[Samba] Samba 3.0.25b as a domain member to a Samba PDC

Greg Zartman greg at leiinc.com
Fri Mar 28 01:37:32 GMT 2008 

I've been using Samba for about 7 years of so, but have hit a hurdle I 
just can't seem to figure out.

I want to setup samba domain member servers to be members of a samba 
3.0.25 (NT4 type) domain.  No windbind, LDAP, or any other of the more 
complex authentication mechanism. This is the same functionality going 
way back to Samba 2.2, or so.  In fact, I successfully did this on samba 
2.2, but simply can't get it to work on samba 3.  I've been hammering 
away for two days and

I'm running Centos 4.5 (RHEL 4.5) host OSs with Samba 3.0.35b-1 RH rpms. 
  Both machines are fairly high end Core 2 Duo machines with plenty of 
memory and hard drive space.

I've tried to widdle the smb.conf files to their bare essentials just 
until I get this working.


Samba Domain Client (smb.conf):

[global]
workgroup = testnet
netbios name = client
security = domain
wins server = 90.0.0.25
log level = 10
encrypt passwords = yes


Samba PDC (smb.conf):

[global]
workgroup = testnet
netbios name = nameserver
passdb backend = smbpasswd:/etc/samba/smbpasswd
security = user
os level = 35
preferred master = Yes
domain master = Yes
encrypt passwords = Yes
domain logons = yes

[Note:  IP of PDC is 90.0.0.25]

I am able to join the Samba Domain Client to the Samba domain, Testnet, 
and can see that the machine account was successfully created on the PDC.

When I attempt to access a share on the Domain Client from the PDC using 
a domain user, here is what I get:

[root at nameserver samba]# smbclient //client/public -U greg
Password:
session setup failed: NT_STATUS_LOGON_FAILURE

Running the log level up to 10, it appears that the domain client is 
being authenticated by the PDC as a domain member:

[2008/03/27 17:35:35, 10] libsmb/credentials.c:creds_client_check(327)
   creds_client_check: credentials check OK.
[2008/03/27 17:35:35, 5] 
rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346)
   rpccli_netlogon_setup_creds: server NAMESERVER credential chain 
established.

However, the Domain Client (Client) can't seem to authenticate the 
domain user (greg) from the PDC.  I know this user account is a valid 
Samba account as I can's run smbclient activities on the PDC itself 
using this account.  Following is the portion of the log level 10 output 
where the Domain Client seems to be looking for domain user on the PDC, 
but can't find it:

[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_alloc(131)
  Finding user TESTNET\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(75)
   Trying _Get_Pwnam(), username as lowercase is testnet\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(83)
   Trying _Get_Pwnam(), username as given is TESTNET\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(93)
   Trying _Get_Pwnam(), username as uppercase is TESTNET\GREG
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(102)
   Checking combinations of 0 uppercase letters in testnet\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(108)
   Get_Pwnam_internals didn't find user [TESTNET\greg]!


The only thing that works for me is to create the domain user account on 
the domain client that mirrors what is on the PDC, which is basically 
USER level authentication.

Any suggestions would be GREATLY appreciated.

Thank you.

Greg

More information about the samba mailing list