I'll have to join you in this one... Here's my situation: RH 9 Kernel 2.6 test 1 Samba 2.2.7 (from RPM) ACLs on ext3 turned on.
I tried your winbind cache timeout and I can now browse my home dir after a restart of winbind Other explicit shares I could always access. oddly enough the same smb.conf with samba 3.0 beta3 allowed me home dir access without that value. Winbind even allows me to su a user from the domain while on the Linux box. That's pretty cool ;^) getent group gives me a full listing of my local and domian's groups. wbinfo works like a charm. Still I have the problem that I cannot effect permission from a Win2k or NT workstation, even on my own home directory! What is working / not working for you? getent? Regards, Matt [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 08/04/2003 05:08 PM Please respond to jo To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: [Samba] Finally winbind on RH9 working, but why ? Maybe I'll rephrase it shorter : 1) eventhough 'wbinfo -g' gives me the correct groups, they do not show up when I go 'getent group'. Can it be the spaces in the Samba groups 'Domain Admins' and 'Domain Users'? Where is the information about these groups stored on the Samba pdc? 2) I only get winbind to do it's job (which is connecting to a local share on the domain member with a winbind user) when I a) set the parameter 'winbind cache timeout = 0' OR b) create the user locally on the domain member, which is of course what we try to avoid by using winbind... any idea's why playing with the cache timeout causes a difference? Thanks in advance... the full story is below but I guess it's to long for anyone to read *grin* Jo De Baer On Mon, 04 Aug 2003 16:42:05 +0200 [EMAIL PROTECTED] wrote: > Hi, > > maybe (probably ??) it's me, but it took me more than a week to > get winbindd working on Redhat 9. It works now after changing a > parameter in smb.conf, but I have NO idea why. Maybe some of you > already had the same problem. If so, PLEASE clearify ! Thanks... > PS as you will see later, getent group also does not work. This is > an independent problem I think... can it have something to do with > spaces in group names ??? > > > Here are the config files of the two machines. Both are linux boxes, so > no win machine is involved. > > > server (PDC): > ------------- > > Redhat 9 > samba 2.2.8a compiled with > --with-winbind --with-winbind-auth-challenge > > hw : lx50 > > > [EMAIL PROTECTED] source]# more /etc/sysconfig/network > NETWORKING=yes > HOSTNAME=server.one.sunedu > > > [EMAIL PROTECTED] source]# more /etc/hosts > # Do not remove the following line, or various programs > # that require network functionality will fail. > 127.0.0.1 localhost.localdomain localhost > 172.17.11.5 client.one.sunedu CLIENT client > 172.17.11.4 server.one.sunedu SERVER server > > (I still have a problem with the name service, that's why) > > > [EMAIL PROTECTED] lib]# more smb.conf > [global] > workgroup = MYGROUP > netbios name = SERVER > add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -g > machines -M %u > server string = Samba Server > printcap name = /etc/printcap > load printers = yes > log file = /var/log/samba/log.%m > max log size = 50 > security = user > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > unix password sync = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = yes > os level = 33 > domain master = yes > preferred master = yes > domain logons = yes > logon path = \\%L\Profiles\%U > wins support = yes > dns proxy = no > [homes] > comment = Home Directories > browseable = no > writable = yes > [netlogon] > comment = Network Logon Service > path = /home/netlogon > writable = no > share modes = no > [Profiles] > path = /home/profiles > browseable = no > guest ok = yes > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writable = no > printable = yes > > client (domain member) : > > Redhat 9 > samba 2.2.8a compiled with > --with-winbind --with-winbind-auth-challenge > > > [EMAIL PROTECTED] root]# more /etc/sysconfig/network > NETWORKING=yes > HOSTNAME=client.one.sunedu > > > [EMAIL PROTECTED] root]# more /etc/hosts > # Do not remove the following line, or various programs > # that require network functionality