[Samba] trouble with GDM -- linux client to samba

Juan Miscaro jmiscaro at gmail.com
Tue Oct 13 14:08:33 MDT 2009

Hi all,

As an experiment I'm trying to log into a samba server (3.3.2) from
GDM.  Both systems are running Ubuntu 9.04 and LDAP is not involved.

But it's not working.

The test user credentials are donkey/donkey .

On the client:

# net rpc join -S -U root
Enter root's password:
Joined domain LAB-SAMBA.

# wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -a donkey%donkey
plaintext password authentication succeeded
challenge/response password authentication succeeded

However, getent does not show samba users:

# getent passwd | grep donkey


On the server I see the following when I "successfully" authenticate
(as shown above):

  _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client MISC-DESKTOP machine account

I'm also getting a lot of the following in /var/log/samba/log.winbindd-idmap:

  idmap uid or idmap gid missing
  ERROR: Initialization failed for alloc backend, deferred!



I've attached the following:

* server's smb.conf (server_smbconf.txt)
* client's smb.conf (client_smbconf.txt)
* client's nsswitch.conf (client_nsswitch.txt)
* client's pam.d gdm (client_pam.d_gdm.txt)
* client's pam.d common-auth (client_pam.d_common-auth.txt)
* client's pam.d common-account (client_pam.d_common-account.txt)

-------------- next part --------------

   workgroup = LAB-SAMBA
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   restrict anonymous = 0

   domain logons = yes
   domain master = yes
   domain admin users = root

   security = user
   encrypt passwords = true
   passdb backend = tdbsam
   map to guest = bad user

   load printers = no
   socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 TCP_NODELAY
   usershare allow guests = yes

   comment = Home Directories
   browseable = yes
   writeable = yes
   create mask = 0700
   directory mask = 0700
-------------- next part --------------
account sufficient                      pam_winbind.so
account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so 
account requisite                       pam_deny.so
account required                        pam_permit.so
-------------- next part --------------
auth    sufficient                      pam_winbind.so debug
auth    [success=1 default=ignore]      pam_unix.so nullok_secure
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
-------------- next part --------------
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth    optional        pam_gnome_keyring.so
@include common-account
session required        pam_limits.so
@include common-session
session optional        pam_gnome_keyring.so auto_start
@include common-password
-------------- next part --------------

   workgroup = LAB-SAMBA
   winbind use default domain = yes
   winbind separator = +
   winbind cache time = 10
   template shell = /bin/bash
   template homedir = /home/%D/%U
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   security = domain
   password server = *
-------------- next part --------------
passwd:     files winbind
shadow:     files
group:      files winbind

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

More information about the samba mailing list