[Samba] erratic winbind authentication
Robert Steinmetz AIA
rob at steinmetznet.com
Tue Nov 18 19:28:45 GMT 2008
Jeremy Allison wrote:
> On Tue, Nov 18, 2008 at 11:51:25AM -0600, Robert Steinmetz AIA wrote:
>
>> I have had a long term problem with my set up. winbind authentication is
>> erratic.
>>
>> Whenever I restart one of my servers the member server refuses to
>> authenticate users. Sometimes is will only authenticate some users on
>> some shares. Usually by fiddling with it I can eventually get it to work
>> but I can't identify the solution so I can replicate it. Once I get can
>> finally get it to work it works fine until the next restart.
>>
>
> This request is a little short on details, e.g. "by fiddling with it I
> can eventually get it to work". Might help to have more info :-).
>
> Jeremy.
>
>
I apologize for the lack of information, but "fiddling with it" means
that I run a bunch of commands to try to identify the problem and it
eventually starts working. I haven't been able identify which command
actually causes the system to start working. It doesn't appear to be the
same one every time. For example sometimes "net join" seems to work, but
not this time.
Users on the NT machines can browse the network and see the Domain, both
servers and all of the shares on either server. they can access the PDC
with no problem. When they attempt to access the shares on the Member
Server sometimes they get a user/password window and no combination of
user and password is accepted.
If any other information would help let me know.
I'm completely stumped, which isn't hard.
Ubuntu 8.04 LTS AMD 64
Samba Version 3.0.28a
I have an NT style domain with XP pro desktops.
1 -PDC
1- Member Server
No AD No LDAP
On the PDC smbd and nmbd are unning
On the Member Server smbd nmbd and winbind are running.
Here is part of nsswitch.con;
passwd: compat winbind
group: compat winbind
shadow: compat winbind
Here is the Globals Section of the PDC
[global]
workgroup = ATLANTA
server string = %h mail passwd server (Samba, Ubuntu)
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
hostname lookups = Yes
logon path = \\THELMA\%U\.profiles
logon drive = U:
logon home = \\THELMA\%U
domain logons = Yes
domain master = Yes
preferred master = Yes
security = user
Here is the Globals for the Member Server
[global]
workgroup = ATLANTA
server string = %h file server (Samba, Ubuntu)
security = domain
password server = 192.168.1.24
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
wins proxy = yes
wins server = 192.168.1.24
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
name resolve order = wins bcast hosts
hosts allow = 192.168.1.0/255.255.255.0
winbind enum groups = yes
winbind enum users = yes
Here are two shares one works and one doesn't.
[Projects]
path = /files/Lucretia/Projects
comment = Project Specific Data
force group = samba
read only = no
create mask = 0764
directory mask = 0775
[Office]
comment = General Office Data
path = /files/Lucretia/Office
force group = samba
read only = No
create mask = 0764
directory mask = 0775
Both directories have the same ownership and linux permissions
drwxrwsr-x 69 rob samba 16416 2008-10-24 17:15 Office
drwxrwsr-x 51 rob samba 4032 2008-11-12 09:43 Projects
Among other commands I have run;
wbinfo -u and -g and get what I expect
net status shares returns a list of shares
net status sessions return a list of sessions
getent passwd lists the domain users
getent group lists the groups including the domain groups
netlookup dc returns the correct ip address
netlookup master returns the correct ip address
--
Robert Steinmetz, AIA
Principal
Steinmetz & Associates
More information about the samba
mailing list