will fail. > 127.0.0.1 localhost.localdomain localhost > 172.17.11.5 client.one.sunedu client CLIENT > 172.17.11.4 server.one.sunedu SERVER server > > > [EMAIL PROTECTED] lib]# more smb.conf > [global] > server string = SambaBSD-2.2.8 > netbios name = CLIENT > workgroup = MYGROUP > security = domain > password server = * > encrypt passwords = yes > wins server = 172.17.11.4 > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > winbind separator = . > winbind use default domain = yes > winbind cache time = 0 > password level = 8 > username level = 8 > [tmp] > path = /tmp > browseable = yes > writable = yes > public = no > create mode = 0664 > directory mode = 0775 > > > as you can see pretty normal settings. The reason I recompiled samba > is that apparently Redhat forgot to compile with > --with-winbind-auth-challenge which I think is necessary for windbind to > work (correct me ?) > > > The parameter that made it all work is : > > winbind cache time = 0 > > if I reset this to the default on the client, which is 15, I get the > following results : > > > > [EMAIL PROTECTED] root]# getent passwd > root:x:0:0:root:/root:/bin/bash > ... > client$:x:502:501::/dev/null:/bin/false > root:x:10000:10000:root:/home/MYGROUP/root:/bin/false > jo:x:10001:10000::/home/MYGROUP/jo:/bin/false > > > [EMAIL PROTECTED] root]# getent group > > DOES NOT SHOW THE "win" GROUPS... ANY IDEA WHY? Where are > the groups stored on the samba pdc???? > > > [EMAIL PROTECTED] root]# wbinfo -u > root > jo > [EMAIL PROTECTED] root]# wbinfo -g > Domain Admins > Domain Users > [EMAIL PROTECTED] root]# > [EMAIL PROTECTED] root]# wbinfo -t > Secret is good > [EMAIL PROTECTED] root]# > [EMAIL PROTECTED] root]# wbinfo -a jo%welcome > plaintext password authentication succeeded > challenge/response password authentication succeeded > //thanks to recompiling !!!!!!!!!! > > [EMAIL PROTECTED] root]# > > So everything seems ok, but if I try to connect to a local share on the > client in the hope that winbind will provide the user accout jo, it fails > like this : > > [EMAIL PROTECTED] root]# smbclient //CLIENT/tmp -U jo%welcome > added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0 > Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a] > tree connect failed: NT_STATUS_UNSUCCESSFUL <----------------------- > [EMAIL PROTECTED] root]# smbclient //CLIENT/tmp -U jo%welcome > added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0 > Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a] > tree connect failed: NT_STATUS_WRONG_PASSWORD <-------------------- > [EMAIL PROTECTED] root]# > > The weird thing is the different error message the second time, which is > reset to the first one after - you guessed it - 15 seconds... that's how > I figured out it maybe had something to do with teh cache time (ok I was > just lucky to try it). > > As soon as I change it back to winbind cache time = 0 is works fine : > > [EMAIL PROTECTED] root]# smbclient //CLIENT/tmp -U jo%welcome > added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0 > Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a] > smb: \> ls > . D 0 Mon Aug 4 04:02:07 2003 > .. D 0 Fri Aug 1 13:35:41 2003 > jd_sockV4 A 0 Fri Aug 1 13:36:20 2003 > orbit-root D 0 Fri Aug 1 16:07:15 2003 > .font-unix DH 0 Fri Aug 1 13:36:21 2003 > .fam_socket AH 0 Fri Aug 1 13:44:14 2003 > .gdm_socket H 0 Fri Aug 1 13:36:22 2003 > .iroha_unix DH 0 Fri Aug 1 13:36:16 2003 > .X11-unix DH 0 Fri Aug 1 13:36:22 2003 > .X0-lock HR 11 Fri Aug 1 13:36:22 2003 > .ICE-unix DH 0 Fri Aug 1 13:44:14 2003 > ssh-XX9OiucF D 0 Fri Aug 1 13:44:13 2003 > .winbindd DH 0 Mon Aug 4 13:10:59 2003 > test D 0 Fri Aug 1 06:01:54 2003 > test2 D 0 Fri Aug 1 06:07:06 2003 > yahoo D 0 Fri Aug 1 16:10:13 2003 > joke D 0 Fri Aug 1 16:18:18 2003 > > 62228 blocks of size 8192. 32583 blocks available > smb: \> > > > Is this a feature or a bug ??? The man page of winbindd does not make it > anyclearer for me....hope this can help anybody. > > > Thanks for any replies. > Jo > Sun Microsystems > > NEOlabs - http://www.neolabs.be - mailto:[EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba NEOlabs - http://www.neolabs.be - mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba