[Samba] smbclient username not working
Caleb O'Connell
caleb at privacyassociation.org
Wed Sep 26 09:09:52 MDT 2012
I was able to solve my problem, so to follow up I'll post what I did. I was
on a RHEL 5 server using samba3x (3.5.10) and when I tested prior to this
implementation, it was on Ubuntu 12.04 with samba 3.6.8(?), whatever the
version in their repos is.
The test system worked great, as expected, which is why I went ahead with
the implementation. I know, shame on me for taking what worked in test and
assuming a different dist. and different version would work the same. I
thought I had generically setup samba enough that it should just work
similarly.
My solution was to install some samba3 3.6.8 packages that were listed on
enterprisesamba.org. Once I installed those packages, I went through the
same process and it just worked, like it did on Ubuntu.
One thing I had noticed, I forgot about the "max protocol = smb2" that I was
testing on Ubuntu, which got brought over to the failed implementation with
samba3x 3.5.10. I know that smb2 is not fully supported on that version.
After doing the join, if I commented out the max protocol, the shares would
be totally unavailable. I had to keep it in there after initially having it
added. I think that may have been my problem all along?
For now, it's working and working great. I'm very happy with the samba4
beta and samba 3.6 participation.
Caleb O'Connell wrote:
> I joined a samba 3.5.10 server to a samba4 active directory domain.
> Windows
> clients can't browse the root of the servers shares (\\192.168.10.10 )
> but they can access the shares if I manually mount them.
>
> The following command works on the server that samba 3.5 is running on.
>
> smbclient -U administrator -L 127.0.0.1
>
> The following command gives a NT_STATUS_LOGON_FAILURE on a client
>
> smbclient -U administrator -L 192.168.10.10
>
> I can get the smbclient command to work on the client using
>
> smbclient -U DOMAIN\administrator -L 192.168.10.10
>
> The same command fails on the server.
>
> Windows computers can get to shares mapped directly (very slow, however)
> But they cannot browse the services, as in go to \\192.168.10.10 and see
> the shares and printers.
>
> the following in my smb.conf I'm using.
>
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.LOCAL
> security = ADS
> server string = Samba %v
> idmap domains = IAPP
> idmap config IAPP:backend = rid
> idmap config IAPP:schema_mode = rfc2307
> idmap config IAPP:range = 500-1000000
> template homedir = /home/%D/%U
> template shell = /bin/bash
> load printers = yes
> dns proxy = no
> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> wins support = yes
> netbios name = DOMAIN-SERVER
> max protocol = SMB2
> printing = cups
> winbind expand groups = 2
> winbind nss info = rfc2307
> winbind offline logon = true
> winbind use default domain = true
> winbind enum users = yes
> winbind enum groups = yes
> winbind nested groups = Yes
> enhanced browsing = no
> unix extensions = no
> debug level = 3
> printcap name = cups
> domain master = no
> local master = no
> preferred master = no
>
> Basically I can't really use this server and can't get to users home
> shares. Any suggestions would be greatly appreciated.
>
> Thanks.
>
--
Caleb O'Connell CIPP/US, CIPP/IT | IT Coordinator
IAPP | International Association of Privacy Professionals
Pease International Tradeport
75 Rochester Ave., Suite 4 | Portsmouth, NH 03801 USA
+1 603.427.9200 Ext. 256 | Fax: +1 603.427.9249
caleb at privacyassociation.org | www.privacyassociation.org
More information about the samba
mailing list