpty# getent group|wc -l
      84

humpty# net ads info
LDAP server: 128.143.xx.xxx
LDAP server name: pdc.mydomain.virginia.edu
Realm: MYDOMAIN.VIRGINIA.EDU
Bind Path: dc=MYDOMAIN,dc=VIRGINIA,dc=EDU
LDAP port: 389
Server time: Mon, 30 Jun 2008 11:29:56 EDT
KDC server: 128.143.xx.xxx
Server time offset: 1



When I try to access my home folder on the Samba server I'm prompted for a user
name and password. Even after credentials are supplied the login box reappears
and I get no further. The client log from the machine I'm connecting with has 
the following error when I try to access my own home folder:

[2008/06/30 14:14:41, 2] smbd/service.c:make_connection_snum(616)
  user 'MYDOMAIN\mrg8n' (from session setup) not permitted to access this share (mrg8n)
[2008/06/30 14:14:41, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED

I've read other posts asking similar questions, but no replies that solved the issue. 




smbstatus shows my client machine connected:
Processing section "[homes]"
Processing section "[printers]"

Samba version 3.0.28a
PID     Username      Group         Machine                        
-------------------------------------------------------------------
78698   mrg8n         mrg8n         137.54.xxx.xxx (137.54.xxx.xxx)

Service      pid     machine       Connected at
-------------------------------------------------------
IPC$         78698   137.54.xxx.xxx  Mon Jun 30 11:21:12 2008

No locked files



nsswitch.conf:

group: files ldap winbind
hosts: files dns wins
networks: files
passwd: files ldap winbind
shells: files
services: files
protocols: files
rpc: files



My smb.conf:

#======================= Global Settings =====================================
[global]

workgroup = MYDOMAIN
server string = HUMPTY
load printers = no
log file = /var/log/samba/log.%m
max log size = 50
log level = 3
syslog = 0

security = ADS
realm = MYDOMAIN.VIRGINIA.EDU
allow trusted domains = yes

idmap config MYDOMAIN:default = yes
idmap config MYDOMAIN:schema_mode = rfc2307
idmap uid = 10000-50000
idmap gid = 10000-50000

winbind use default domain = Yes
template homedir = /home/%D/%U
template shell = /bin/false
name resolve order = wins host bcast

password server = pdc.mydomain.virginia.edu
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
os level = 33
domain master = no
wins server = 128.143.3.199
dns proxy = no

#============================ Share Definitions ==============================
[homes]
   comment = Home Directory for %U
   read only = no
   browseable = no
   writeable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0770

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writeable = no
   printable = yes

-- 
Mike Galvez

More information about the samba mailing list